Cookie Policy

Cookies are small text files stored on your device by your browser when you visit a website. They let a site remember information across pages or sessions: a login token, a language choice, a booking step. Similar technologies include localStorage, sessionStorage, and pixels; we treat all of them the same way for the purposes of this policy.

• Analytics — only after consent: when you click Accept on the cookie banner, we enable Google Analytics 4 (measurement ID G-02DN83KF2B) which sets cookies named _ga and _ga_* in your browser to count visits and understand how people find the site. IPs are anonymized. Retention: 14 months. If you click Decline or never interact with the banner, no GA cookies are set and only aggregate cookieless pings (no identifier) are sent. You can change your mind at any time by clearing your browser storage for this site to re-trigger the banner.
• Consent state: a single localStorage entry cv-analytics-consent remembers your decision so the banner does not reappear on every page. Not a cookie, not sent to any server.
• Cavi chat (in-session): browser localStorage is used to keep your conversation with Cavi (our AI guide) during a single tab session, cleared automatically when you close the tab.

Cloudflare, which hosts and protects https://casaventuras.com, may set a small number of strictly necessary cookies such as __cf_bm (bot mitigation) and cf_clearance (anti-abuse). These exist purely for security and site integrity. They do not identify you personally, do not track you across other websites, and they cannot be disabled without breaking the site.

When you interact with a booking widget, a checkout modal, or an availability calendar on our tour pages, the widget is served by Bókun (a TripAdvisor company) from widgets.bokun.io. Bókun may set cookies on its own domain to remember your selected date, guest count, and checkout session. These cookies are governed by Bókun's own privacy and cookie policies, not ours. We receive no persistent identifier from Bókun beyond the booking reference itself.

• No Google Ads, no remarketing audiences, no DoubleClick.
• No Meta Pixel, no Facebook tracking.
• No advertising networks, no retargeting cookies.
• No session recording (Hotjar, FullStory, etc.).
• No cross-site tracking, no fingerprinting.

• Browser settings: every modern browser lets you block or delete cookies per site. Because we don't rely on first-party cookies for core functionality, blocking them does not break the site.
• Do Not Track (DNT): we honor the DNT signal. Since we already run no cross-site tracking, DNT is effectively always-on for our first-party data.
• Global Privacy Control (GPC): we respect GPC signals and treat them as a valid opt-out for California residents under CCPA / CPRA.
• Third-party Bókun cookies: to block these, you can either avoid interacting with booking widgets, or configure your browser to block third-party cookies globally.

For visitors from the European Economic Area, the United Kingdom, or Switzerland: only strictly necessary cookies (Cloudflare security) are set without consent. Google Analytics is loaded with Google's Consent Mode v2 set to denied by default — no analytics cookies are written until you click Accept on the cookie banner. Third-party Bókun cookies are set only when you actively interact with a booking widget, treated as consent by action under the ePrivacy Directive. You may withdraw consent at any time by clearing your browser storage for this site, or via your browser settings.

This policy is designed to comply with:

• Puerto Rico Act 39 (Privacy Policy Notification) and Act 111-2005 (data security).
• California Online Privacy Protection Act (CalOPPA) and CCPA / CPRA.
• EU ePrivacy Directive (Article 5.3) and GDPR for EEA residents.
• UK Privacy and Electronic Communications Regulations (PECR).

We may update this policy from time to time, typically when we add or remove a service that sets cookies. The "Last updated" date at the top reflects the most recent revision. The 2026-04-26 revision introduced Google Analytics 4 with Google Consent Mode v2 default-denied and the cookie banner you see on first visit. For material changes that add new cookie categories, we will post a notice and, where required, ask for your consent before activation.

Questions about cookies or this policy:
Casa Venturas, San Juan, Puerto Rico
micasaventuras@gmail.com, +1 929 372 4529