Skip to main content
PalapaVibez

Legal Center

Policies, plain and complete

Every promise we make and every limit on what we’ll be responsible for, written out in one place. Use the menu below to jump straight to what you need.

What changed

Policy Changelog

Effective May 28, 2026

In plain language

When we change a policy in a way that affects your rights or obligations, we record it here and bump the version. Material changes prompt a re-acceptance on your next sign-in so nothing important slips by you.

We maintain this changelog so you can see what changed since you last accepted our Terms. We re-prompt you to accept the Terms only when the change is material — minor clarifications and typos don’t trigger a re-prompt.

v32026-05-28

Consumer-protection clarity, dispute resolution, tighter data-minimisation, and signup-time consent UX.

  • New arbitration clause + class-action waiver. Disputes now go to binding individual arbitration under AAA Consumer Rules. You have 30 days from accepting these Terms to opt out by emailing [email protected] if you'd rather keep your right to sue in court.
  • Marketing emails are now opt-in only. Deals, destination guides, and newsletter sends require an explicit tick at signup. Transactional emails (booking confirmations, receipts, password resets) are unaffected. Existing accounts keep their current preference; one-click unsubscribe is unchanged.
  • Liability cap + force majeure clarified. Our total liability for any claim is capped at the greater of $100 or what you paid us in the prior 12 months. New force-majeure clause covers weather, strikes, pandemics, and similar disruptions outside our control.
  • We are not a travel-insurance broker. Restated explicitly — we do not sell, advise on, or administer travel-insurance policies. Affiliate referrals to partners like SafetyWing are labelled as such and we may earn commission.
  • New: Flight Passenger Rights. Plain-language summary of US DOT § 259 rules that apply to your flight — tarmac delays, denied boarding, baggage policies, lithium battery prohibition, schedule-change handling.
  • New: Rewards Program Terms. Standalone terms for the Rewards beta — miles have no cash value, earning rules may change, accounts terminated for cause forfeit miles.
  • Privacy Policy retention schedule. Per-category data retention is now spelled out in a table — search events 90 days, security events 90/180 days by severity, abandoned carts 90 days, newsletter signups 2 years, price history 30 days.
  • Stronger hotel-guest data encryption. Hotel-guest first and last names now encrypted at rest alongside email and phone (previously plaintext alongside encrypted contact info).
  • Removed: passport-document storage. We don't store passport scans, visa documents, or travel-insurance policies. Those stay on your devices or with the issuing party.
  • Hotel checkout merchant-of-record disclosure. The payment step now shows a banner explaining LiteAPI is the payment processor — hotel charges appear on your card statement as LiteAPI or a related descriptor.
  • New: 18+ confirmation at signup. Account creation now requires an explicit age-affirming checkbox; the value is stored per account (User.confirmedOver18). Existing accounts unaffected — your earlier ToS acceptance already attested to 18+ eligibility.
  • Removed: unverified credential claims. "IATA-accredited", "Best price guaranteed", and "No Hidden Fees Guaranteed" language has been removed from customer copy and replaced with verifiable statements ("Transparent pricing", "Encrypted booking data", "Government taxes included up-front").

v22026-05-27

A full refresh of the legal surface focused on giving shop customers clear, discoverable policies for e-commerce concerns the v1 Terms only mentioned in passing.

  • New: Shipping Policy. Made-to-order timeline (3–7 production days), regional transit windows, customs and duties, address-accuracy responsibility, lost-in-transit treatment.
  • New: Returns & Exchanges. Defect / damage / wrong-item claims covered for 30 days; no buyer's-remorse returns. EU 14-day withdrawal exemption restated cleanly.
  • New: Sizing & Care. Garment measurements by family, fabric composition, wash instructions, colour-variance disclosure for direct-to-garment prints.
  • New: Product Safety (GPSR). Manufacturer information and the EU responsible person (HONSON VENTURES LTD, Cyprus) for customers reaching us from the EU.
  • New: Accessibility Statement. WCAG 2.2 AA target, what works today, known gaps, how to report a barrier.
  • New: DMCA / IP Policy. Takedown notice procedure, designated agent, counter-notice, repeat-infringer policy.
  • Updated: Terms of Service. Governing law clarified as the State of Oregon. The shop section was condensed and now cross-links to the new dedicated pages.
  • Updated: Privacy Policy. Wording cleanup, no substantive changes to data flows. Self-service paths for Access (Art. 15) and Erasure (Art. 17) clarified.
  • Updated: Cancellation Policy. Refocused on flights and hotels; the shop section moved to the dedicated Returns and Shipping pages.
  • Updated: Cookie Policy. Cookie inventory refreshed; pv.session now correctly listed (was previously listed as __session).
  • New: shop checkout consent. Before payment, the shop checkout requires you to confirm you've read the Shipping, Returns, and Terms. The accepted version is recorded on the order.
  • New: product-page disclosures. Every shop product now shows a "Made to order" pill, a colour-variance note, and direct links to the three policy pages relevant to that purchase.

v12026-04-13

Initial published version of the Terms of Service and Privacy Policy. Subsequent May 17, 2026 update added flight + hotel cancellation policies and GDPR mechanics. See git history for diff.