Skip to content

Privacy policy

Last updated: February 2026

1. Introduction

Moj Agentko d.o.o. ("Moj Agentko", "we", "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your data.

2. What data we collect

We collect the following categories of data:

  • Identification data: name, surname, date of birth, citizenship
  • Contact data: email, phone number, address
  • Documents: copies of passport, permits, certificates (only when you upload them yourself)
  • Usage data: how you use our platform

3. Document sensitivity

We handle sensitive documents including passport scans, identity cards, and government correspondence. All documents are encrypted in transit and at rest, stored on secure EU-based infrastructure with strict access controls.

Access to uploaded documents is restricted to authorized personnel only and is subject to logging and periodic review.

4. Why we collect data

We use your data for:

  • Providing our services
  • Communication with you
  • Improving our services
  • Fulfilling legal obligations

5. Legal basis

We process data based on:

  • Your consent
  • Performance of a contract with you
  • Legal obligations
  • Legitimate interest (service improvement)

6. Data sharing

We do NOT sell your data to third parties.

We may share data with:

  • State authorities (when necessary for service delivery)
  • Our partners (lawyers, accountants β€” only with your consent)
  • Service providers (subprocessors β€” see list below)

6a. List of subprocessors

The following providers process your data on our behalf:

  • Vercel Inc. (USA) β€” website hosting and analytics
  • Stripe Inc. (USA) β€” payment processing and subscription management
  • Sentry (USA) β€” application error monitoring
  • OpenAI (USA) β€” AI service search (anonymous queries only, no personal data)
  • Hetzner Online GmbH (Germany) β€” server infrastructure and data storage

7. Agent access

Our support agents access your personal data and documents only to provide the requested services. All access is logged and audited. Agents are contractually bound by confidentiality obligations.

Agent access is limited to the data necessary for the specific case they are handling. Access permissions are reviewed regularly.

8. Stripe payment processing

Payment processing on our platform is handled by Stripe, Inc. When you make a payment, your billing information (name, email address, and payment card data) is shared with Stripe for the purpose of processing your transaction.

Your card data is never stored on our servers β€” it is processed and stored exclusively by Stripe in accordance with PCI DSS standards. For more information, please refer to Stripe's Privacy Policy at https://stripe.com/privacy.

We only retain transaction metadata (amount, date, status) for accounting and support purposes.

9. Cross-border data transfers

Some of our service providers β€” including Stripe (payment processing), Sentry (error monitoring), and Vercel (hosting) β€” may process your data in the United States or other countries outside the European Economic Area.

We ensure adequate safeguards are in place for such transfers through Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) as approved by the European Commission.

10. Data security

We use modern security measures to protect your data:

  • SSL/TLS encryption
  • Encrypted document storage
  • Access restriction
  • Regular security audits

11. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34.

We will inform the relevant supervisory authority (Information Commissioner of the Republic of Slovenia) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

12. Cookies

We use essential cookies for site functionality. For analytical cookies, we ask for your consent.

The following essential cookies are used on our platform:

  • XSRF-TOKEN β€” essential cookie used for CSRF (Cross-Site Request Forgery) protection
  • Session cookie β€” essential cookie used for user authentication
  • NEXT_LOCALE β€” essential cookie used to store your language preference

Non-essential cookies (such as analytics or marketing cookies) are only set with your explicit consent.

13. Your rights

Under GDPR, you have the right to:

  • Access your data
  • Rectification of inaccurate data
  • Erasure of data ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Object to processing

To exercise your rights, contact us at: info@mojagentko.si

14. Data portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format (JSON or CSV).

To request a portable copy of your data, contact us at info@mojagentko.si. We will provide the data within 30 days of receiving your request.

15. Data retention

We retain data for:

  • Documents: until end of procedure + 5 years
  • Communication: 3 years
  • Invoices: 10 years (legal obligation)

16. Vulnerability disclosure

If you discover a security vulnerability in our platform, we kindly ask that you report it responsibly to info@mojagentko.si rather than disclosing it publicly.

We will acknowledge your report promptly and work to resolve the issue as quickly as possible.

17. Contact

For privacy questions:

  • Email: info@mojagentko.si
  • Data Protection Officer: info@mojagentko.si

You may also file a complaint with the Information Commissioner of the Republic of Slovenia.