Privacy Policy

Last updated: February 6, 2026

1. Data Controller

Klemen Kraigher Mišič s.p.
Poljanska cesta 19, 1000 Ljubljana, Slovenia, EU
Email: [email protected]

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (stored as bcrypt hash — we never store plaintext passwords)
  • Google account ID (if using Google Sign-In)
  • Country preference

2.2 Chat Data

When you use the chatbot, we process:

  • Chat messages (questions you ask)
  • Session tokens (anonymized session identifiers)
  • Selected country

2.3 Document Generation Data

When you generate documents, we store:

  • Company name and business description you provide
  • Document type and country selection
  • Generated document content

2.4 Newsletter Data

For newsletter subscriptions: email address, country preference, and language preference.

2.5 Technical Data

We automatically collect standard server logs including IP addresses, browser type, and access timestamps.

3. Legal Basis for Processing

We process your data based on:

  • Contract performance (Art. 6(1)(b) GDPR): To provide the Service you requested
  • Legitimate interest (Art. 6(1)(f) GDPR): For service improvement and security
  • Consent (Art. 6(1)(a) GDPR): For newsletter subscriptions and optional analytics

4. How We Use Your Data

  • To provide and operate the GDPR chatbot and document generation services
  • To authenticate your account and maintain sessions
  • To send newsletter updates (with your consent)
  • To improve our AI models and service quality
  • To comply with legal obligations

5. Data Sharing

We share data with the following categories of processors:

  • LLM API providers (Anthropic / OpenAI): Chat queries are sent to generate AI responses. These providers operate under data processing agreements.
  • Hosting provider (Hetzner): Server infrastructure located in the EU.

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: Retained until account deletion
  • Chat sessions: Active sessions expire after 24 hours. Aggregated analytics may be retained longer.
  • Generated documents: Retained until account deletion or manual deletion by user
  • Newsletter subscriptions: Until unsubscription

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact us at [email protected].

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), hashed passwords (bcrypt), and access controls.

9. International Transfers

Your data is primarily processed within the EU (Hetzner servers in Germany/Finland). When data is sent to LLM providers, appropriate safeguards are in place (Standard Contractual Clauses where applicable).

10. Cookies

We use only essential cookies and localStorage for session management and user preferences (e.g., selected country, theme preference). We do not use tracking cookies or third-party advertising cookies.

11. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec):
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Website: www.ip-rs.si

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification.

13. Contact

For privacy-related inquiries:
Klemen Kraigher Mišič s.p.
Poljanska cesta 19, 1000 Ljubljana, Slovenia, EU
Email: [email protected]