Privacy Policy
সর্বশেষ আপডেট: February 04, 2026
Privacy Policy for personal.dokomat.com
Last Updated: February 4, 2026
This Privacy Policy explains how Soft Affairs Sp. z o.o. ("we", "us", "our") collects, uses, stores, and protects your personal data when you use personal.dokomat.com and our TRC Cancellation Letter Generator service.
---
## 1. Data Controller
**Soft Affairs Spółka z ograniczoną odpowiedzialnością**
Pl. Wolności 6/108, 60-324 Poznań, Poland
- KRS (National Court Register): 0000999132
- NIP (Tax ID): 7792546094
- REGON: 523483002
- Email: info@personal.dokomat.com
- Website: personal.dokomat.com
**Data Protection Contact:**
Arif Hossain
Email: arif.hossain@alienaffairs.com
For any questions about this Privacy Policy or your personal data, please contact us at the above email addresses.
---
## 2. Categories of Personal Data We Collect
### 2.1 Account Information
- Full name
- Email address
- Profile picture (if using Google Sign-In)
### 2.2 TRC Letter Data
- Applicant name and date of birth
- Nationality/citizenship
- TRC reference number and decision date
- Previous and new employer information
- Correspondence address
- Immigration office details
### 2.3 Payment Information
- Transaction ID (processed by Stripe)
- Invoice details (if requested): company name, NIP, address
- We do NOT store credit card numbers - these are handled securely by Stripe
### 2.4 Uploaded Documents
- TRC decision documents (PDF/images) uploaded for AI extraction
- These are processed temporarily and deleted after extraction
### 2.5 Technical Data (Automatically Collected)
- IP address
- Browser type and version
- Device information
- Operating system
- Pages visited and time spent
- Referral source
---
## 3. Purposes and Legal Basis for Processing
Under GDPR Article 6, we process your data based on the following legal grounds:
| Purpose | Legal Basis (GDPR Art. 6) | Data Used |
|---------|---------------------------|-----------|
| Account creation and management | Contract performance (Art. 6(1)(b)) | Name, email |
| TRC letter generation | Contract performance (Art. 6(1)(b)) | TRC data, personal details |
| Payment processing | Contract performance (Art. 6(1)(b)) | Transaction data |
| Invoice generation | Legal obligation (Art. 6(1)(c)) | Invoice details, NIP |
| AI document extraction | Consent (Art. 6(1)(a)) | Uploaded documents |
| Service improvement | Legitimate interest (Art. 6(1)(f)) | Usage analytics |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) | IP address, technical data |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | Transaction records |
| Marketing communications | Consent (Art. 6(1)(a)) | Email (only with explicit consent) |
---
## 4. Data Retention Periods
| Data Type | Retention Period | Reason |
|-----------|------------------|--------|
| Account data | Until account deletion or 3 years of inactivity | Service provision |
| Generated TRC letters | 30 days after generation | User access period |
| Uploaded documents | Deleted immediately after AI extraction | Data minimization |
| Payment records | 7 years | Polish tax law requirements |
| Invoice data | 7 years | Polish accounting regulations |
| Server logs | 90 days | Security and debugging |
| Cookie consent records | 3 years | GDPR compliance proof |
---
## 5. Third-Party Recipients
We share your data with the following third parties:
### 5.1 Stripe (Payment Processor)
- **Data shared:** Payment details, email, transaction amount
- **Purpose:** Secure payment processing
- **Location:** USA (EU-US Data Privacy Framework certified)
- **Privacy Policy:** https://stripe.com/privacy
### 5.2 Google (Authentication)
- **Data shared:** Email, name, profile picture (via OAuth)
- **Purpose:** Account sign-in
- **Location:** USA (EU-US Data Privacy Framework certified)
- **Privacy Policy:** https://policies.google.com/privacy
### 5.3 OpenRouter AI
- **Data shared:** Uploaded document content (temporarily)
- **Purpose:** AI-powered data extraction from TRC documents
- **Location:** USA
- **Safeguards:** Standard Contractual Clauses (SCCs)
- **Note:** Documents are processed in real-time and not stored by OpenRouter
### 5.4 Hosting Provider
- **Purpose:** Website and data hosting
- **Location:** European Union
- **Safeguards:** GDPR-compliant data processing agreement
---
## 6. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:
1. **EU-US Data Privacy Framework:** Stripe and Google are certified under this framework
2. **Standard Contractual Clauses (SCCs):** Used with providers not covered by adequacy decisions
3. **Data Processing Agreements:** All processors have signed GDPR-compliant agreements
You can request a copy of the safeguards by contacting us at info@personal.dokomat.com.
---
## 7. Your Rights Under GDPR
You have the following rights regarding your personal data:
### 7.1 Right of Access (Art. 15)
Request a copy of all personal data we hold about you.
### 7.2 Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data.
### 7.3 Right to Erasure (Art. 17)
Request deletion of your data ("right to be forgotten") when:
- Data is no longer necessary for the original purpose
- You withdraw consent
- You object to processing
- Data was unlawfully processed
### 7.4 Right to Restriction (Art. 18)
Request limited processing of your data while we verify accuracy or assess objections.
### 7.5 Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format (JSON/CSV) and transfer it to another service.
### 7.6 Right to Object (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes.
### 7.7 Rights Related to Automated Decision-Making (Art. 22)
Not be subject to decisions based solely on automated processing that significantly affect you.
**How to Exercise Your Rights:**
Email us at info@personal.dokomat.com with your request. We will respond within 30 days. For complex requests, this may be extended by 60 days with notification.
---
## 8. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:
**Urząd Ochrony Danych Osobowych (UODO)**
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl
Email: kancelaria@uodo.gov.pl
Phone: +48 22 531 03 00
---
## 9. Automated Decision-Making and Profiling
### 9.1 AI Document Extraction
When you upload a TRC decision document, we use AI (via OpenRouter) to automatically extract information such as:
- Applicant name
- Date of birth
- TRC reference number
- Decision date
**Important:**
- This is an assistive feature - you can edit all extracted data before submission
- No decisions are made solely based on AI extraction
- You always have the final say on the data used in your letter
- You can choose not to use AI extraction and enter data manually
### 9.2 Fraud Prevention
Stripe may use automated systems for payment fraud detection. This is necessary for contract performance and our legitimate interests in preventing fraud.
---
## 10. Cookies and Tracking Technologies
### 10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website.
### 10.2 Cookies We Use
**Essential Cookies (Required)**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| laravel_session | Session management | 2 hours |
| XSRF-TOKEN | CSRF protection | 2 hours |
| remember_web_* | Remember login | 5 years |
| cookie_consent | Your cookie preferences | 1 year |
**Functional Cookies**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| locale | Language preference | 1 year |
**Payment Cookies (Stripe)**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| __stripe_mid | Fraud prevention | 1 year |
| __stripe_sid | Payment session | 30 minutes |
**Authentication Cookies (Google)**
When using Google Sign-In, Google may set cookies for authentication purposes. See Google's Privacy Policy for details.
### 10.3 Managing Cookies
You can control cookies through your browser settings:
- **Chrome:** Settings → Privacy and Security → Cookies
- **Firefox:** Settings → Privacy & Security → Cookies
- **Safari:** Preferences → Privacy → Cookies
- **Edge:** Settings → Privacy → Cookies
**Note:** Disabling essential cookies will prevent login and payment functionality.
### 10.4 Legal Basis for Cookies
- Essential cookies: Necessary for service provision (GDPR Art. 6(1)(b))
- Functional cookies: Your consent (GDPR Art. 6(1)(a))
- Third-party cookies: Your consent and legitimate interest
---
## 11. Data Security
We implement appropriate technical and organizational measures to protect your data:
- **Encryption:** All data transmitted via HTTPS/TLS
- **Access Control:** Role-based access to personal data
- **Secure Payments:** PCI-DSS compliant payment processing via Stripe
- **Regular Updates:** Security patches applied promptly
- **Data Minimization:** We only collect data necessary for our services
- **Secure Storage:** Data stored on encrypted servers within the EU
---
## 12. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.
---
## 13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will notify you via email or website notification.
We encourage you to review this policy regularly.
---
## 14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
**General Inquiries:**
Email: info@personal.dokomat.com
**Data Protection Contact:**
Arif Hossain
Email: arif.hossain@alienaffairs.com
**Registered Address:**
Soft Affairs Sp. z o.o.
Pl. Wolności 6/108
60-324 Poznań, Poland
---
© 2026 Soft Affairs Sp. z o.o. All rights reserved.
Last Updated: February 4, 2026
This Privacy Policy explains how Soft Affairs Sp. z o.o. ("we", "us", "our") collects, uses, stores, and protects your personal data when you use personal.dokomat.com and our TRC Cancellation Letter Generator service.
---
## 1. Data Controller
**Soft Affairs Spółka z ograniczoną odpowiedzialnością**
Pl. Wolności 6/108, 60-324 Poznań, Poland
- KRS (National Court Register): 0000999132
- NIP (Tax ID): 7792546094
- REGON: 523483002
- Email: info@personal.dokomat.com
- Website: personal.dokomat.com
**Data Protection Contact:**
Arif Hossain
Email: arif.hossain@alienaffairs.com
For any questions about this Privacy Policy or your personal data, please contact us at the above email addresses.
---
## 2. Categories of Personal Data We Collect
### 2.1 Account Information
- Full name
- Email address
- Profile picture (if using Google Sign-In)
### 2.2 TRC Letter Data
- Applicant name and date of birth
- Nationality/citizenship
- TRC reference number and decision date
- Previous and new employer information
- Correspondence address
- Immigration office details
### 2.3 Payment Information
- Transaction ID (processed by Stripe)
- Invoice details (if requested): company name, NIP, address
- We do NOT store credit card numbers - these are handled securely by Stripe
### 2.4 Uploaded Documents
- TRC decision documents (PDF/images) uploaded for AI extraction
- These are processed temporarily and deleted after extraction
### 2.5 Technical Data (Automatically Collected)
- IP address
- Browser type and version
- Device information
- Operating system
- Pages visited and time spent
- Referral source
---
## 3. Purposes and Legal Basis for Processing
Under GDPR Article 6, we process your data based on the following legal grounds:
| Purpose | Legal Basis (GDPR Art. 6) | Data Used |
|---------|---------------------------|-----------|
| Account creation and management | Contract performance (Art. 6(1)(b)) | Name, email |
| TRC letter generation | Contract performance (Art. 6(1)(b)) | TRC data, personal details |
| Payment processing | Contract performance (Art. 6(1)(b)) | Transaction data |
| Invoice generation | Legal obligation (Art. 6(1)(c)) | Invoice details, NIP |
| AI document extraction | Consent (Art. 6(1)(a)) | Uploaded documents |
| Service improvement | Legitimate interest (Art. 6(1)(f)) | Usage analytics |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) | IP address, technical data |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | Transaction records |
| Marketing communications | Consent (Art. 6(1)(a)) | Email (only with explicit consent) |
---
## 4. Data Retention Periods
| Data Type | Retention Period | Reason |
|-----------|------------------|--------|
| Account data | Until account deletion or 3 years of inactivity | Service provision |
| Generated TRC letters | 30 days after generation | User access period |
| Uploaded documents | Deleted immediately after AI extraction | Data minimization |
| Payment records | 7 years | Polish tax law requirements |
| Invoice data | 7 years | Polish accounting regulations |
| Server logs | 90 days | Security and debugging |
| Cookie consent records | 3 years | GDPR compliance proof |
---
## 5. Third-Party Recipients
We share your data with the following third parties:
### 5.1 Stripe (Payment Processor)
- **Data shared:** Payment details, email, transaction amount
- **Purpose:** Secure payment processing
- **Location:** USA (EU-US Data Privacy Framework certified)
- **Privacy Policy:** https://stripe.com/privacy
### 5.2 Google (Authentication)
- **Data shared:** Email, name, profile picture (via OAuth)
- **Purpose:** Account sign-in
- **Location:** USA (EU-US Data Privacy Framework certified)
- **Privacy Policy:** https://policies.google.com/privacy
### 5.3 OpenRouter AI
- **Data shared:** Uploaded document content (temporarily)
- **Purpose:** AI-powered data extraction from TRC documents
- **Location:** USA
- **Safeguards:** Standard Contractual Clauses (SCCs)
- **Note:** Documents are processed in real-time and not stored by OpenRouter
### 5.4 Hosting Provider
- **Purpose:** Website and data hosting
- **Location:** European Union
- **Safeguards:** GDPR-compliant data processing agreement
---
## 6. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:
1. **EU-US Data Privacy Framework:** Stripe and Google are certified under this framework
2. **Standard Contractual Clauses (SCCs):** Used with providers not covered by adequacy decisions
3. **Data Processing Agreements:** All processors have signed GDPR-compliant agreements
You can request a copy of the safeguards by contacting us at info@personal.dokomat.com.
---
## 7. Your Rights Under GDPR
You have the following rights regarding your personal data:
### 7.1 Right of Access (Art. 15)
Request a copy of all personal data we hold about you.
### 7.2 Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data.
### 7.3 Right to Erasure (Art. 17)
Request deletion of your data ("right to be forgotten") when:
- Data is no longer necessary for the original purpose
- You withdraw consent
- You object to processing
- Data was unlawfully processed
### 7.4 Right to Restriction (Art. 18)
Request limited processing of your data while we verify accuracy or assess objections.
### 7.5 Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format (JSON/CSV) and transfer it to another service.
### 7.6 Right to Object (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes.
### 7.7 Rights Related to Automated Decision-Making (Art. 22)
Not be subject to decisions based solely on automated processing that significantly affect you.
**How to Exercise Your Rights:**
Email us at info@personal.dokomat.com with your request. We will respond within 30 days. For complex requests, this may be extended by 60 days with notification.
---
## 8. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:
**Urząd Ochrony Danych Osobowych (UODO)**
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl
Email: kancelaria@uodo.gov.pl
Phone: +48 22 531 03 00
---
## 9. Automated Decision-Making and Profiling
### 9.1 AI Document Extraction
When you upload a TRC decision document, we use AI (via OpenRouter) to automatically extract information such as:
- Applicant name
- Date of birth
- TRC reference number
- Decision date
**Important:**
- This is an assistive feature - you can edit all extracted data before submission
- No decisions are made solely based on AI extraction
- You always have the final say on the data used in your letter
- You can choose not to use AI extraction and enter data manually
### 9.2 Fraud Prevention
Stripe may use automated systems for payment fraud detection. This is necessary for contract performance and our legitimate interests in preventing fraud.
---
## 10. Cookies and Tracking Technologies
### 10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website.
### 10.2 Cookies We Use
**Essential Cookies (Required)**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| laravel_session | Session management | 2 hours |
| XSRF-TOKEN | CSRF protection | 2 hours |
| remember_web_* | Remember login | 5 years |
| cookie_consent | Your cookie preferences | 1 year |
**Functional Cookies**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| locale | Language preference | 1 year |
**Payment Cookies (Stripe)**
| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| __stripe_mid | Fraud prevention | 1 year |
| __stripe_sid | Payment session | 30 minutes |
**Authentication Cookies (Google)**
When using Google Sign-In, Google may set cookies for authentication purposes. See Google's Privacy Policy for details.
### 10.3 Managing Cookies
You can control cookies through your browser settings:
- **Chrome:** Settings → Privacy and Security → Cookies
- **Firefox:** Settings → Privacy & Security → Cookies
- **Safari:** Preferences → Privacy → Cookies
- **Edge:** Settings → Privacy → Cookies
**Note:** Disabling essential cookies will prevent login and payment functionality.
### 10.4 Legal Basis for Cookies
- Essential cookies: Necessary for service provision (GDPR Art. 6(1)(b))
- Functional cookies: Your consent (GDPR Art. 6(1)(a))
- Third-party cookies: Your consent and legitimate interest
---
## 11. Data Security
We implement appropriate technical and organizational measures to protect your data:
- **Encryption:** All data transmitted via HTTPS/TLS
- **Access Control:** Role-based access to personal data
- **Secure Payments:** PCI-DSS compliant payment processing via Stripe
- **Regular Updates:** Security patches applied promptly
- **Data Minimization:** We only collect data necessary for our services
- **Secure Storage:** Data stored on encrypted servers within the EU
---
## 12. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.
---
## 13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will notify you via email or website notification.
We encourage you to review this policy regularly.
---
## 14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
**General Inquiries:**
Email: info@personal.dokomat.com
**Data Protection Contact:**
Arif Hossain
Email: arif.hossain@alienaffairs.com
**Registered Address:**
Soft Affairs Sp. z o.o.
Pl. Wolności 6/108
60-324 Poznań, Poland
---
© 2026 Soft Affairs Sp. z o.o. All rights reserved.