Privacy Policy
Good Companion ("we", "our", or "the platform") is operated by the association Dobra Družba. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national law. By using our website and services, you agree to this policy.
1. Data controller
The data controller is Dobra Družba (Good Companion), Staro sajmište 1, 11070 Beograd (Novi Beograd), Serbia. Registration number (MB): 28346832; Tax ID (PIB): 113220464. Contact: info@dobra-druzba.org. We operate the Good Companion platform and are responsible for the personal data we process.
2. What personal data we collect
Account data: When you register we collect name, surname, email address, date of birth, role (Supporting Member or Service Provider), and for providers a KYC code. Passwords are stored only in hashed form (bcrypt). Profile data: For providers we store public name, bio, location, profile image, age, region, physical characteristics, languages, nationality, meeting places, availability, contact/messaging details, and gallery images. For supporting members we may store name, phone, and communication notes. For admins we store display name, bio, profile image, and languages. Usage and transaction data: Bookings (time, duration, status), reviews (rating, comment), wallet balance and transactions, and for providers we record clicks on external links (e.g. social or profile links) for analytics. Technical data: We use session cookies and JWT for authentication; we do not permanently store your IP address. For password-reset and similar security actions we may use your IP temporarily in memory for rate limiting only; it is not stored in our database.
3. Legal basis and purposes
We process your data on the following bases: (a) Contract: to create and manage your account, provide the booking and messaging features, and process payments and withdrawals. (b) Legitimate interests: to secure the platform (e.g. rate limiting, fraud prevention), improve our services, and analyse usage (e.g. external link clicks) where we have balanced our interests against your rights. (c) Consent: where we ask for your explicit consent (e.g. optional marketing, or non-essential cookies such as Google Analytics—see our Cookie Policy). (d) Legal obligation: where we must retain or disclose data to comply with law (e.g. record-keeping, age verification, or authorities' requests).
4. Data retention
We keep your account and profile data for as long as your account is active. After you delete your account we remove your personal data within a reasonable period, except where we must retain it for legal obligations (e.g. tax, record-keeping, or dispute resolution). Session and technical logs are not retained longer than necessary for security and operation. Aggregated or anonymised statistics may be kept without time limit.
5. Your rights (GDPR)
You have the right to: access your personal data; rectify inaccurate data; request erasure ("right to be forgotten") where there is no overriding legal basis to retain it; restrict processing in certain cases; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests; withdraw consent at any time where processing was based on consent; and lodge a complaint with a supervisory authority (e.g. in Slovenia: Informacijski pooblaščenec, or in your country of residence). To exercise these rights contact us at info@dobra-druzba.org. We will respond within one month.
6. Security
We use industry-standard measures to protect your data: passwords are hashed with bcrypt (high cost factor); authentication uses secure sessions (JWT); data is stored in a database with access controls; communication is over HTTPS. We do not sell your personal data to third parties.
7. Recipients and transfers
Your data is processed by our technical infrastructure (e.g. hosting and database providers). Where such providers are outside the European Economic Area we ensure appropriate safeguards (e.g. adequacy decisions or standard contractual clauses). We may disclose data to competent authorities when required by law. Our email delivery (e.g. password reset, verification) may use a third-party provider (e.g. Resend) under a data processing agreement.
8. Children
Our service is only for persons aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe we hold data of a minor please contact us so we can delete it.
9. Changes and contact
We may update this Privacy Policy from time to time; the current version will be on this page with a "Last updated" date. For any questions about this policy or your personal data contact: info@dobra-druzba.org.
Last updated: March 2026.