Skip to content
montenegrocom
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: February 11, 2026

1. Who We Are

Montenegro.com ("we", "us", "our") is a vacation rental marketplace operated by Montenegro.com d.o.o., registered in Podgorica, Montenegro. We act as the data controller for personal data collected through our Platform.

Contact: privacy@montenegro.com

2. What Data We Collect

2.1 Account Information

  • Full name, email address, phone number
  • Profile photo (optional)
  • Password (stored encrypted, never in plain text)

2.2 Identity Verification (Hosts)

  • Government-issued ID (passport, driving licence)
  • Video verification recording
  • Address verification documents

2.3 Payment Information

  • Payment card details are collected and processed by Stripe, Inc. We do not store full card numbers on our servers.
  • Billing address
  • Host payout details (bank account information for Stripe Connect or Wise transfers)

2.4 Booking and Stay Data

  • Check-in and check-out dates
  • Number of guests
  • Special requests and communication with Hosts
  • Reviews and ratings

2.5 Technical Data

  • IP address, browser type, operating system
  • Pages visited, time spent, referral source
  • Device identifiers
  • Cookies (see our Cookie Policy)

3. How We Use Your Data

We process your personal data for the following purposes:

PurposeLegal Basis (GDPR Art. 6)
Account creation and managementPerformance of contract
Processing bookings and paymentsPerformance of contract
Identity verification (KYC)Legal obligation / Legitimate interest
Sending booking confirmations and alertsPerformance of contract
Preventing fraud and ensuring safetyLegitimate interest
Improving the Platform and user experienceLegitimate interest
Marketing communications (with consent)Consent
Responding to legal requestsLegal obligation

4. Data Sharing

We share your personal data with:

  • Hosts / Guests: Name, profile photo, and booking details are shared between parties to facilitate stays.
  • Stripe, Inc.: Payment processing. Stripe's privacy policy applies to payment data.
  • Wise (TransferWise): Host payout processing.
  • Email service providers: For transactional and marketing emails.
  • Analytics providers: Anonymised usage data for Platform improvement.
  • Law enforcement: When required by law or to protect safety.

We do not sell your personal data to third parties for advertising purposes.

5. International Data Transfers

Your data may be processed in the European Economic Area (EEA) and in the United States (through our service providers Stripe and Wise). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

  • Account data: Retained while your account is active and for 3 years after deletion.
  • Booking records: Retained for 7 years for tax and legal compliance.
  • KYC documents: Retained for 5 years after account closure as required by anti-money laundering regulations.
  • Reviews: Retained indefinitely as they form part of the public trust system. You may request anonymisation.
  • Technical logs: Deleted after 90 days.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Right to restrict processing: Limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@montenegro.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest
  • Access controls and authentication requirements
  • Regular security audits
  • Secure coding practices (OWASP guidelines)

9. Children

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify registered users of material changes via email and update the "Last updated" date above.

11. Supervisory Authority

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Agency for Personal Data Protection and Free Access to Information of Montenegro (Agencija za zaštitu ličnih podataka i slobodan pristup informacijama).

12. Contact

For privacy-related inquiries, contact us at privacy@montenegro.com.

Visa·Mastercard·Amex·Stripe