Privacy Policy

1. Who we are

LudoProgramming is a service operated by Bulubaşa Doru-Lucian, based in Romania. We are responsible for processing your personal data in accordance with Regulation (EU) 2016/679 (GDPR).

Contact: contact@ludoprogramming.com

2. What data we collect

We collect the following categories of data:

• Account data: email address, Microsoft Entra ID (during CIAM authentication)
• Oravio usage data: questions sent to the widget (anonymized per license), number of requests, tokens consumed
• Payment data: billing email, masked card (last 4 digits) — full card details are processed exclusively by Netopia Payments
• Technical data: IP address, browser type, the URL of the page the request comes from
• Contact data: name, email, message — if you use the contact form

3. Why we collect this data

• Providing the service: authentication, license management, processing AI requests
• Billing: processing recurring payments and issuing monthly reports
• Transactional notifications: license expiry, quota overage, payment confirmation
• Improving the service: aggregated usage analytics, without individual identification
• Legal obligations: keeping accounting records under Romanian law

4. Legal basis

• Performance of a contract (Art. 6(1)(b) GDPR) — to provide the Oravio service
• Consent (Art. 6(1)(a) GDPR) — for marketing communications (if you subscribed)
• Legal obligation (Art. 6(1)(c) GDPR) — for accounting records
• Legitimate interest (Art. 6(1)(f) GDPR) — for security and fraud prevention

5. Who we share data with

We do not sell your data. We share it only with:

• Microsoft Azure — cloud infrastructure (Cosmos DB, App Service, Communication Services) — data processed in the EU
• Microsoft Entra — CIAM authentication
• Azure OpenAI / OpenAI — processing questions via API (no permanent storage per their ToS)
• Netopia Payments — payment processor authorized by the National Bank of Romania

6. How long we keep data

• Account data: for the duration of the contract + 30 days after deletion
• Semantic cache (questions + answers): until manually deleted from the Dashboard or the license expires
• Payment data: 5 years, per Romanian accounting obligations
• Technical logs: 90 days

7. Your rights

Under the GDPR, you have the right to:

• Access — receive a copy of your data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a structured format
• Objection — object to processing based on legitimate interest
• Restriction — restrict processing in certain situations

To exercise these rights, contact us at contact@ludoprogramming.com. We respond within 30 days at most. You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP).

8. Cookies

We use essential cookies for the site to function (session, authentication). We do not use tracking or third-party advertising cookies. Session cookies are deleted when you close your browser.

9. Security

Data is stored encrypted in Azure Cosmos DB, access is protected by Microsoft Entra CIAM with MFA, and communications are encrypted with TLS 1.2+. Payments are processed exclusively over a secure Netopia connection — card details never pass through our servers.

10. Changes

Any significant change to this policy will be communicated by email at least 14 days before it takes effect. The current version is always available at this address.