Privacy Policy
Last updated: May 28, 2026
Data Controller: Ungureanu Cristian, a student and independent creator residing and operating in Timișoara, Romania (European Union).
Launch Status: Early access validation phase (prior to company incorporation; all data rights and responsibilities will seamlessly transfer to the formal corporate entity upon registration, with notice to users).
Country of Origin: Romania, European Union
Applicable Frameworks: Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR), Romanian Law no. 190/2018, and Regulation (EU) 2024/1689 (EU Artificial Intelligence Act).
Direct Privacy Contact: contact@opendria.com
Data Protection Officer (DPO): Inquiries are managed directly by the operator at the address above.
1. What this Policy covers
This Privacy Policy describes how Opendria collects, stores, processes, transfers, and protects your personal data when you visit our website, register an account, purchase premium subscriptions, engage in AI-powered mentor conversations, or contact us. It applies universally to all users globally.
2. Categories of personal data we process
We limit data collection to what is strictly necessary to run a secure, premium, and functional conversational library:
| Category | Description & Specific Examples |
|---|---|
| Account Credentials | Email address, username, password-derived secure authentication tokens, account registration timestamp, and subscription tier status (Free, Scholar, Sage, Oracle). |
| Conversation Logs | User prompts, dialogue histories, active persona selections, and temporary character relationship levels or context memories necessary to sustain immersive conversations. |
| Payment & Billing Data | Subscription levels, payment timestamps, billing country, checkout session tokens, and metadata. Note: Complete payment card details are processed directly and securely by Stripe; Opendria never stores your raw credit card numbers. |
| Technical & Security Metadata | IP address, browser type, user agent details, secure session cookies, CSRF protection tokens, rate-limiting parameters, and anti-abuse logs. |
| Preference States | Interface preferences, selected aesthetic active theme, and toggle state for the interactive "Living Aura" visual lighting effects. |
3. Purposes of processing and Legal Bases (GDPR Article 6)
We process personal data only when a valid legal basis under GDPR Article 6 is established:
| Purpose of Processing | Legal Basis under GDPR |
|---|---|
| Creating and securing your account; delivering dynamic, real-time AI conversations; managing active premium subscriptions. | Performance of a Contract (Art. 6(1)(b) GDPR) — providing the service you requested. |
| Safeguarding the platform against DDOS attacks, script injection, account takeovers, billing fraud, and server abuse. | Legitimate Interest (Art. 6(1)(f) GDPR) — maintaining platform stability, integrity, and absolute security. |
| Enforcing financial reporting, VAT billing calculations, tax auditing requirements, and satisfying direct legal subpoenas. | Compliance with a Legal Obligation (Art. 6(1)(c) GDPR) — satisfying EU/Romanian tax and company law. |
| Providing critical support channels, troubleshooting active technical errors, and handling GDPR rights requests. | Legitimate Interest & Contract Performance (Art. 6(1)(f)/(b) GDPR) — guaranteeing a premium user experience. |
4. AI Dialogues, Transparency (EU AI Act), and Sensitive Information
EU AI Act Transparency Compliance (Article 52): In accordance with Regulation (EU) 2024/1689 (EU AI Act), users are hereby explicitly notified that they are interacting with an Artificial Intelligence (AI) dialogue system. The historical mentors, conversational prompts, dialogue trees, relationship statuses, and dynamic emotional profiles are fully simulated representations powered by AI models. They do not constitute communication with real, living, or historically active persons.
Strict Zero-AI Training Guarantee: Opendria operates under strict privacy protections. We guarantee that your personal dialogue logs, conversation history, and prompts are **never used, shared, sold, or rented** to train, fine-tune, or improve any internal or third-party AI models (including models operated by OpenAI, Google, Anthropic, Groq, Fireworks, or Replicate). All external API interactions are governed by commercial enterprise agreements that strictly prohibit the utilization of client data for model training and maintain zero or limited-term abuse-prevention caching.
Information Warning: We strongly advise users against sharing highly sensitive personal details (such as medical, financial, or intimate disclosures) in chats. The AI mentors are for intellectual exploration, writing, reflection, and creative entertainment only. They do not possess human empathy, professional licensing, or clinical capacity.
5. Recipients and Sub-processors of your data
To deliver Opendria, we share data only with trusted, industry-leading sub-processors operating under strict Data Processing Agreements (DPAs):
- Hosting & Databases: Vercel (frontend deployment), Render & Supabase (backend server operation, databases, and secure user tables).
- Payment Gateways: Stripe, Inc. (secure payment flows, recurring billing operations, and fraud prevention).
- AI Infrastructure APIs: API integrations (OpenAI, Google Gemini, Groq, Fireworks) processing temporary prompts under strict non-training enterprise terms.
- Security & Logging: Logging and infrastructure security providers monitoring server integrity.
6. International data transfers
Opendria is operated from Romania (EEA). If we utilize sub-processors located outside the European Economic Area (EEA), such as in the United States, we ensure that appropriate safeguards are in place. This includes verifying that the recipient operates under Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or similar valid legal transfer mechanisms under GDPR Chapter V.
7. Data retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this policy:
- Account & Preference Data: Maintained for the active duration of your account until deletion is requested.
- Conversation History: Stored securely in our databases to allow you to continue conversations across sessions. These are deleted immediately upon account termination or explicit user request.
- Billing Records: Retained for legally mandated periods (typically up to 10 years) to satisfy Romanian and EU fiscal, accounting, and tax regulations.
- Technical Security Logs: Retained for a rolling period (usually 30 to 90 days) to detect patterns of abuse or operational errors.
8. Technical and organizational security
We implement premium, modern security practices to protect your data, including secure SSL/TLS end-to-end encryption in transit, secure database hashing, automated security dependency scanning, CSRF token validation on all stateful requests, robust rate-limiting, and strict access controls. While we maintain a high standard of security, no system on the internet is 100% immune to unauthorized access.
9. Your GDPR Rights (Articles 15-22)
Under the GDPR, you possess absolute, enforceable rights regarding your personal data:
- Right of Access (Art. 15): You have the right to request a complete copy of all personal data we hold about you.
- Right to Rectification (Art. 16): You can request that inaccurate or incomplete account data be updated immediately.
- Right to Erasure / "Right to be Forgotten" (Art. 17): You can request the complete deletion of your account and conversation histories. To delete your account immediately, you can contact us at contact@opendria.com. Your account and all dynamic chat data will be permanently wiped within 30 days.
- Right to Data Portability (Art. 20): You have the right to request your personal data in a structured, commonly used, and machine-readable format to transfer it elsewhere.
- Right to Object (Art. 21) & Restriction (Art. 18): You can object to data processing carried out based on legitimate interests or request the restriction of processing.
- Right to Withdraw Consent: Where processing is based on your explicit consent, you can withdraw it at any time.
To exercise any of these rights, simply email us at contact@opendria.com. We will process your request free of charge within 30 calendar days of identity verification.
10. Supervisory authority
You have the right to lodge a formal complaint with a data protection supervisory authority. The lead authority overseeing Opendria's operations is the Romanian Data Protection Authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, post code 010336, Bucharest, Romania.
Email: anspdcp@dataprotection.ro
Website: https://www.dataprotection.ro
11. Children
Opendria is designed for an adult and mature audience interested in literature, history, and philosophy. We do not knowingly collect personal data from children under the age of 16 (or the legal age of digital consent in your jurisdiction). If we discover that a minor has registered an account without parental consent, we will delete their data immediately.
12. Cookies and local storage
Opendria uses browser cookies and local storage tokens strictly to maintain secure sessions, protect against CSRF attacks, and store your aesthetic interface preferences. We do not use third-party tracking, retargeting, or advertising cookies. For complete details, see our Cookie Policy.
13. Updates to this Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or technical adjustments. When changes are made, we will update the "Last updated" timestamp at the top of this page. Continuing to use Opendria after an update constitutes acceptance of the modified policy.