LEGAL
Privacy Policy
Last updated: March 29, 2025
This Privacy Policy explains what personal data Zero Point Logic collects, why, how it is used, and what rights you have as a data subject under the General Data Protection Regulation (GDPR) and Romanian law. We have written this in plain language because legal documents should be readable.
1 Who We Are
Zero Point Logic is operated by Ciciu Alexandru-Costinel, an individual researcher and developer based in Romania. The service includes the ZPL API (hosted on Railway), this website, and associated client packages.
As the operator of this service, Ciciu Alexandru-Costinel is the data controller for all personal data collected through this website and API.
2 What Data We Collect
We collect the minimum data necessary to operate the service. We do not collect data speculatively or for purposes unrelated to providing ZPL functionality.
- Email address — Collected only when you register for an account or subscribe to notifications. Used to deliver account credentials, service updates, and (if opted in) newsletter articles.
- API usage logs — Anonymized records of API calls: endpoint accessed, timestamp, response code, and N-value parameter. No personally identifiable information is stored in logs. IP addresses are not logged persistently.
- API key — A generated token associated with your account, used to authenticate requests. Stored as a hashed value; we cannot read your key in plaintext.
- Payment information — If you subscribe to a paid plan, payments are processed by a third-party provider (Stripe). We do not store card numbers or payment credentials on our servers.
We do not collect: location data, device fingerprints, browsing history, or any data from third-party advertising networks.
3 How We Use Your Data
Your data is used exclusively for the following purposes:
- Service delivery — Authenticating your API requests, managing your subscription tier, and providing access to the member dashboard.
- Service communications — Sending you account-related emails (password reset, plan confirmation, API key delivery). These are transactional and cannot be opted out of while you have an active account.
- Newsletter — If you subscribed, sending blog updates and release notes. You can unsubscribe at any time via the link in any email.
- Aggregate analytics — Anonymized, aggregated usage statistics (e.g., total API calls per day) are used to monitor service health. These cannot be traced back to individual users.
- Legal compliance — Retaining records as required by Romanian law and EU regulations.
We do not sell, rent, or trade your data to any third party. We do not use your data for advertising, profiling, or automated decision-making that affects you.
4 Cookies and Tracking
This website uses only essential cookies necessary for operation. We do not deploy advertising cookies, social media tracking pixels, or analytics services that track you across websites without your consent.
- Session cookies — Used to maintain your login state while browsing the member dashboard. These expire when you close your browser.
- Preference cookies — Used to remember your language selection on the home page. These persist for 30 days.
No non-essential cookies are set without your explicit consent. You can clear all cookies from this site through your browser settings at any time without affecting your account.
We do not use Google Analytics, Facebook Pixel, or any third-party tracking SDK on this site.
5 Your Rights Under GDPR
As a resident of the European Union (or any jurisdiction where GDPR applies), you have the following rights regarding your personal data. We respond to all requests within 30 days.
👁
Right of Access
Request a copy of all personal data we hold about you.
✏
Right to Rectification
Request correction of inaccurate or incomplete personal data.
🗑
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
📦
Data Portability
Request your data in a machine-readable format for transfer.
🚫
Right to Object
Object to processing based on legitimate interests or for marketing.
⏸
Right to Restrict
Request that we limit how we process your data in certain circumstances.
To exercise any of these rights, contact us at cicic.alexandru@gmail.com with the subject line "GDPR Request". You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP) at dataprotection.ro.
6 Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
- API usage logs — Anonymized logs are retained for 90 days, then automatically deleted. These logs do not contain personally identifiable information.
- Account data (email, API key) — Retained for the duration of your active account. If you close your account, data is deleted within 30 days, except where retention is required by law.
- Email (newsletter) — Retained until you unsubscribe. One-click unsubscribe is available in every email.
- Billing records — Retained for 5 years from the transaction date, as required by Romanian fiscal law (Legea nr. 227/2015).
7 Data Security
We apply technical and organizational measures proportionate to the nature of the data we hold:
- All data transmission uses HTTPS/TLS encryption.
- API keys are stored as salted cryptographic hashes — not in plaintext.
- Access to backend systems is restricted and authenticated.
- The API infrastructure is hosted on Railway (EU region where available), which maintains its own security certifications.
In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33-34.
8 Third-Party Services
We use a limited number of third-party services to operate ZPL:
- Railway — API hosting infrastructure. Server-side logs may be retained by Railway per their own privacy policy.
- Stripe — Payment processing for paid subscriptions. Stripe is a PCI DSS Level 1 certified processor. We do not receive or store your full card details.
- GitHub — Code repository and issue tracking for open-source client packages. No user personal data is shared with GitHub.
We have not integrated any advertising networks, social media SDKs, or behavioral analytics platforms.
9 Legal Basis for Processing
Under GDPR, we process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b)) — Processing your email and API key to deliver the service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — Anonymized API usage logging for service monitoring and abuse prevention.
- Consent (Art. 6(1)(a)) — Newsletter emails. Consent can be withdrawn at any time without affecting access to the service.
- Legal obligation (Art. 6(1)(c)) — Retention of billing records as required by Romanian fiscal law.
10 Romanian Law Compliance
This Privacy Policy is compliant with:
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
- Legea nr. 506/2004 — Romanian law on the processing of personal data and the protection of privacy in the electronic communications sector
- Legea nr. 677/2001 — Romanian law on the protection of individuals with regard to the processing of personal data (as amended)
The supervisory authority for data protection in Romania is the National Supervisory Authority for Personal Data Processing (ANSPDCP), Bulevardul Gheorghe Magheru 28-30, Bucharest.
11 Changes to This Policy
We may update this Privacy Policy when our practices change or when required by law. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last updated" date at the top of this page will always reflect the current version.
Continued use of the service after the effective date of a revised policy constitutes acceptance of the updated terms.
12 Contact
For any privacy-related questions, data subject requests, or concerns, please contact us directly: