Ludoria is for desktop

Ludoria is designed for larger screens.
Please open it on a desktop or laptop.

Ludoria

Data Processing Agreement (DPA)

Effective Date: November 2025

This Data Processing Agreement (“Agreement”) forms part of the Terms & Conditions and explains how Ludoria Design (“Data Controller”) processes personal data on behalf of its users (“Data Subject”) in compliance with the General Data Protection Regulation (GDPR).

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person, including name, email, and account information.
  • Processing: Any operation performed on Personal Data, such as collection, storage, retrieval, or deletion.
  • Data Controller: Ludoria Design, which determines the purposes and means of processing Personal Data.
  • Data Processor: Third-party service providers acting on behalf of Ludoria Design, including Firebase (Google LLC) and Gumroad.

2. Scope of Processing

Ludoria Design collects and processes the following data:

  • User Registration Data: Full name, email, Google account identifier, subscription status.
  • User-Generated Content: Mindmaps, notes, tasks, project structures.

Purpose: To provide the Ludoria Design platform and services, authenticate users, store user content, and manage subscriptions.

3. Data Processing by Third Parties

3.1 Firebase (Google LLC)

  • Role: Data Processor
  • Services: Authentication, Firestore database, Cloud Storage
  • Location: Global Google Cloud servers
  • Security: Firebase security measures are applied

3.2 Gumroad

  • Role: Payment Processor
  • Services: Billing, subscription management
  • Security: Complies with PCI-DSS standards
  • Payment data is not stored by Ludoria Design

4. Data Retention

Personal data and user-generated content are stored until the user deletes their account.

Upon account deletion, all personal data and content are permanently erased.

5. Security Measures

Ludoria Design and its processors implement technical and organizational measures to protect Personal Data, including:

  • HTTPS encryption
  • Authentication security via Firebase Auth
  • Access control and authorization management
  • Secure storage in Firestore & Firebase Storage
  • Regular monitoring for unauthorized access

6. Subprocessors

  • Firebase (Google LLC)
  • Gumroad

Any addition of subprocessors will be communicated in advance to users where required by law.

7. Rights of Data Subjects

Users may exercise the following rights:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion of personal data (via account deletion)
  • Object to processing
  • Data portability

Requests can be made via ludoriadesign@gmail.com.

8. International Data Transfers

User data may be stored and processed outside the user’s home country, including in the United States and European Union. All processors implement GDPR-compliant safeguards for international transfers.

9. Liability and Compliance

Ludoria Design ensures all processing is compliant with GDPR and other applicable laws.

  • Users are responsible for keeping their login credentials secure.
  • Processors are contractually obligated to maintain confidentiality and security.

10. Termination

Upon account deletion, all processing ceases and data is erased.

Users may terminate their relationship with Ludoria Design at any time by deleting their account.

11. Contact

For DPA-related inquiries: ludoriadesign@gmail.com