Privacy policy

Last updated: 2026-05-26

Who is responsible

Andrea Pora, Licensed Clinical Psychologist (Colegiul Psihologilor din România), is the data controller for andreapora.com and the personal data described below. For privacy matters please contact [email protected].

What data is collected

• Booking data — name, email, chosen session, timezone, and Stripe payment confirmation. Processed to deliver the session you have booked.
• Contact form — name, email, preferred reply language, and the message you write. Used only to reply to your enquiry.
• On-site assistant conversations — the messages you exchange with the AI assistant on this site, stored minimally to improve service and to allow Andrea to follow up if you ask her to. Not used for training third-party models.
• Analytics — anonymous usage data via Plausible (EU-hosted, no cookies, no personal identifiers).
• Language preference — a small first-party cookie (pref_lang) remembers your chosen site language so future visits respect it. No personal data.

Processors

• Netlify (USA / EU edge) — website hosting, contact form submissions, serverless functions.
• Cloudflare (USA / EU edge) — DNS, CDN, and the encrypted booking database (D1, hosted in the EU).
• Stripe (Ireland / USA) — payment processing for paid sessions.
• Resend (EU region) — transactional email delivery (booking confirmations, reminders, cancellations).
• Anthropic (USA) — the AI model behind the on-site assistant.
• Plausible Analytics (EU) — anonymous traffic analytics.

All processors operate under appropriate GDPR-compliant data processing agreements or standard contractual clauses for transfers outside the EU.

Special category data (Art. 9 GDPR)

If during a session, in a booking message, in a contact form, or in an assistant conversation you share data about your health — including mental health — this is treated as special category data under Article 9 of the GDPR. The legal basis for processing such data is your explicit consent, given when you confirm your booking or submit a form, and the necessity for providing the psychotherapeutic care you have requested (Art. 9(2)(h) GDPR — health care).

Andrea applies elevated safeguards to this data: encrypted storage, access limited to Andrea herself, minimum-necessary collection, and Romanian clinical confidentiality rules (Romanian Law 213/2004 on the practice of psychology).

How long data is kept

• Booking data: as required by Romanian tax/accounting law for invoices, then deleted.
• Contact form messages: up to 12 months after the last reply, then deleted on request or automatically.
• Assistant conversations: up to 90 days unless you ask Andrea to keep context for follow-up.
• Analytics: aggregated, anonymous, retained per Plausible defaults (no individual identifiers).

Your rights

You have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise any of these rights, write to [email protected]. You also have the right to complain to the Romanian Data Protection Authority (ANSPDCP).

The on-site assistant — important note

The AI assistant on this site is not Andrea and is not therapy. It is here to answer questions and help you decide whether to book a first conversation. It is not a confidential clinical record; please do not share sensitive clinical details with it that you would not share with a website. If you are in crisis, please call 112.

Changes to this policy

We will update this page when our practices change. The date at the top reflects the most recent revision.

⚠️ Final legal review pending. Andrea's lawyer will sign off this text before launch.