Online Card Payments — LibraPay Processor

1. Parties and roles

Merchant

NOIDEEA S.R.L.

CUI: RO48069626

Trade Register: J40/8019/2023

Address: Calea Vitan 242, Corp C2 Parter Birou 17, Sector 3, București

Web: statusdosar.ro

The merchant operates the platform, sets the price, issues the fiscal documents and is responsible for service delivery.

Payment processor

LibraPay

Operated by: Libra Internet Bank S.A.

Country: România (UE / SEE)

Supervision: Banca Națională a României (BNR)

Certification: PCI-DSS Level 1

The processor handles card data, performs 3-D Secure authentication, executes the transaction and returns only the result (not card details) to the merchant.

You can verify LibraPay's status via the Romanian National Bank at www.bnr.ro or via the LibraPay official documentation.

2. How a card payment flows

1. You choose a subscription plan on /preturi and confirm billing data.
2. You explicitly accept the Terms and Conditions, including Art. 6 (payments) and confirm that you give your express prior consent for the immediate provision of the digital service (GEO 34/2014 art. 16(m)).
3. The platform redirects you securely to the official LibraPay gateway page.
4. On the LibraPay page you enter the card number, expiry date and CVV. Card data is collected, validated and processed entirely by LibraPay — never by our servers.
5. LibraPay triggers 3-D Secure authentication with your issuing bank (SMS code, banking app push, biometric — depending on the bank).
6. Upon successful authentication, the amount is captured and LibraPay sends the platform an asynchronous payment confirmation. This confirmation is the authoritative source of payment status, validated by the platform before any subscription activation.
7. The platform activates the subscription, sends a confirmation email and queues invoice generation. The fiscal document (informational "invoice suggestion") is issued within 5 working days.
8. If you close the browser before LibraPay finishes, the IPN still arrives — your subscription will be activated regardless. You can check status anytime in your account.

3. Accepted cards and authentication

A transaction can be declined for reasons exclusively on the issuing bank side (insufficient funds, blocked card, anti-fraud rules, limit exceeded). In such cases the merchant has no visibility on the cause; you must contact your issuing bank.

4. What card data we see vs. what stays at LibraPay

Even if LibraPay's gateway page appears on our domain in some flows, the form fields where you type card data are served and processed by LibraPay (PCI-DSS scope). Our servers receive only the post-transaction confirmation (success / failure + masked references).

5. Automatic renewal (variable recurrence — MIT)

When you opt in for automatic renewal of a subscription, LibraPay sets up a MIT (Merchant Initiated Transaction) token for your card. The token is linked to your subscription and allows future charges to be initiated by the merchant, within strict limits:

• The initial authorisation (first payment) is fully authenticated 3-D Secure — you approve the card and the variable recurrence at the same time.
• For subsequent charges, the merchant initiates the transaction through LibraPay with the saved token (no card number ever leaves LibraPay); the issuing bank may, in some cases, request additional authentication.
• Each renewal generates a separate IPN; the platform sends you an email confirmation per charge and a renewal reminder at least 7 days in advance.
• You can cancel automatic renewal at any time from your account; the subscription continues until the end of the period already paid.
• The token expires automatically at the recurrence expiry date (RECUR_EXP) or when the card expires (EXPIRY), whichever comes first — recorded by LibraPay.

6. Prices, currency, invoice

• All prices are in Romanian Lei (RON) and include VAT according to current fiscal law.
• For business subscribers (PJ), an informational "invoice suggestion" is generated through our partner FGO based on the billing data you provide. The document has informational value; for any fiscal correction, contact us via the contact form.
• The fiscal document is issued and sent electronically within 5 working days from successful payment.
• The price displayed at checkout is final — no hidden fees. Banking fees for issuing the card (if any) are entirely the responsibility of the issuing bank.

7. Consumer rights (GEO 34/2014)

The full Refund and Cancellation Policy is detailed in Refund Policy. In short:

• 15-day free trial in advance allows you to evaluate the service without any payment;
• After paid activation, no refund is granted per Art. 16(m) GEO 34/2014 — exception: proven major service defect attributable exclusively to the merchant;
• You can cancel automatic renewal at any time; access continues until the end of the paid period.

8. Refund and chargeback

For dispute resolution via the National Authority for Consumer Protection (ANPC) or the EU online dispute platform, see the Complaints Policy.

9. Failed transactions and dispute resolution

• Failed authentication 3-D Secure — the amount is NOT debited. You can retry with the same card or use a different one.
• Debited but subscription not active — possible momentary delay in the payment confirmation. Usually self-resolves within 15 minutes. If after 30 minutes the subscription is still inactive, contact us with the transaction reference.
• Double charge for the same order — the order reference is unique, and the platform prevents double activation for the same order. If the bank shows a double debit, contact us — we identify the second transaction (if it is a real one) and initiate the refund.
• Charge without a corresponding subscription — possible authentication abandonment with the bank still locking the amount. Funds unlock automatically within 7 days (banking standard).

For investigation, the merchant needs the order reference (visible in the email confirmation). Without this reference, identification can take additional working days.

10. Security and compliance

• PCI-DSS Level 1 at LibraPay — independently audited annually. The merchant is out of scope for storing card data (PAN, CVV, PIN); our scope is limited to receiving non-sensitive transaction references.
• 3-D Secure 2.x (Visa Secure / Mastercard Identity Check) — mandatory at every transaction; PSD2 SCA compliant.
• Encrypted communication end-to-end between your device, the LibraPay gateway and the platform.
• Authenticity verification for every payment confirmation received from LibraPay — the platform validates that the confirmation genuinely originates from the processor before applying any account change.
• Tamper-proof audit log — every payment, refund and subscription change is recorded with retention sufficient to support audit and accountability under GDPR.
• Operational defence-in-depth — additional technical and organisational measures are in place, documented internally and reviewed periodically.

Specific technical configurations are kept confidential as a defensive measure. For PCI-DSS reference, see PCI Security Standards Council at www.pcisecuritystandards.org.

11. Contact and complaints

For any issue specific to card data processing or how LibraPay handles your card information, you may also contact LibraPay (Libra Internet Bank) directly through their official channels.