What we collect
We collect the minimum needed to operate Praxis for you:
- Account information. Email, name, and optional company name when you sign up.
- Authentication identifiers. OAuth subject IDs from GitHub or Google when you choose those sign-in methods. We do not receive your password.
- Connector data. When you connect Slack, GitHub, or another integration, we receive the data those connectors are scoped to read. We store OAuth tokens in Supabase Vault and never expose them to the client browser.
- Usage telemetry. Page views, agent run IDs, run latency, and cost. We do NOT capture raw model inputs, raw model outputs, prompts, or any user content in our telemetry pipeline. Telemetry is whitelisted to
{ tool_name, ms, code, iter }. - Cookies. A first-party session cookie set by Supabase Auth. No third-party analytics or advertising cookies at this time.
Why we collect it
We use the data above to (a) operate the Service, (b) generate agent outputs you requested, (c) keep you signed in, (d) bill you if you are on a paid plan, and (e) communicate service-related notices. We do not sell your data and we do not use it to train any foundation model.
How we share it
We share data with the sub-processors listed below to operate the Service. Each sub-processor is contractually limited to processing your data on our behalf for the stated purpose. We do not share your data with any other third party except (i) at your direction, (ii) to comply with a valid legal demand, or (iii) to protect our or others' rights or safety.
| Sub-processor | Purpose |
|---|---|
| Anthropic | Foundation model provider — Claude API for agent inference |
| Supabase | Postgres database + auth + Vault for OAuth tokens |
| AWS | Hosting (Amplify for web, EC2 for backend, Secrets Manager for prod secrets) — us-west-1 only |
| Inngest | Background job orchestration for agent runs |
| Slack | Optional — operator can connect their workspace via OAuth |
| GitHub | Optional — operator can install our GitHub App on their repos |
Where your data lives
All production data is hosted in AWS us-west-1 (Northern California). Data is encrypted at rest by Supabase and AWS, and encrypted in transit over TLS 1.2+. We do not offer EU residency at this time; if that's a requirement for you, contact us.
How long we keep it
We retain account data for as long as your account is active. If you delete your account, we delete account data within 30 days, except where we are required to keep specific records by law (for example, tax-related billing records for up to 7 years). Agent run telemetry is retained for 12 months and then deleted on a rolling basis.
Your rights
Depending on your jurisdiction, you may have the right to access, correct, port, or delete the personal data we hold about you, and to object to or restrict certain processing. To exercise any right, email privacy@thepraxis.ai. We will respond within 30 days. If you are in California, you can read more about your rights under the CCPA in Section 10 below. If you are in the EU/UK, your GDPR rights are described in Section 11.
Children
Praxis is a B2B service not intended for use by children under 13 (or 16 where local law sets a higher threshold). We do not knowingly collect data from children. If we learn that we have collected such data, we will delete it promptly.
Security
We follow defense-in-depth practices: per-tenant row-level security in Postgres, Vault-stored OAuth tokens, no service-role credentials in the browser bundle (CI enforced), and prod secrets in AWS Secrets Manager with least-privilege IAM. For more, see our Security page. If you believe you've found a vulnerability, please report it to security@thepraxis.ai.
International transfers
If you access the Service from outside the United States, you understand that your data will be processed in the United States. When we transfer personal data from the EU/UK to the U.S., we rely on Standard Contractual Clauses with our sub-processors.
California (CCPA / CPRA)
California residents have the right to know what categories of personal information we collect, the categories of sources, the business purposes, and the categories of third parties with whom we share it. All of that is described in Sections 1–3 above. You can request access, deletion, or correction by emailing privacy@thepraxis.ai. We do not sell personal information or share it for cross-context behavioral advertising.
EU / UK (GDPR)
If you are in the EU or UK, your lawful bases for processing are: (a) performance of a contract (to operate the Service), (b) legitimate interests (to improve and secure the Service), and (c) consent where we explicitly ask for it (e.g., marketing emails). You have the right to lodge a complaint with your local supervisory authority.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect.
Contact
Praxis · San Francisco, California · Privacy email privacy@thepraxis.ai · General contact contact@thepraxis.ai.