Privacy & Data Retention Policy

Version 1.0 — Ratified 2026-06-12. Scope: the Praxis web app, invite-only. Generated from the ratified policy text.

1. Data we collect

Account email; authentication credentials (hashed, never stored in plaintext); conversation content; and usage and audit logs (timestamps, request metadata, IP address, and abuse / rate-limit signals).

2. How we use it

Your data is used only for service delivery, account management, safety and abuse prevention, and aggregate analytics. We do not sell personal data, we do not use it for advertising, and we do not train models on your content.

3. Retention

• Conversations: retained while your account is active. You may delete individual chats or your entire account at any time. Praxis never proactively deletes your conversation content.
• Account deletion: hard-deleted within 30 days, including backup rotation.
• Audit / usage logs: retained for 90 days, then deleted or irreversibly aggregated. These may be retained independently of account deletion for abuse and incident investigation.
• Authentication records: kept for the life of the account.

4. Your rights

You can export your data in a machine-readable format (JSON), request erasure within 30 days, and access or rectify your information — self-serve in the app or via our support email. These rights meet the GDPR baseline for invitees in the EEA and UK, and also satisfy Nigeria's NDPR.

Lawful bases: performance of a contract (providing the service) and legitimate interest (security logging). There is no automated decision-making or profiling that produces legal effects.

5. Access control

Access follows least-privilege principles: only the operator and designated on-call personnel can reach user content, all administrative access to user content is audit-logged, and defaults fail closed.

6. Subprocessors

We disclose the subprocessors that help us run Praxis:

• An AI inference provider — currently OpenAI — processes the conversation content needed to generate a response.
• Cloudflare — domain registrar, DNS, and storage.
• Our hosting provider — infrastructure.

We minimize what subprocessors receive:

• Only the active conversation context required for a given inference call is transmitted to the model provider.
• Your account email, user identifiers, invite-list data, and internal system content are never sent to the model provider beyond the per-request minimum.
• Provider calls run under no-training API terms, with zero-data-retention options enabled where offered.
• The model provider is a swappable, commodity component — not a strategic dependency. Praxis's identity and capabilities are designed to survive a provider change.

7. Security

Data is encrypted in transit (TLS) and at rest. We apply rate limits and abuse controls, and we never write plaintext secrets to logs or artifacts.

8. Minors

Praxis is for adults only (18+) and is gated by invitation. It is not directed at minors, and we do not knowingly collect their data.

9. Breach notification

In the event of a data breach, we will notify affected users and the applicable regulators without undue delay, consistent with applicable law (including the GDPR's 72-hour supervisory-authority standard where it applies).

Governing law

Governing law and jurisdiction: pending — to be specified before public launch.