Data Processing Addendum

For customer workspace data, PRAXIS generally acts as a processor or service provider acting on user instructions, while the customer remains responsible for lawful input data and review of outputs.

For account administration, security, billing, abuse prevention, and service operations, PRAXIS may act as an independent controller where applicable law recognizes that role.

PRAXIS processes customer data to provide authenticated workspaces, ContextCapsules, document handling, retrieval, AI-assisted analysis, output generation, receipts, reliability monitoring, and support.

AI model and infrastructure sub-processors are limited to the public sub-processor list and operational providers needed to run the service.

PRAXIS applies server-side secret handling, role-based service access, encrypted provider-key storage, production security headers, audit receipts, and reliability controls as part of its baseline.

Retention and deletion follow the public data-retention page, subject to security, legal, billing, abuse-prevention, and backup-integrity obligations.