GDPR and Privacy Rights

Where GDPR or similar privacy law applies, users may request access, correction, export, deletion, restriction, objection, or portability for personal data processed by PRAXIS.

Requests can be sent to security@tacitus.me. PRAXIS may need to verify account ownership before acting on a request.

ContextCapsules, uploaded documents, source receipts, conversations, generated outputs, and audit trails may contain user-provided or user-derived personal data.

Deletion and export workflows are handled at the account or workspace level where supported, subject to legal, security, billing, abuse-prevention, and backup-integrity exceptions.

The current production baseline uses United States infrastructure unless a separate enterprise arrangement states otherwise.

EU residency, transfer-impact review, and expanded DPA support remain tracked launch-readiness items for regulated deployments.