Trust Center
Where your data lives, and who touches it.
Praxis is built to be a calm, trustworthy place to keep your security program. We use a small, named set of reputable providers, encrypt data in transit, and grant access on a least-privilege basis. The governance discipline we run for ourselves is the proof of what we run for customers.
Sub-processors
The third parties that help us run Praxis, what each one does, and where it sits.
- Vercel
Hosting
- Serves and runs the application. United States. Also provides file storage (Vercel Blob).
- Neon
Database
- Stores your account and security-program data. United States.
- Clerk
Authentication
- Manages sign-in, sessions, and account identity.
- Anthropic
AI
- Powers the Praxis advisor model. Governance details finalized before launch.
- Microsoft
Single sign-on
- Optional SSO for organizations that use Microsoft identity.
- Resend
Email
- Delivers transactional and notification email.
- Stripe
Payment processing
- Manages subscription billing, payment methods, and invoices. United States.
- Sentry
Error tracking
- Captures application errors and performance data to keep the service reliable.
- Langfuse
LLM tracing
- Traces advisor model calls for quality and debugging. Self-hostable for full data control.
- PostHog EU
Product analytics
- Privacy-first, cookieless product analytics, hosted in the EU.
Data handling
Data location
Your data is stored and processed in the United States with our hosting (Vercel) and database (Neon) providers. Email delivery runs through Resend. EU-resident analytics data is processed by PostHog EU, hosted in the European Union.
Encryption in transit
Traffic to and from Praxis is served over HTTPS. Connections between Praxis and its providers use encrypted transport. Data at rest is encrypted by the underlying provider infrastructure.
Least-privilege access
Access to your data is granted on a least-privilege basis and limited to what each provider needs to do its job. The Praxis advisor model operates through a single org-scoped chokepoint — customers cannot reach Anthropic directly.
AI data handling — zero data retention, no training on API data
The Praxis advisor is powered by Anthropic under two non-negotiable terms: zero data retention (Anthropic does not retain prompts or completions beyond what is operationally required to return a response) and no training on API data (Anthropic does not use data submitted through the API to train its models). Consent to AI processing is captured explicitly at org onboarding and recorded per organization with a timestamp and policy version.
Retention and deletion
Account and security-program data is soft-deleted when you delete it, then purged within a 30-day window. Privileged and data-affecting actions — including consent records and deletions — are recorded in an immutable audit log.
The fine print
The documents that govern your use of Praxis and our handling of your data.