Personvern

1. Introduction

Praksis ("we", "our", or "us") operates the Praksis web application (app.praksis.ai) and the Praksis mobile application for iOS (collectively, the "Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Praksis is operated from Norway and subject to Norwegian and EU privacy regulations, including the General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• • Name and email address
• • Authentication credentials (password or third-party login via Google or Apple)
• • Organization and role information

2.2 User-Created Content

Content you create or upload through the Service:

• • Text notes and documents
• • Voice recordings and transcriptions
• • Screenshots and images
• • Interview transcripts and dialogue data
• • Files uploaded to your context library

2.3 Device and Usage Data

We automatically collect certain technical information:

• • Device type, operating system, and browser type
• • App version and language preference
• • Feature usage patterns (which tools you use)
• • Error logs and performance data

We do not collect location data, advertising identifiers, or track you across other apps or websites.

2.4 Mobile App Permissions

The Praksis iOS app may request access to:

• • Camera — to capture photos for your context library
• • Microphone — to record voice memos for transcription
• • Photo Library — to select screenshots and images for upload

These permissions are optional and requested only when you use the relevant feature. You can revoke them at any time in your device settings.

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other financial information on our servers. We only receive confirmation of payment status and subscription tier from Stripe.

3. How We Use Your Information

We use your information for the following purposes:

• • Providing the Service — to operate and maintain your account, process your content, and deliver AI-powered features
• • AI Processing — your content is sent to AI providers (see Section 6) to generate responses, transcriptions, and analysis. We do not use your content to train AI models.
• • Communication — to send transactional emails, security alerts, and product updates
• • Improvement — to understand usage patterns and improve the Service
• • Security — to detect and prevent fraud, abuse, and unauthorized access

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

Contract Performance (Article 6(1)(b))

• • Account creation and management
• • Service delivery, content storage, and AI processing
• • Payment processing and subscription management
• • Customer support

Legitimate Interests (Article 6(1)(f))

• • Service improvements and usage analytics
• • Security monitoring and fraud prevention
• • Error tracking and performance optimization

Legal Obligations (Article 6(1)(c))

• • Tax and accounting requirements
• • Responding to lawful requests from authorities

Consent (Article 6(1)(a))

• • Marketing communications
• • Optional device permissions (camera, microphone, photo library)

5. AI and Automated Processing

Praksis integrates AI capabilities to power its core features:

AI Features

• • Transcription — voice recordings are converted to text using Microsoft Azure Speech Services
• • AI Chat & Analysis — documents and context are processed by language models to generate insights and responses
• • Voice Interviews — real-time voice conversations powered by ElevenLabs
• • Content Generation — AI-assisted writing and workflow automation

AI Providers and Data Handling

Important Commitments

• • No model training: We do NOT use your content to train or improve AI models. Our API agreements with providers explicitly prohibit this.
• • Data minimization: We send only the content necessary for each request — not your entire library.
• • You own the output: All AI-generated content belongs to you.
• • Deletion: You can delete any AI-processed content at any time.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• • All data is encrypted in transit using TLS 1.2+
• • Data at rest is encrypted using AES-256
• • Authentication tokens are securely stored and regularly rotated
• • Access to production systems is restricted and logged
• • Row-level security policies isolate data between organizations

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention and Deletion

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

You can delete your account at any time from the Settings page in the web application. Upon deletion, all your personal data, uploaded content, and associated records will be permanently removed within 30 days.

8. Third-Party Services

We use the following third-party services to provide and improve our Service:

• • Supabase — database hosting, authentication, and file storage (EU region)
• • Stripe — payment processing
• • OpenAI — AI language model processing (content is not used for model training)
• • ElevenLabs — voice synthesis for interview features
• • Microsoft Azure — speech-to-text transcription
• • Google — OAuth authentication (when you sign in with Google)
• • Apple — OAuth authentication (when you sign in with Apple)
• • Vercel — web application hosting

Each third-party service has its own privacy policy. We encourage you to review their policies. We only share the minimum data necessary for each service to function.

9. International Data Transfers

Our primary database is hosted in the EU. Some third-party services (OpenAI, Vercel) may process data in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Your Rights (GDPR)

Under the GDPR and Norwegian data protection law, you have the right to:

• • Access — request a copy of the personal data we hold about you
• • Rectification — correct any inaccurate or incomplete data
• • Erasure — request deletion of your data ("right to be forgotten")
• • Portability — receive your data in a structured, machine-readable format
• • Restriction — request that we limit processing of your data
• • Objection — object to processing of your data for certain purposes
• • Withdraw Consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

11. Children's Privacy

Our Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• • Email: privacy@praksis.ai
• • Website: praksis.ai