Privacy Policy

Effective Date: October 26, 2025

This Privacy Policy explains how Tesseract Softwares LLC ("Praxsuite", "we", "us", "our") collects, uses, discloses, and protects Personal Data when you visit our websites, use our products and services, or interact with us. It applies to Personal Data we process as a data controller (e.g., account, billing, website, and support data). For Customer Data that we process on behalf of our business customers in their accounts, we act as a data processor; that processing is governed by our customer agreements, including our Data Processing Addendum (DPA).

1.Who We Are

2.Summary for Busy Readers

• We do not sell or share Personal Data for cross‑context behavioral advertising.
• We do not use Customer Data to train models unless a customer explicitly opts in.
• We encrypt data in transit and at rest, restrict access on a least‑privilege basis, and store customer secrets in a managed key vault.
• After account termination or non‑payment deletion, we erase or de‑identify Customer Data within 30 days, subject to legal holds and backups.
• You can request access, deletion, correction, portability, and to object/restrict processing.
• We honor Global Privacy Control (GPC) signals for sale/sharing, if ever applicable.

3.Definitions

4.Categories of Data We Collect

We collect the following categories of Personal Data, depending on your interactions with Praxsuite:

• Account & Profile: name, email, company, role, password (hashed), organization/workspace settings.
• Billing & Payments: billing contact details, invoicing data; payment card data is processed by our PCI‑DSS‑compliant processor; we do not store full card numbers or CVV.
• Product Usage & Diagnostics: event logs, telemetry, workflow/automation execution metadata and IDs, API usage, performance metrics, error logs.
• Customer Support: contact details and the contents of tickets, chat, or email, including attachments you choose to send.
• Files & Content you upload: files, images, documents, form schemas and submissions, messages; content used solely to provide the Services.
• Integrations Metadata: the fact of connected services, scopes, and identifiers necessary to operate the integration; we store tokens securely and never in logs.
• Device/Log Data: IP address, user agent, device and browser type, timestamp, referral/UTM data, approximate location (to city/regional level).
• Cookies & Similar Technologies: session cookies, preference cookies, and strictly‑necessary cookies; optional analytics described below.

5.Sources of Personal Data

You provide data directly (account creation, forms, uploads); administrators may provide data to manage your workspace; we collect data automatically from devices and our Services; and we may receive data from service providers, resellers, integration partners, or publicly available sources (e.g., corporate websites/LinkedIn for B2B contact validation).

6.How We Use Personal Data (Purposes & Legal Bases)

We use Personal Data to: (a) provide and secure the Services; (b) operate accounts, authenticate users, and process transactions; (c) deliver support; (d) maintain, analyze, and improve the Services; (e) communicate service‑related notices; (f) comply with law; and (g) protect Praxsuite, our users, and the public from fraud, abuse, and security risks.

Where the GDPR/UK GDPR applies, our legal bases include contract necessity, legitimate interests (e.g., service improvement and security), consent (where required, e.g., certain cookies/marketing), and legal obligation.

We may create de‑identified or aggregated data for analytics, service improvement, and reporting. We maintain de‑identified data in that form and will not attempt to re‑identify it except as required by law.

7.AI Features & Training

AI‑assisted features may process your inputs to generate outputs you request. By default, Praxsuite does not use Customer Data to train or improve our models or services unless the customer explicitly opts in. We may use product telemetry and de‑identified data to improve reliability, security, and performance.

8.Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described above, comply with legal obligations, resolve disputes, and enforce our agreements. For Customer Data, after termination—or deletion for non‑payment per the Terms—we erase or de‑identify the data within 30 days, subject to legal holds and backup retention practices.

Backups are cycled on a schedule; when data is deleted from production, related backups age out and are subsequently overwritten according to our backup policy.

9.Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the data and risk, including encryption in transit and at rest; key and secret management using a managed key vault; role‑based access controls; audit logging; environment isolation; vulnerability management; and incident response procedures. No method of transmission or storage is 100% secure.

10.How We Disclose Personal Data

We disclose Personal Data to:

• Service providers / subprocessors: cloud hosting, storage, email, CRM, analytics, payments, customer support, security. We require data protection terms and restrict use of Personal Data to our documented instructions.
• Administrators and your organization: for business accounts, administrators may access, manage, or export data associated with your account.
• Third‑party integrations you enable: if you connect an integration, we disclose data necessary to operate that integration. Your use is governed by the third party's terms and privacy policy.
• Corporate transactions: Personal Data may be disclosed in connection with a merger, financing, acquisition, or dissolution, in compliance with law.
• Legal, safety, and rights: to comply with law, respond to lawful requests, or protect the rights, safety, and property of Praxsuite, users, or the public.
• Aggregated/De‑identified data: we may disclose summaries or statistics that do not identify individuals.

11.Cookies & Analytics

We use strictly‑necessary cookies to operate the Services. With consent (where required), we may use functional and analytics cookies to understand product usage and improve performance. You can manage cookie preferences through your browser or the in‑product settings where available.

12.Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of your Personal Data, request portability, or withdraw consent. We will respond to verifiable requests within the timelines required by law. If we decline a request, we will explain why and how to appeal.

To exercise rights, email privacy@praxsuite.com (or use in‑product tools, where available). Authorized agents may submit requests where permitted by law.

13.California & U.S. State Privacy Disclosures

We do not sell or share Personal Data for cross‑context behavioral advertising and do not process Personal Data for targeted advertising. If this changes, we will provide a clear "Do Not Sell or Share My Personal Information" link and will process opt‑out preference signals (GPC) in a frictionless manner. We will also provide a Notice at Collection listing categories, purposes, and retention periods at or before the point of collection.

Appeals: residents of certain states (e.g., CO, CT, VA) may appeal a denial of a rights request by contacting privacy@praxsuite.com within 30 days.

14.International Data Transfers

Where applicable, we use Standard Contractual Clauses (SCCs) and additional safeguards to transfer Personal Data to the United States and other countries. If we self‑certify to the EU‑U.S. Data Privacy Framework (and any UK/Swiss extensions), we will state that here and link to our public certification.

By using the Services, you understand that data may be processed in the United States and other countries with different privacy laws than your home jurisdiction.

15.Children's Privacy

Our Services are not directed to children under 13 and we do not knowingly collect Personal Data from children under 13. If you believe a child has provided Personal Data to us, contact privacy@praxsuite.com and we will take appropriate action.

16.HIPAA and Health Data

Praxsuite is not designed to store or process Protected Health Information (PHI) under HIPAA unless a Business Associate Agreement (BAA) is executed and only for designated HIPAA‑enabled services. Customers must not upload or process PHI unless such an agreement is in place.

17.Changes

We may update this Privacy Policy from time to time. Material changes will be notified through the Services or by email. The "Effective Date" reflects the latest version.

18.How to Contact Us

Questions or concerns? Email privacy@praxsuite.com. You may also contact the data protection authority in your region.

Annex B —GDPR/UK GDPR Legal Bases

• Contract necessity: account setup, provisioning, support, payment, and service delivery.
• Legitimate interests: securing and improving the Services, preventing fraud/abuse, communicating service updates.
• Consent: certain cookies/analytics, marketing communications.
• Legal obligation: tax, accounting, and compliance recordkeeping.