Privacy policy

PraxTalk is operated by Praxxii Global, Aligarh, India. Contact: privacy@praxtalk.com. For data-protection enquiries under India's DPDP Act, our Grievance Officer can be reached at the same address.

From visitors of customer sites who interact with a PraxTalk-powered chat widget: a randomly-generated visitor identifier, the messages they send, optional name / email / phone if they provide them, and approximate IP-derived location (city level only — we never store the raw IP after lookup). Lawful basis (GDPR Art. 6): legitimate interest of the customer (Art. 6(1)(f)) and, where the visitor enters PII, consent (Art. 6(1)(a)).

From operators of PraxTalk workspaces: name, email, hashed password, and the conversations / leads / booking pages they create. Lawful basis: contract performance (Art. 6(1)(b)).

Automatic: standard server logs (timestamp, URL, response code) retained for 30 days for abuse detection. No third-party advertising or analytics cookies.

To deliver the messaging service the customer has configured, to detect and prevent abuse, and to comply with legal obligations. We do not sell personal data and do not use visitor messages to train AI models without the customer's explicit opt-in.

We rely on the following sub-processors. The current list lives at /sub-processors and updates there are advance notice under our DPA.

• Convex (US) — backend database + functions.
• Vercel (US) — application hosting.
• Anthropic (US) — only for workspaces that have opted in to Atlas AI with their own API key.
• Voyage AI (US) — only for workspaces that have configured retrieval-augmented generation.
• PayPal / Razorpay — billing.
• Google Analytics 4(US) — anonymous traffic measurement on the marketing site only. We don't cross-link analytics IDs to operator or visitor accounts. Honors browser Do-Not-Track + GPC headers.

Data may be processed in the United States via the sub-processors above. Transfers from the EEA / UK / India rely on Standard Contractual Clauses and (where applicable) the EU-US Data Privacy Framework.

PraxTalk sets one cookie on the marketing site: an anonymous Google Analytics 4 measurement ID, only after you opt in. Operator dashboards (/app) use a session cookie required to keep you signed in — that one is essential and not covered by the consent banner.

Conversation content is retained for the lifetime of the customer's workspace. Workspaces can request deletion at any time via privacy@praxtalk.com (90-day SLA, faster on request). Server logs: 30 days.

EU/UK residents: rights of access, rectification, erasure, portability, restriction, and objection under GDPR Articles 15–22. Indian residents: equivalent rights under the DPDP Act 2023. California residents: CCPA rights to know, delete, and opt out of sale (we do not sell). Email privacy@praxtalk.com and we will respond within 30 days (15 days under DPDP).

You also have the right to lodge a complaint with your local supervisory authority.

Material changes will be announced 30 days in advance via the workspace activity feed and on our changelog. The current version is dated at the top of this page.

This policy is a starter draft and should be reviewed by qualified counsel for your specific jurisdiction before being relied upon for compliance. Last reviewed by Praxxii Global on May 3, 2026.