Praxis.

Praxis · Legal

Privacy Policy

Draft Updated [effective date] England & Wales

Praxis exists to keep the people you work with safe. This policy explains, in proper detail, what data passes through Praxis, who is responsible for it, and how it is protected — and beside every clause you will find a plain-English note explaining what it actually means in practice.

The promises behind this policy

Your own encryption key

Every practice gets a dedicated AES-256 key — never a shared one. Clients’ notes are scrambled the moment they’re stored.

Erasure that’s truly final

Deleting throws the key away. Once it’s gone, the data can never be read again — by anyone, including us.

Held in the UK & EU

Pinned to Western Europe, so your information lives and is processed close to home — not shipped off elsewhere.

No trackers, ever

One essential session cookie, and that’s it. No advertising, no profiling, and nothing is ever for sale.

Who is responsible for your data

Praxis is practice-management software for individual therapists and counselling practices in the United Kingdom. It is operated by [Operator legal name] (“Praxis”, “we”, “us”). This policy is governed by the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

There are two distinct relationships you should understand:

For your clients’ records, you are the data controller and Praxis is your data processor.
When you store a client’s clinical records in Praxis, you decide why and how that data is processed. Praxis processes it only on your documented instructions, as set out in this policy and our Data Processing terms. We do not determine the purposes of that processing and we do not use clients’ clinical data for our own ends.
For your own account, Praxis is the data controller and you are a data subject.
Information about you as the account holder — your name, sign-in credentials, billing details and how you use the service — is processed by Praxis as controller, for the purposes described in this policy.

What we collect, and why

The data within Praxis falls into three kinds:

Clinical content (special-category personal data).
Records you create about the people you work with — session notes, assessments, intake-form answers, contracts, correspondence and similar material. This is likely to include data concerning health and is treated as special-category data under Article 9 UK GDPR. You are the controller for this content; we process it solely to provide the service to you.
Account and contact data.
Your name, email address, authentication identifiers and practice details. We process this to create and secure your account, to provide support, and to contact you about the service.
Operational and technical data.
Limited metadata required to run the service reliably — for example record identifiers, timestamps, organisation identifiers and security logs. This is kept separate from your encrypted clinical content.

We do not operate third-party advertising or analytics that track you or your clients, and we do not sell personal data.

Our lawful bases for processing

Where Praxis is the controller (your account data), we rely on the following lawful bases under Article 6 UK GDPR:

  • Contract — to provide the service you have signed up for, including authentication, support and essential service communications.
  • Legitimate interests — to keep the service secure, prevent abuse, and improve reliability, balanced against your rights.
  • Legal obligation — where we must retain or disclose data to comply with the law.

Where you are the controller (your clients’ clinical content), you are responsible for identifying your own lawful basis under Article 6 and your Article 9 condition for processing special-category health data — typically the provision of health or social care, or explicit consent. Praxis acts only as your processor for that content.

How your data is protected

Praxis is built privacy-first. Each practice’s sensitive and clinical data is encrypted at rest using its own dedicated AES-256 key under an envelope-encryption scheme: a per-organisation data key encrypts the content, and that key is itself protected by a master key. Operational metadata is held separately from the encrypted clinical content.

As a result of this design, Praxis personnel cannot read your clients’ clinical content in the ordinary course of operating the service. Access to systems is restricted, authenticated and logged, and data is transmitted over encrypted connections.

Erasure and crypto-shredding

Because each practice’s content is encrypted under its own key, we are able to offer a strong form of deletion. When data must be erased — for example when you close your account, or when you exercise a client’s right to erasure — we can destroy the relevant encryption key. Once the key is destroyed, the underlying encrypted data is rendered permanently unrecoverable, even to us. This is known as crypto-shredding.

Routine encrypted backups created before erasure age out and are overwritten on their normal cycle; they cannot be decrypted once the key has been shredded.

The rights you and your clients have

Individuals have the following rights under UK GDPR, which may be exercised in respect of their personal data:

  • Access — to obtain a copy of the personal data held about them.
  • Rectification — to have inaccurate data corrected and incomplete data completed.
  • Erasure — to have personal data deleted in the circumstances the law allows.
  • Portability — to receive their data in a structured, commonly used, machine-readable format.
  • Restriction and objection — to limit or object to certain processing.

For your account data, contact us and we will respond within the statutory time limits. For a client’s data, you are the controller: a client should direct their request to you, and Praxis will support you in fulfilling it (including, where appropriate, by crypto-shredding the relevant data on your instruction).

How long we keep things

Praxis retains your clients’ clinical content for as long as your account is active, or for as long as you instruct, so that you can meet your own professional and legal record-keeping obligations — you remain the controller and decide the retention period for that content.

Account data is retained for the life of your account and for a limited period afterwards to handle closure, billing and legal requirements, after which it is deleted or anonymised. Security logs are kept only as long as needed for their purpose.

Where your data lives

Praxis is hosted on Cloudflare’s platform (Workers compute and the D1 database), pinned to the Western Europe region so that data is stored and processed within the UK/EU for data-residency purposes. Where any limited processing by a sub-processor could involve a transfer outside the UK, it is carried out under an approved transfer mechanism such as the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, with appropriate safeguards.

The companies that help us run Praxis

We use a small number of carefully chosen sub-processors:

Cloudflare
Hosting, compute and database storage (Western Europe region).
Google
Authentication only, where you choose to sign in with Google. Google does not receive your clients’ clinical content.

We may engage additional sub-processors in future — for example a provider to send appointment reminders by email or SMS. Where we do, we will keep this list current and ensure each sub-processor is bound by appropriate data-protection obligations.

Cookies and tracking

Praxis uses a single, secure, essential session cookie to keep you signed in. This cookie is strictly necessary to provide the service and does not require consent. We do not use advertising cookies, and we do not run third-party analytics that profile you or your clients.

If something goes wrong

We maintain measures to detect and respond to personal-data breaches. Where Praxis becomes aware of a breach affecting your clients’ data, we will notify you (as controller) without undue delay so that you can meet your own obligations, including any duty to notify the Information Commissioner’s Office (ICO) within 72 hours and to inform affected individuals where required. Where Praxis is the controller, we will report to the ICO and notify affected individuals as the law requires.

Children’s data

Praxis is professional software intended for use by qualified practitioners. It is not directed to children and we do not knowingly create accounts for children. Where, as part of your practice, you hold records relating to a child client, you do so as the controller and remain responsible for the appropriate lawful basis, consent and safeguards.

Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “last updated” date above and, where appropriate, notify you within the service. Continued use of Praxis after a change takes effect constitutes acceptance of the updated policy.

Contact and complaints

If you have questions about this policy or wish to exercise your rights, contact us at [contact email] or by post at [postal address]. Our ICO registration number is [ICO registration number].

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection, at ico.org.uk or by calling 0303 123 1113. We would, of course, appreciate the chance to put things right first.