Praxim AI, Inc. — Privacy Policy

Effective Date: August 24, 2025

Company: Praxim AI, Inc. ("Praxim," "we," "us," or "our")

Applies to: Praxim for Word add-in, related websites, APIs, and services (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Services. If you do not agree, do not use the Services.

1) Information We Collect

We collect the following categories of information:

Account & Identity Data: Name, email, passwords or tokens, organization identifiers, subscription tier, plan/usage status.
Authentication & Authorization Data: Identity/access tokens, session IDs, and similar credentials needed to sign in (e.g., via single sign-on or OAuth).
Customer Content: Content you choose to send to the Services (e.g., Word document content, uploaded/imported files, and audio you record for transcription). Note: We do not retain prompts or chat history beyond processing as required to provide the Services, unless you explicitly opt in to a feature that requires retention or we need to retain limited data to investigate abuse, comply with law, or ensure security.
Usage & Telemetry Data: Logs about feature usage, request/response metadata, performance metrics, error/crash diagnostics, device/browser type, and general configuration.
Payment & Billing Data: Limited billing identifiers and status. Card and bank details are processed by our payment processor (we do not store full card numbers).
Support Communications: Emails, in-product messages, and related troubleshooting information.
Cookies & Similar Technologies: Cookies and local storage for sign-in, preferences, fraud prevention, and basic analytics.
Approximate Location: Derived from your IP address to help with security, fraud prevention, and performance.

Do not submit regulated/sensitive data. You agree not to upload information requiring heightened protections or sectoral compliance (e.g., PHI/HIPAA, PCI card data, non-public financial data/GLBA, government-classified data, children's data). If you submit such data, you do so at your own risk, and Praxim disclaims obligations tied to those regimes.

2) How We Use Information

We use information to:

Provide and operate the Services (including editing, vector search, transcription, and related features).
Authenticate and secure accounts and sessions; prevent fraud/abuse; detect, investigate, and respond to security incidents.
Maintain and improve the Services (quality, reliability, performance, usability, and safety).
Measure and manage subscriptions, feature entitlements, usage limits, and billing.
Communicate about updates, policy changes, security alerts, and support.
Comply with law and enforce our Terms of Service and acceptable use rules.
Create aggregated/de-identified insights (which do not identify you) for analytics and service improvement.

What we store and don't store: We do not retain prompts or chat history beyond processing as required to provide the Services, unless you explicitly opt in to a feature that requires retention or we need to retain limited data to investigate abuse, comply with law, ensure security, or provide technical support and debugging. We do not use your Inputs, Outputs, or other data to train models. From your inputs to the application, we store uploaded files and user preferences to maintain them across sessions. Other data (prompts, conversations, document content) is generally processed in real time and may be retained as necessary to provide the Services, except as described above or as necessary for technical support, debugging, and service improvement. Important: Third-party AI and service providers may process your data under their own terms and privacy policies, which apply to their services and, where applicable, your use of such features constitutes consent to such processing.

3) Sources of Information

Directly from you when you install, sign in, or use the Services.
From your systems and services that you connect (e.g., Microsoft 365/OneDrive, Google Drive) when you request imports.
Automatically collected telemetry and device/browser metadata when you interact with the Services.
Service providers involved in authentication, hosting, payments, and similar operations.

4) Disclosure of Information

We disclose information to the following categories of recipients (only as needed to provide and protect the Services or comply with law):

Cloud hosting and infrastructure providers (e.g., compute, storage, networking).
Identity, authentication, and security providers.
AI and model providers to process prompts/embeddings/transcriptions and deliver outputs you request.
Productivity platform connectors you choose to enable (e.g., file import/export integrations).
Payment processors for subscription billing and fraud prevention.
Analytics/telemetry processors to understand performance and reliability (where used).
Professional advisors (legal, accounting) and potential acquirers in a corporate transaction.
Government and law enforcement when legally required or to protect rights, safety, or the integrity of the Services.

We do not allow service providers to use personal information for their own independent purposes unrelated to the Services.

Key Third-Party Services: We partner with several third-party providers to deliver the Service, including:

OpenAI and Microsoft Azure: We use OpenAI and Microsoft Azure services for large language model (LLM) inference to provide AI-powered editing, content generation, and related features.
Amazon Web Services (AWS): We use AWS for file storage and authentication/login services.

These providers are enterprise-grade services that maintain industry-leading security standards and compliance certifications (such as SOC 2, ISO 27001, and others). They employ robust security measures including encryption in transit and at rest, stringent access controls, and comprehensive audit logging. These services are trusted by organizations worldwide to securely handle sensitive data and are designed to meet rigorous security, privacy, and compliance requirements.

A current list of our core infrastructure and processing subprocessors is available upon request.

We may update our subprocessors and processing locations from time to time. If you have an enterprise agreement with subprocessor notice obligations, we will provide notice per that agreement.

5) International Transfers

We are based in the United States and may process information in the U.S. and other countries that may not provide the same level of data protection as your jurisdiction. Where required, we use appropriate safeguards (e.g., standard contractual clauses) for international transfers.

6) Data Retention

We retain information only as long as necessary to operate the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Important: User prompts and chat history are not retained beyond processing as required to provide the Services, except as described in Section 2. Uploaded files and user preferences are kept until you delete them or your account is closed. Basic security and access logs are generally retained for up to 30 days unless needed to investigate abuse or security incidents. Billing and transaction records are retained as required by law. Support communications may be retained for up to 24 months. We may retain specific records longer where necessary to investigate abuse, ensure security, or comply with law.

7) Security

We use industry standard technical and organizational safeguards designed to protect information (e.g., encryption in transit, access controls, and logging). However, no system is 100% secure, and we cannot guarantee absolute security. If we discover a data breach affecting your personal information, we will notify you as required by law.

8) Your Choices & Rights

Account Controls: You can update certain account details and settings in your Praxim account.
Marketing Communications: You can opt out of non-transactional emails via unsubscribe links.
Access, Deletion, and Correction: Subject to applicable law, you may request access to, deletion of, or correction of your personal information.
Portability & Restriction: Where applicable, you may request a portable copy or request restriction/objection to certain processing.
Verification & Exceptions: We may need to verify your identity to process requests. Certain data may be retained or denied deletion where permitted by law (e.g., security logs, fraud prevention, legal obligations).

To exercise rights, email contact@praxim.ai.

Automated decision-making: We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

California (CCPA/CPRA) Notice

Collection/Use: We collect the categories described in Section 1 for the purposes in Section 2.
"Sale" or "Share": We do not sell personal information as "sale" is defined by California law. We do not share personal information for cross-context behavioral advertising unless we clearly disclose otherwise and provide opt-out mechanisms.
Sensitive Personal Information: We do not use or disclose SPI for purposes requiring a "Limit the Use and Disclosure of Sensitive Personal Information" link.
Rights: California residents have the rights to know, access, delete, correct, and opt out of "sale"/"sharing" where applicable. We will respond within the timelines required by law.

US-Only Service

The Services are intended for use in the United States, and our Microsoft Word Store listing is geofenced accordingly. If you access the Services by sideloading or otherwise from outside the United States, you are solely responsible for compliance with your local laws. To the extent permitted by law, we disclaim liability for use of the Services outside supported regions.

9) Cookies & Tracking

We use strictly necessary cookies and/or local storage for sign-in, session security, and preferences. We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling some cookies may impact functionality.

10) Children's Privacy

The Services are not for children. You must be 18 or older. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

11) Third-Party Links and Services

The Services may link to third-party websites or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

12) Changes to this Policy

We may update this Policy from time to time. Changes are effective upon posting unless a later date is stated. If you continue to use the Services after changes take effect, you agree to the updated Policy.

13) Contact Us

Questions or requests regarding this Policy may be sent to contact@praxim.ai.