Privacy Policy

Praxa is operated by the company behind getpraxa.com(“Praxa”, “we”, “us”). Praxa is an AI marketing platform built for Shopify direct-to-consumer brands. This Privacy Policy describes what data we collect, why, and how we protect it.

If you have questions, contact us at contact@getpraxa.com.

We collect three categories of data:

a. Account data

• Your email address, name, and authentication identifiers (e.g. Google OAuth subject id)
• Your organization name and team members you invite
• Your phone number, only if you opt in to WhatsApp approvals

b. Connected service data

When you connect Praxa to external services, we receive data from those services using OAuth-granted permissions:

• Shopify:store domain, product catalog, inventory, orders, customers, and shop settings — used to inform marketing decisions and report real ROAS. Scoped via Shopify’s App Store-approved permissions.
• Meta (Facebook + Instagram): ad account ID, campaign performance metrics, ad creatives, and audience data — used to manage your campaigns. Scoped via ads_management, ads_read, business_management permissions.
• Google Ads: account ID, campaign metrics, and ad creatives — used to manage your campaigns.

c. Marketing-site data

When you submit our waitlist form at /waitlist, we store the email address, optional name, optional Shopify store domain, and optional use-case description you provide.

We do not place advertising cookies on this site. We use minimal analytics to understand traffic and improve the product.

• To operate the Praxa product — let Aria manage your campaigns, generate creative, and report on performance
• To send you transactional notifications (approval requests, alerts, weekly summaries) via WhatsApp, email, or the in-app interface
• To improve the product based on aggregated, anonymized usage
• To respond to support requests and customer inquiries
• To meet legal and regulatory obligations

We do not sell your data. We do not use your connected-service data to train any external machine-learning model. Generative AI calls (e.g. creating ad copy) use third-party APIs (Anthropic, Replicate) under their respective data-processing agreements; those providers do not train on the content we send them.

We only share your data with:

• Subprocessors we use to operate the service: Supabase (database + authentication), Anthropic (LLM API), Replicate (image and video generation), Cloudflare R2 (creative-asset storage), Twilio (WhatsApp messaging), Vercel (web hosting), Fly.io (background workers), Sentry (error monitoring).
• The advertising platforms you connect (Meta, Google) — when you authorize Praxa to manage campaigns on your behalf, we send the campaign instructions you have approved.
• Law enforcement when legally compelled by a valid order in our jurisdiction.

We do not share your data for marketing or analytics by third parties.

• OAuth tokens for connected services are stored encrypted at rest using Supabase Vault.
• Database access is restricted by Row-Level Security policies tied to your organization.
• All data in transit is encrypted via TLS 1.2+.
• We log every action taken by Aria or any team member; logs are retained for at least 12 months for audit and security purposes.
• Webhooks from connected platforms are signature-verified before being processed.

You can:

• Access the data we hold about you — email contact@getpraxa.com and we will respond within 30 days.
• Correct inaccurate data via your account settings or by emailing us.
• Delete your account and the associated data — see our data deletion instructions.
• Export your campaign and audit-log data in a machine-readable format on request.
• Object to processing or withdraw consent at any time.

For users in the European Economic Area, the United Kingdom, or California, additional rights apply under GDPR, UK GDPR, and CCPA respectively.

We retain your account data while your subscription is active and for up to 90 days after cancellation, after which we delete or fully anonymize it. Audit logs are retained for at least 12 months for legal and security purposes. When you uninstall the Praxa Shopify app, we comply with Shopify’s 48-hour shop/redact webhook contract.

Praxa is operated using cloud infrastructure that may be located in the United States and other regions. By using Praxa, you consent to the transfer of your data outside your country of residence, subject to the protections described in this policy.

Praxa is a B2B product not directed at children under 16. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it.

We may update this policy as the product evolves. Material changes will be notified via email at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

Questions, requests, or complaints: contact@getpraxa.com.