Security

Last updated: July 21, 2024

We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected. Praxos also maintains high standards for code quality, mandatory code reviews, and constant internal security consultations.

Data Collection and Transfer

All of the data you and your users collect and transmit is encrypted in transit and at-rest using industry best practices, including Transport Layer Security (TLS). Praxos requires all third party integrations (configurable by you) that receive data from Praxos to provide secure, encrypted endpoints that will receive the data.

Data Storage

Your data is encrypted at rest with AES-256 encryption in Microsoft Azure data centers. Azure data centers are managed in accordance with SOC 1-3, PCI DSS Level 1 and ISO 9001/ISO 270001.  For users who use Praxos for payment processing, our payment processing vendors are also PCI compliant.

You have full control over whether the data collected by your workflows is stored in your account.  If you do choose to store data, you also have full control over immediately deleting any and all data in your account. 

Data Residency

By default, Praxos will store your data in the United States. If you require information to be hosted at a different location, such as in the European Union, Canada, Australia or any other Azure region, please contact us at either lucas@praxos.ai or soheil@praxos.ai with the title “Region Change Request.” Additional setup costs may apply.  

Data centers in all Azure regions securely decommission their storage devices using techniques detailed in NIST 800-88.

PCI Compliant

Praxos only uses and integrates with payment vendors who are operating in accordance with PCI legislation. Praxos does not store any payment information.

Internal Security Protocols

Praxos enforces physical, technical, and administrative protocols, including but not limited to two-factor authentication, background checks, regular employee security training, and secure access policies.

Authentication

Praxos customers may set up two-factor authentication and/or single sign-on (SSO) with your preferred provider in order to further limit access through your organization. We also enforce strong passwords, regular password resets.