Privacy Policy
Last updated: January 27, 2026
🔒 Privacy by Design: Praxis is designed with privacy as a core principle. Your client data stays on your own devices by default - we have no access to it.
1. Data Controller
Praxis Legal
Belgium
Email: privacy@praxislegal.be
2. What Data Do We Process?
2.1 Account Data (processed by us)
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account management, communication | Up to 2 years after termination |
| Name, company | Billing, identification | 7 years (legal requirement) |
| Payment details | Subscription management | 7 years (accounting law) |
2.2 Client Data (NOT processed by us)
Local storage: All data you enter in Praxis (cases, contacts, documents, time tracking) is stored on:
- Your own computer/device, or
- Your own cloud storage (OneDrive, Dropbox, Google Drive)
Praxis has no access to this data. You are the data controller for your client data.
2.3 Praxis Cloud (optional)
If you choose Praxis Cloud synchronization, data is stored encrypted in EU data centers (Hetzner, Germany). Praxis then acts as a data processor. A Data Processing Agreement is available upon request.
3. Your Rights
Under GDPR, you have the following rights:
- Access: Request what data we hold about you
- Rectification: Correction of inaccurate data
- Erasure: Deletion of your data ("right to be forgotten")
- Portability: Export of your data in readable format
- Objection: Object to processing based on legitimate interest
Send requests to privacy@praxislegal.be. We respond within 30 days.
4. Security
- TLS 1.3 encryption for data transport
- AES-256 encryption for stored data
- Two-factor authentication (optional)
- ISO 27001-compliant procedures
5. Cookies and Analytics
5.1 Privacy-Friendly Analytics
We use Umami, a privacy-friendly analytics solution that:
- Does not place cookies
- Does not collect personal data (no IP address tracking)
- Is fully hosted in the EU on our own servers (Germany)
- Is open source and GDPR compliant
Umami collects only anonymized statistics such as page views and referrers, without identifying individual users.
5.2 Essential Cookies
Our website uses only:
- Essential cookies: Session authentication, language settings
5.3 No Invasive Tracking
We do not use:
- Google Analytics or other tracking tools that use cookies
- Advertising cookies
- Cross-site tracking
- Social media pixels or widgets
6. Data Processing Agreement (DPA)
When is a DPA needed?
- Local use: No DPA needed - Praxis does not process client data
- Praxis Cloud: DPA available - Praxis acts as processor
Request a DPA via privacy@praxislegal.be
7. Complaints
Belgian Data Protection Authority (GBA/APD)
Rue de la Presse 35, 1000 Brussels
www.dataprotectionauthority.be
Contact
Praxis Legal
Email: privacy@praxislegal.be