Praxara
All legal documents
Praxara Ltd · Legal

Privacy Policy

Effective 1 May 2026 · Praxara Ltd, registered in England & Wales · contact [email protected]

Working draft. This document is the current operative version Praxara uses with pilot customers. A solicitor-stamped final is in flight. If your procurement team needs the executable version under your standard MSA framework, email [email protected] — we negotiate redlines case-by-case.

1. Who we are

Praxara Ltd ("Praxara") is a company registered in England and Wales. Our registered office is in the United Kingdom; our Data Protection Officer can be reached at [email protected].

This notice explains how we collect and process Personal Data when you visit our website, contact us, or use our SaaS platform on behalf of your employer.

For Personal Data we process on behalf of our customers (e.g. your tenant administrator), we act as a Processor — see the DPA. This Privacy Policy covers the data we hold as a Controller.

2. What we collect

  • Marketing-site visitors: IP address, page-view events, referrer (cookies set per Cookie Policy).
  • Lead-form submitters: name, email, company, message text (when you submit a contact or demo-request form).
  • Customer administrators: full name, business email, telephone (where given), billing address, IP address of login events.
  • Tenant end-users: managed by Customer's tenant administrator; we process under the DPA.

3. Lawful basis (GDPR Article 6)

  • Contract: account provisioning, billing, service delivery for paying Customers.
  • Legitimate interests: marketing-site analytics (privacy-friendly, aggregated), lead nurturing, security monitoring.
  • Consent: non-essential cookies, marketing emails (you can withdraw at any time).
  • Legal obligation: tax records, KYC where applicable.

4. How we use it

  • Provide, secure and improve the Service.
  • Respond to enquiries and demo requests.
  • Send transactional email (login, billing, security, audit-relevant notices).
  • Send marketing email — only to people who opt in or are existing customer contacts.
  • Comply with legal obligations.

We do not sell Personal Data. We do not use Customer Data to train any foundation model.

5. Where we store it

Marketing-site infrastructure runs on Cloudflare (UK + EU edge). The SaaS platform runs on Microsoft Azure UK South + West Europe. Limited transfers occur for LLM inference (Anthropic, Google AI, OpenAI) and for transactional email (SendGrid). See /legal/subprocessors for the complete list.

6. Retention

  • Marketing-site analytics — 13 months from collection.
  • Lead-form submissions — 24 months from last contact.
  • Customer account data — for the term of the contract plus 7 years (regulatory/audit minimum).
  • Audit logs — 7 years post-termination.
  • Billing records — 6 years (UK tax).

7. Your rights

Under UK GDPR / EU GDPR you have the right to:

  • Access your Personal Data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erase data ("right to be forgotten", subject to overriding legal obligations) (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing (Art. 21).
  • Withdraw consent (Art. 7) where consent is the lawful basis.
  • Lodge a complaint with your supervisory authority (UK ICO; or your local EU DPA).

Email [email protected]. We respond within 30 days.

8. Security

TLS 1.3 in transit, AES-256 at rest. MFA on admin accounts by default. Annual external penetration test. Incident response process with 24-hour notification commitment for Personal Data breaches affecting your data. See /trust.

9. Children

The Service is intended for use by professionals in pharmaceutical, life-sciences and regulated organisations. We do not knowingly collect data from anyone under 18.

10. Changes

We update this notice when our practices change. The "Effective" date at the top is canonical. Material changes are emailed to all Customer administrators with at least 30 days notice.

11. Contact

Questions: [email protected]. Data-subject rights: [email protected]. UK ICO: ico.org.uk.

Document path: /legal/privacy

Other legal documents: Terms of Use · DPA · E-Signature Agreement · AUP · Privacy · Cookies · Sub-processors