Privacy Policy

Last updated: August 28, 2025

Table of Contents

Introduction

This Privacy Policy describes how Praxis Navigator ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing activities in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

Praxis Navigator is the data controller responsible for your personal data. You can contact us at:

Email: [email protected]

Data Protection Officer: [email protected]

Information We Collect

Website Visitors

  • IP address (anonymized through Cloudflare Web Analytics)
  • Browser type and version
  • Device information and screen resolution
  • Pages visited and time spent on our website
  • Referral source (how you found our website)
  • General location information (country/region only)

Contact and Demo Forms

  • Name and professional title
  • Email address and phone number
  • Company name and organization size
  • Industry and role information
  • Security training challenges and requirements
  • Communication preferences and demo scheduling

Platform Users (Future Service)

  • Account registration information
  • Organizational behavioral security data
  • Training completion and effectiveness metrics
  • Usage analytics and performance data
  • Integration configuration settings

How We Use Your Information

  • Provide and improve our website and services
  • Respond to inquiries and schedule product demonstrations
  • Send relevant security culture content and product updates
  • Analyze website performance and user behavior
  • Ensure security and prevent fraud
  • Comply with legal obligations and regulatory requirements
  • Develop new features and improve existing functionality

Data Sharing and Third Parties

HubSpot CRM

Contact form submissions are processed through HubSpot for customer relationship management. HubSpot is GDPR-compliant and processes data under Data Processing Agreements.

Cloudflare Web Analytics

We use privacy-first Cloudflare Web Analytics that does not use cookies or collect personal identifiable information. Data is aggregated and anonymized.

Microsoft Azure

Authentication and platform services are provided through Microsoft Azure with enterprise-grade security and GDPR compliance.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Retention

Website analytics data: 24 months (aggregated and anonymized)
Marketing contacts: Until consent is withdrawn or 3 years of inactivity
Customer data: Duration of service relationship plus 7 years for legal compliance
Support communications: 3 years for service improvement purposes

Your Rights Under GDPR

Right of Access

Request copies of your personal data we hold

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Request limitation of how we process your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interest or direct marketing

Right to Withdraw Consent

Withdraw consent for data processing at any time

To exercise these rights, contact us at [email protected]

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Binding Corporate Rules for multinational service providers
  • Certification schemes and codes of conduct where applicable

Data Security

  • End-to-end encryption for data transmission
  • AES-256 encryption for data storage
  • Multi-factor authentication for admin access
  • Regular security audits and penetration testing
  • SOC2 Type II compliance for service providers
  • Network monitoring and intrusion detection
  • Secure backup and disaster recovery procedures

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or prominent website notice. The "Last Updated" date indicates when changes were made.

Complaints and Supervisory Authority

If you have concerns about our data processing, you have the right to lodge a complaint with your local data protection supervisory authority. In Norway, this is Datatilsynet. In the EU, contact your national data protection authority.

Questions About Privacy?

Contact us to exercise your rights or get answers about how we process your data.

Contact Privacy Officer