Privacy Policy

Last updated: February 27, 2026

Introduction

Praxis Navigator is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your information. This privacy policy explains our practices regarding the collection and use of information when you visit our website or use our services.

Data Controller

The data controller for this website and the Praxis Navigator service is:

Praxis Security Labs AS
Norwegian company registration (Brønnøysundregistrene)
Email: [email protected]

For privacy-related inquiries, please contact our Data Protection Officer at: [email protected]

Information We Collect

We are committed to privacy-first data collection and minimise the personal data we process.

Website Analytics (Cookieless)

We use Cloudflare Web Analytics to understand how visitors use our website. This service:
  • Does not use cookies or store personal data
  • Does not track users across other websites
  • Collects only aggregated, anonymous usage statistics
  • IP addresses are anonymised — we cannot identify individual visitors
  • Measures page views, referrers, and basic performance metrics

Contact Forms and Demo Requests

When you submit a contact form or demo request via our website, we collect:
  • Name and email address (required for response)
  • Company information (optional)
  • Message content and inquiry details
Form submissions are delivered to us via Cloudflare's form-to-email service. We do not use third-party CRM tracking or marketing automation on this website.

Praxis Navigator Product Data

If your organisation subscribes to Praxis Navigator, we process data from your Microsoft 365 environment via Microsoft Graph API on behalf of your organisation. In this context, your organisation is the data controller and Praxis is the data processor.

Data collected by the product:

  • Email metadata (sender, recipient, timestamps — not email content)
  • Group memberships and organisational structure
  • Security configuration and compliance status
  • User activity indicators and licence assignments

How product data is handled:

  • All data is stored in your organisation's dedicated, isolated Azure infrastructure
  • Data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • No customer data leaves Microsoft Azure — no cross-cloud transfers
  • EEA customers' data is stored in EU/EEA Azure data centres
  • Data is processed into aggregated security risk scores — these are advisory only and do not produce automated decisions affecting individuals

Your organisation's administrator controls access and can request data export or deletion at any time.

Legal Basis for Processing

Under GDPR, we process personal data based on the following legal grounds:
  • Contract Performance (Art. 6(1)(b)): Processing your organisation's data as part of the Praxis Navigator subscription; responding to demo requests and enquiries
  • Legitimate Interest (Art. 6(1)(f)): Anonymised website analytics; customer relationship management
  • Consent (Art. 6(1)(a)): Marketing communications (opt-in only)
  • Legal Obligation (Art. 6(1)(c)): Norwegian accounting and tax requirements

For Praxis Navigator product data, your organisation (as data controller) is responsible for establishing their own lawful basis for collecting data from their Microsoft 365 environment.

How We Use Your Information

We use the collected information for the following purposes:
  • Providing the Praxis Navigator security analytics service to your organisation
  • Responding to your enquiries and demo requests
  • Improving our website and product
  • Providing customer support and technical assistance
  • Sending requested information about our services
  • Billing and invoicing
  • Complying with legal obligations

Data Sharing and Third Parties

We work with the following service providers. All providers have data processing agreements in place.

Cloudflare (Website and CDN)

  • Purpose: Website hosting, DNS, CDN, web analytics, form-to-email delivery, and edge security (WAF)
  • Data: Anonymised website usage statistics; contact form submissions (delivered to us via email)
  • Privacy Policy: cloudflare.com/privacypolicy

Microsoft Azure (Cloud Infrastructure)

  • Purpose: All Praxis Navigator product infrastructure — compute, storage, authentication, monitoring
  • Data: Customer product data (stored in dedicated, isolated resources per customer)
  • Transfer: EEA customers' data stored in EU/EEA Azure data centres; US customers in US data centres
  • Privacy Policy: privacy.microsoft.com

Tripletex (Accounting)

  • Purpose: Invoicing, accounting, and financial record-keeping
  • Data: Billing contact information, invoices, payment records
  • Location: Norway (no international transfer)
  • Privacy Policy: tripletex.no/personvern

Data Retention

We retain different types of data for appropriate periods:
  • Website Analytics: Aggregated data retained indefinitely (fully anonymous — no personal data)
  • Contact Forms: Personal data retained for 2 years or until you request deletion
  • Business Contact Data: Retained for the duration of the business relationship plus 2 years
  • Product Data: Active during subscription. Deleted within 90 days of subscription cancellation (full resource group deletion). Early deletion available on request.
  • Financial Records: Retained as required by Norwegian accounting law (bokføringsloven) — 5 to 10 years

Your Rights Under GDPR

As a data subject, you have the following rights:
  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, contact our Data Protection Officer at: [email protected]

Cookies and Tracking

Our commitment to privacy means we operate differently from most websites:
  • No Tracking Cookies: We do not use cookies for tracking or analytics
  • Essential Cookies Only: We may use strictly necessary cookies for website functionality
  • No Third-Party Tracking: No advertising or social media tracking pixels
  • Cookieless Analytics: Our analytics work without cookies
  • Browser Local Storage: Used only for user preferences (language selection)

Data Security

We implement appropriate technical and organizational measures to protect your data:
  • HTTPS encryption for all data transmission
  • Regular security updates and monitoring
  • Access controls and authentication
  • Data minimization and pseudonymization
  • Regular security assessments
  • Incident response procedures

International Data Transfers

Our services are hosted primarily in the EU/EEA region. When data is transferred outside the EEA:
  • We ensure appropriate safeguards are in place
  • We rely on adequacy decisions or standard contractual clauses
  • Data processors are carefully vetted for GDPR compliance

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:
  • Posting the updated policy on this page
  • Updating the "Last updated" date above
  • Sending email notification for significant changes (if we have your email)

Contact Information

For any privacy-related questions, concerns, or requests, please contact us:

Data Protection Officer
Email: [email protected]
General Contact: [email protected]

Supervisory Authority
Our supervisory authority is the Norwegian Data Protection Authority (Datatilsynet):
Website: datatilsynet.no
Email: [email protected]

You have the right to lodge a complaint with Datatilsynet if you believe we have not handled your personal data in accordance with applicable data protection laws.
Contact Us