top of page
Privacy Policy
This is our Privacy Policy that describes what information we collect from you when you use our products, services, and during your interaction with us through other channels (such as customer support chats and calls, virtual and in-person events, etc. This policy also covers how we intend to use the data.
In this document, the terms "we","us", "our" refer to Praximax Technologies Private Limited and affiliates. All the products, services (such as Axon), including web and mobile applications, websites are referred to as "Services" in this document.
This policy applies to all our Services unless explicitly mentioned.
-
What does this policy cover?This policy describes how we ingest, use, and share data received from the tools and/or entered by the employees of your organization. This include any personally identifiable information (PII or "Personal Data") that may be store or passed through Praximax's digital tools and services.
-
What information do we collect?We collect only the information you have given us directly while interacting with our Services and give via providing access to 3rd party tools and services. This include the following: Details of code repositories, pull requests, commits from version control systems like GitHub or BitBucket; Details of work items/tickets from project management tools like Jira; Details you or your organization provide via the registration and/or onboarding processes, which include name and email; SSO details for any third party login access, if used; Details you provide through our Services: All the content you create within these Services, including any personal information that you choose to include; Any files that you upload to, or transfer via our Services; Any data provided via participation in surveys, promotions on our website and within any of the Services; Automatically collected data: Telemetry data (e.g., clickstream data) that may be active on certain Services, which tell us about Service usage patterns and preferences; Device and connection information may be collected by Services which includes the your device's operating system, device identifiers, browser metadata, Service URLs you have used, referred page information (if any), your IP address, crash data, time of activity, etc.; Cookies and other web-tracking technologies (like web beacons) are used by some Services and stored on your device; Details you or your organization provide while interacting with our customer support channels. This includes opening of a support ticket, calling the support helpline, opening a online chat with the support chatbot or personnel, etc. Details you provide us for Payment and Billing purposes. Along with the organization details, we may ask for the details for a company representative for billing. This list includes the most common types of data we capture from you, although it is not an exhaustive list.
-
Why is this information collected?We use the information in various scenarios, such as: Uniquely identifying users for access control; To link users with the data associated with them; To provide our Users with ongoing customer assistance and technical support; To personalize our services and features thereof to the current user; To identify the organization details associated with the current user; To be able to contact our site visitors and users with general or personalized service-related notices and promotional messages; To send alerts and other notifications the respective users when they are the intended recipients. This includes both notifications that are system-generated and user-initiated (e.g., by "tagging" or "mentioning"); To verify accounts and activity and to detect any anomalies that may point to a potential security incident (e.g., hacking of an account); To comply with any applicable laws or government regulations.
-
How do we share the information we collect?Some of the information, including personal information, can be shared for the following purposes: The data may be shared within the services offered by us to identify the user or user activity. This could be also used for collaboration or reporting purposes within the services. This may be visible to other users of your organization who have the access to view the features that show the information; The administrators of your organization that control the account will have access to user data; We may provide you the option to link with third party services to which you can export selected data from our services (such as reports). In all such cases, you will have the full control; The administrator in your organization who manage the account may export selected data from our services (such as reports) to third party services or may use third party services. Such reports may include your information as well; We may share your data with our partners who assist us with billing, collection, customer support, sales, and other activities. Any such data is shared on a must-need basis, with the right access controls, and for a limited period whenever possible; We may occasionally work with external service providers in some specific scenarios. In the event that these providers need access to your data to perform a particular function, they will be granted access only after the appropriate security and confidentiality measures have been taken; If reasonably necessary, we may share your data with the authorized bodies to comply with the law of the land, a regulatory mandate, legal process, a government request, or a court order; We may share your data with third parties to protect our business or our customers from suspected harm or illegal activities, to audit and enforce our policies or agreements or terms of service; In cases where we have to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. Other scenarios where the information may be shared or transfer include: Our company is acquired by another organization, which will inherit the data as a part of the acquisition; Our company is merged with another organization, or if we acquire another organization to expand our service portfolio, members of the merged (or the other) organization may have access to the data; Our investors, who may need to know some macro details about the business. Typically this will not include any personal information. We may convert some data associated with the users or organizations into de-identified or aggregated data that does not disclose any of the personal information of any individual. We may then share any such de-identified or aggregated data without restriction.
-
Is this collected information sold to other parties.No. We do not engage in the practice of selling information to third parties as a principle.
-
How is data stored and secured?All the data we have about you and your organization, including any PII, is stored, transmitted, and used under the strictest measures to avoid accidental or intentional misuse or disclosure. As a deep-rooted company value, we do not compromise security measures to save costs, increase speed of delivery, or to make our internal processes easy. Security & Encryption All the data that is stored in our databases or files (aka "data at rest") on the cloud is encrypted using the current standards (AES-256 or higher), Wherever possible, the encryption keys are rotated on a regular basis, All data transfer between the data stores and the application UI is delivered over TLS 1.2 or higher (all our endpoint are forced-HTTPS) The PII data, such as user profile information, is stored separately from the other data collected by Praximax services. This split anonymizes the user data from the beginning, Direct access to the datastores is rigidly regulated and is not available to our staff or contractors. If a need arises to look into the datastores directly (e.g., to troubleshoot an issue with auto-backup failure), such access is logged and is handled by the authorized Praximax personnel, Data stores that contains PII data, or parts thereof, is never exported or shared in unencrypted format, All data stores are built with automatic backup procedures, avoiding the need for manual access of the data stores Compliance We are on track for compliance with following industry-standards: ISO 27001:2022 - In process (H2 2023) SOC2 - In process (H2 2023) GDPR - Targeted in H1 2024 CCPA - Targeted in H1 2024 Caveat All these measures and our continuous efforts to provide the best security possible notwithstanding, no form of storage communication over the internet is 100% secure. We avoid using any cloud-based hosting for our services or data that doesn't have the highest-level of security standards but still are possibilities of a zero-day defect exploit or a widespread security incident in these hosting platforms that may also impact us. To reduce the surface area of the attack, we separate out the sensitive data and use additional layers of security. The most vulnerable endpoints are your the devices and browsers that you use to access the services and application. As end users, you are responsible for securing your devices, internet connections/networks, and your credentials.
-
How long is the information retained?Organization Administration Most of our products and services are intended to be used by organizations, not individuals. As such, your organization's administrators may control some or all of the data, including your personal data, stored or displayed in our services. These administrators may periodically ask you to: Update your profile, Change your credentials, Control your access to our services, Access your profile data, including updating, copying, or deleting data, Feed the data from our services to other services for further processing. These activities are controlled at your organization level, not at Praximax level. Please contact your organization's administrator(s) for the policies used within your organization. As an individual user, you always have the right to deactivate your personal account if you do not agree with your organization's policies with regards to our services. Account Deactivation You, as an administrator, may chose to deactivate your company's account at any time. In such an event, our services will stop tracking your organization, teams, and individuals. Your company data and profile data will be removed permanently after a cool-down period (typically 15 days). You can reactivate your account during this cool-down period. However, it must be noted that any activity you do, as an individual, on the other tools and services linked with our services may still be captured, albeit without tagging you as an active user. This is because these tools and services may still be in the control of your organization and would still be feeding data to our services as per their configuration. Organization Deactivation An organization may deactivate their account, or it may be deactivated due to non-payment or violation of the terms of service. In such a case, all account and profile information about the organization and its employees will be removed permanently after a cool-down period (typically 15 days). Additionally, all private data, such as text used in OKRs, Jira tickets, Git Commit messages, etc. will be removed as well. The organization can reactivate its account within this cool-down period. The data integration with the organization's tools like GitHub, Jira, BitBucket, Salesforce, etc. will be stopped immediately after the deactivation. Praximax reserves the right to retain some anonymized aggregate data that may be used for reports and summaries. Any such retained data will have no linkage with the organization, its employees, or private (PII) data. If you have any further questions, contact us at support@praximax.com
bottom of page