Praxis is operated by Brelstone (ABN pending) and is available to Australian counsellors, psychotherapists, social workers, and allied health practitioners. This policy debriefs what information we collect, how it is used, and how it is protected.

We collect and store only what is necessary to operate the platform:

• Account information — your name, email address, practice name, professional role, state, and clinical specialties. Authentication credentials are managed by Clerk (our identity provider).
• Porch widget configuration — practice details, services, pricing, availability, booking information, and crisis resources you enter to configure your chat widget.
• Lore documents — clinical reference files you upload and their extracted text content, accessible only to you.

Session notes and clinical content entered into Brief or Prose are never stored. They are sent to the AI model for processing and are not retained in our database, on our servers, or in any application log after the response has been generated and delivered to you.

Standard infrastructure logs (such as request timestamps and HTTP status codes) may be retained by our hosting providers (Vercel and Render) per their platform policies. These logs do not contain session note content.

We do not collect or store any client (patient) information. Do not enter client full names into any tool. Use initials or a client code at all times.

Visitors who use Brief or Prose without signing in are assigned an anonymous session token stored in a browser cookie (praxis_anon, 30-day expiry). This token tracks the number of generations used against the anonymous usage limit. It does not identify you personally and contains no session note content.

We also record a hashed version of your IP address to apply rate limiting and prevent automated abuse. This record contains no personally identifiable information beyond the hashed IP and a request count.

Information you provide is used solely to operate and personalise Praxis for your practice. Your name, practice name, role, state, and specialties are injected into AI-generated outputs (such as Brief documents and Prose content) so the output reflects your practice accurately.

Your email address is used to send transactional emails (such as a welcome email on sign-up) and to communicate with you about your account. We do not send marketing emails without your explicit consent.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

The following third parties process data on our behalf in order to deliver the service. All processors are based in the United States unless otherwise noted.

• Anthropic (United States) — processes text inputs to generate AI responses for Brief, Prose, Porch, and Lore. Content is sent via API for inference and is subject to Anthropic's usage and data retention policies. We recommend reviewing Anthropic's privacy policy for their data handling practices.
• Clerk (United States) — manages user authentication and identity. Stores your email address, name, and authentication credentials.
• Supabase (United States) — hosts the PostgreSQL database where your account record, Porch configuration, Lore documents, and anonymous session data are stored.
• Vercel (United States) — hosts the web application. Standard request logs and analytics (page views, referrer data) may be collected per their platform policies.
• Render (United States) — hosts the API. Standard request logs may be retained per their platform policies.
• Brevo (France / European Union) — handles transactional email delivery (such as the welcome email sent on sign-up). Your email address and name are transmitted to Brevo for this purpose.

Under Australian Privacy Principle 8 (APP 8), we are required to inform you when personal information is disclosed to overseas recipients.

Praxis processes data using cloud infrastructure located primarily in the United States. This means that personal information you provide (account details) and content you enter (session notes, topics, questions) are transmitted to and processed on servers located outside Australia.

Session note content is not retained after processing. It is sent to the Anthropic API for inference, the response is delivered to you, and the input content is not stored by Praxis. However, you should be aware that the transmission itself occurs via US-based infrastructure.

Data that is stored (your account record, Porch configuration, Lore documents) is held on Supabase infrastructure in the United States. Authentication data is held by Clerk in the United States. Transactional email data is processed by Brevo in the European Union.

By using Praxis, you consent to the cross-border disclosure of your information as debriefd in this section. Australian-region infrastructure is planned for a future phase of the product.

Your account data, Porch configuration, and Lore documents are retained for as long as your account remains active. Anonymous session records are retained for 30 days and then expire automatically.

You may request deletion of your account and all associated data at any time by emailing hello@brelstone.com.au. Deletion requests will be actioned within 30 days.

We take reasonable technical and organisational measures to protect your information, consistent with the sensitivity of the data held:

• All data is transmitted over HTTPS (TLS encryption in transit).
• Authentication is managed by Clerk, with server-side JWT validation on every API request.
• Lore documents are accessible only to the authenticated practitioner who uploaded them.
• Database access is restricted by row-level security policies where applicable.
• Passwords are never stored by Praxis directly; credential management is handled entirely by Clerk.

No system is completely secure. If you become aware of a potential security issue, please contact us immediately at hello@brelstone.com.au.

Praxis is operated in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). In particular:

• APP 1 (Open and transparent management) — this policy debriefs how we handle personal information.
• APP 6 (Use or disclosure) — personal information is used only for the purpose for which it was collected (operating and personalising Praxis).
• APP 8 (Cross-border disclosure) — see the Cross-border disclosure section above.
• APP 11 (Security) — see the Security section above.

If you have a privacy complaint or believe we have breached the APPs, please email hello@brelstone.com.au. We will acknowledge your complaint within 7 days and respond substantively within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

We may update this policy from time to time. Material changes will be communicated via email to registered practitioners. The date at the top of this page indicates when the policy was last updated.

For privacy enquiries, data access requests, or data deletion requests, email hello@brelstone.com.au.