Trust + Security

Your data is your data.

What Praxis touches, where it lives, and what we'll never do with it. Plain language, no SOC-2 cosplay until we have the cert.

Encrypted in transit and at rest

TLS 1.3 to every endpoint. Postgres at rest encryption via Supabase. LiveKit audio over DTLS-SRTP. Customer data never crosses provider boundaries unencrypted.

Data residency you can trust

Customer data lives in Supabase (US region) and Vercel Functions (matched US regions). No third-party data sales. No model fine-tuning on your conversations.

Auth + access control

Supabase Auth with row-level security on every customer-facing table. Org-scoped queries throughout. Admins audit-logged. Service-role keys never leave the server.

What we don't do

We don't train on your messages. We don't sell data to brokers. We don't ship analytics SDKs that exfiltrate behavior. We're a small team — fewer chances for shadow data flows.

Compliance roadmap

SOC 2 in 2026.

We’re a small team building something used by paying customers. SOC 2 Type I is on the calendar for late 2026 with a Type II audit window starting Q1 2027. HIPAA is on the table for Praxis verticals that need it (we’d love to hear from you if that’s a hard requirement).

Until those certs ship, you can ask us anything. We’ll answer honestly, and we’ll DPA your team where the relationship justifies it.

Ask the founder

Stop hiring. Start deploying.

Praxis is live. Free to start. The Console is the door.

Open Praxis Console See the product family

Or email luis@conduitai.io directly.