Privacy Policy

Praxis is an AI-powered SOAP note documentation tool built for physiotherapists. We are committed to protecting the privacy of both practitioners and their patients. This policy explains what data we collect, why we collect it, and how it is handled — in plain language.

We collect the following categories of information: • Account information — name, email address, and clinic details provided during registration. • Session audio — audio recordings uploaded or recorded within Praxis for the purpose of generating SOAP notes. Audio is processed to produce a transcript and structured note, then is not retained. It is never stored long-term. • Generated notes — the structured SOAP notes created from your sessions, associated with your account and the relevant patient record. • Usage data — anonymised product usage information (e.g. features used, session counts) to help us improve the product. We do not collect payment information directly — payments are handled by a third-party processor (Stripe) subject to their own privacy policy.

We use the information we collect to: • Generate, structure, and validate SOAP notes from session audio. • Maintain your account and provide access to signed notes and audit history. • Send transactional emails (e.g. account confirmation, password reset). • Improve the product using anonymised, aggregated usage data. We do not sell your data. We do not use patient audio or note content to train AI models.

Praxis is designed to be compliant with the Personal Health Information Protection Act (PHIPA) in Ontario, Canada. Before any session audio is uploaded, the platform requires documented patient consent. Patient health information (PHI) is never written to system logs. Each practice operates in full tenant isolation — no data is shared between practices.

Session audio is used solely to generate the transcript and SOAP draft. Once processing is complete, audio is not retained on our servers. You retain ownership of the structured note and all generated content within your account.

All signed notes are write-protected and associated with a 10-year immutable audit trail. This log records who created, reviewed, and signed each note, along with timestamps. This is required for clinical-legal defensibility and PHIPA compliance.

We do not sell or rent your data to third parties. We may share data with: • Service providers — infrastructure providers (e.g. cloud hosting, database services) who process data on our behalf under strict data processing agreements. • Legal obligations — if required by law, court order, or regulatory authority. We require all service providers to handle data in a manner consistent with this policy.

We use industry-standard security practices including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is perfectly secure, but we take our responsibility to protect clinical data seriously.

You have the right to access, correct, or delete your personal data. To make a request, contact us at the address below. We will respond within 30 days. If you are a patient whose data has been processed via Praxis, please contact the practice that recorded your session — they are the data controller for patient records.

We may update this policy from time to time. If we make material changes, we will notify registered users by email. The date of the most recent update is shown at the bottom of this page.

Questions about this policy or how your data is handled? Contact us at: hello@praxis.app