Our standard Data Processing Addendum (DPA) is available to every paid customer on request. It incorporates the European Commission's Standard Contractual Clauses where applicable, and defines the parties' obligations when Prax CRM processes personal data on your behalf.
Get a copy
Email legal@praxcrm.com with your workspace domain and we'll send a countersign-ready PDF. Enterprise customers can also negotiate custom terms.
Subprocessors
The following subprocessors may process personal data:
- Convex — application database and hosting.
- Cloudflare — CDN and DDoS protection for the marketing site.
- SendGrid / Postmark — transactional email delivery.
- Stripe / Razorpay — payment processing (billing only).
Data location
Default region is the United States. Enterprise customers can select the European Union or Asia-Pacific regions. No personal data leaves your selected region except for specifically contracted subprocessors listed above.
Security measures
Details of our technical and organisational measures — encryption, access control, audit logging, and incident response — are available in the DPA and on the security page.