Prax CRM is designed to help you meet your GDPR obligations when you process personal data of EU residents. This page summarises our approach; a full Data Processing Addendum is available on our DPA page.
Data subject rights
GDPR gives data subjects the right to access, correct, export, delete and restrict processing of their personal data. Inside Prax CRM, admins can perform these operations directly on any record — no support ticket required. For requests relating to your own personal data as a Prax CRM customer, email privacy@praxcrm.com.
Lawful basis
We process customer account data under the lawful basis of performing our contract with you. We process workspace data as a processor on your behalf — you are the controller of that data, and you choose the lawful basis for your end users.
International transfers
If your data is hosted in our US region, transfers from the EU are covered by the European Commission's Standard Contractual Clauses, included in our DPA. Enterprise customers can opt into EU-only hosting to avoid cross-border transfers entirely.
Breach notification
In the event of a personal data breach affecting your workspace, we will notify you without undue delay — and within 72 hours when feasible — with details of the incident, its scope, and the steps we're taking.
Contact our DPO
For any GDPR-related question, email dpo@praxcrm.com.