Praxer LogoPraxerBack to app

Privacy Policy

Last updated: May 13, 2026

1. Introduction

Praxer ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.

2. Data We Collect

Account Information

  • Username, email address, and hashed password
  • Account creation date and last login

Practice Data

  • Training sessions, skill progress, exercise logs, and notes
  • Active paths, concept statuses, and todo items
  • Session timestamps, duration, and tracking data (reps, consistency scores, quality ratings, rep times)

Device & Interaction Data

  • Browser type and version, operating system
  • IP address (for rate limiting and security — not stored long-term)
  • Keyboard and input device interaction data (for BLE clicker and input device support)

Feedback Data

  • Bug reports, feature requests, and UX feedback you submit through the in-app feedback system
  • Optional email address provided with guest feedback

Analytics Data

  • Feature usage events (e.g., session started, tool opened, skill created)
  • Funnel stage progression (registration, first activity, activation)
  • Analytics data is stored in our own database — we do not currently use third-party analytics services

3. How We Use Your Data

We use your data to:

  • Provide and operate the Service (practice tracking, skill progression, session management)
  • Compute your progress metrics, streaks, and proficiency charts
  • Improve the Service based on aggregated usage patterns
  • Send transactional emails (password reset, invite codes)
  • Detect and prevent abuse (rate limiting, spam prevention)
  • Debug errors and maintain Service reliability

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Data Processors

We use the following third-party services that may process your data:

ServicePurposeData Processed
SupabaseDatabase hostingAll application data (encrypted at rest)
VercelApplication hosting & CDNHTTP requests, static assets
SentryError trackingError reports with request context (no passwords)
UpstashRate limiting (Redis)IP addresses, request counts (ephemeral)
ResendTransactional emailEmail address, email content
Google FontsFont deliveryIP address, browser info (via Next.js font optimization)
GitHubFeedback ticket sync (admin-initiated)Feedback content (no personal data unless included in feedback)

We do not currently use third-party analytics tools (PostHog, Mixpanel, etc.). If we add one in the future, this policy will be updated.

5. Data Retention

  • Active accounts: data is retained for as long as your account is active.
  • Inactive accounts: accounts inactive for more than 2 years may be flagged for deletion after notification.
  • Deleted accounts: personal data is permanently deleted. Public content may persist with attribution removed (see Terms of Service, Section 4).
  • Rate limiting data: IP-based rate limit counters expire automatically (typically within minutes).
  • Error tracking data: Sentry retains error data according to their retention policy (typically 90 days).

6. Your Rights (GDPR & General)

Regardless of where you are located, you have the right to:

  • Access: request a copy of your personal data
  • Correction: update inaccurate information via your account settings
  • Deletion: delete your account and personal data
  • Data portability: export your practice data (domain export feature)
  • Withdraw consent: opt out of non-essential cookies (see Cookie Policy)

To exercise these rights, use the in-app feedback system or contact us at the email address provided on our website. We will respond within 30 days.

7. Cookies

We use a minimal set of cookies. See our Cookie Policy for details.

Summary: our only current cookie is the authentication token, which is essential to the Service and exempt from consent requirements.

8. Security

We take reasonable measures to protect your data, including:

  • Passwords are hashed with bcrypt (never stored in plaintext)
  • Authentication via HTTP-only secure cookies (SameSite: strict)
  • Rate limiting on authentication and public endpoints
  • Security headers (CSP, HSTS, etc.)
  • Database connections encrypted in transit

No system is perfectly secure. If you discover a security vulnerability, please report it via the in-app feedback system.

9. Children's Privacy

Praxer is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it.

10. Coach Tier Data Sharing (Future)

In a future update, Praxer may offer a Coach tier where coaches can view their students' practice data (sessions, progress, skill statuses). This will require:

  • Explicit student consent before any data is shared with a coach
  • Students can revoke access at any time
  • Coaches can only view practice data — not account credentials or private notes

This section will be updated with more detail when the Coach tier is available.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

If you have questions about this Privacy Policy, please reach out via the in-app feedback system or contact us at the email address provided on our website.