Back to sign in

Privacy Policy

Version 2026-05-17

# Deepractice Privacy Policy

Version: 2026-05-17  
Effective date: 2026-05-17  
Controller: Praxis Global Limited(知行環球有限公司)  
Contact: privacy@deepractice.ai

This Privacy Policy explains how Deepractice collects, uses, shares, retains, and protects personal information when you use Deepractice websites, cloud services, APIs, AI agent runtime, model routing, developer tools, hosted workspaces, and related services.

If you use the Services through an organization, that organization may control certain processing of your information. In those cases, Deepractice may act as a processor or service provider for the organization.

Praxis Global Limited(知行環球有限公司) is the customer-facing operator and controller for the Services unless another agreement states otherwise. 南京深度实践人工智能科技有限公司 may support the Services as an authorized technical service affiliate, technology licensor, processor, or subprocessor where needed to provide, secure, maintain, and improve the Services.

## 1. Information We Collect

We collect information you provide, information generated by your use of the Services, and information from third parties.

Account information includes name, email address, authentication identifiers, avatar, organization membership, role, permissions, login provider, and account settings.

Customer Content includes prompts, messages, files, code, documents, tool inputs and outputs, agent instructions, workspace resources, uploaded attachments, and other content you submit to the Services.

Usage and telemetry information includes requests, model selections, token counts, latency, errors, tool calls, routing decisions, cache status, logs, diagnostic references, session identifiers, IP address, user agent, device information, timestamps, and security events.

Billing information includes subscription, balance, transaction, invoice, tax, refund, and payment status information. Full payment card details are processed by our payment processors and are not intended to be stored by Deepractice.

Integration information includes API keys, provider configuration, BYOK settings, third-party account identifiers, and connection metadata when you choose to connect external services.

## 2. How We Use Information

We use information to provide, operate, secure, maintain, personalize, bill, support, analyze, and improve the Services.

This includes authenticating users, managing organizations, running AI agents, routing model requests, processing documents, executing tools, preventing abuse, troubleshooting errors, detecting security incidents, measuring usage, collecting payment, communicating with users, enforcing terms, and complying with legal obligations.

We may use Platform Data, aggregated data, anonymized data, diagnostic data, model performance data, safety signals, and routing metrics to improve service reliability, model routing, product quality, security, and abuse prevention.

## 3. AI and Model Processing

When you use AI features, Customer Content and related metadata may be processed by Deepractice systems, self-hosted models, open-source models, third-party model providers, or customer-selected providers, depending on your configuration and the feature used.

Unless a separate agreement or setting says otherwise, Deepractice does not use non-public Customer Content from business or organization workspaces to train general-purpose foundation models. We may use aggregated, anonymized, diagnostic, safety, routing, and performance data to improve the Services.

If you use BYOK or connect third-party providers, you authorize us to transmit relevant content and metadata to those providers. Their handling of data may be governed by their own terms and policies.

## 4. How We Share Information

We may share information with service providers, affiliates, technology licensors, and subprocessors who help us provide hosting, storage, model processing, analytics, security, customer support, payment, communications, and infrastructure services.

We may share information with third-party integrations or model providers at your direction, with your organization, with professional advisors, in business transfers, to comply with law, to protect rights and safety, or with your consent.

We do not sell personal information in the ordinary meaning of selling a customer list for money. If applicable privacy laws define "sale" or "sharing" more broadly, we will provide required notices and choices.

## 5. Data Retention

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent abuse, and support business operations.

Indicative retention periods are:

- Account records: for the life of the account and a reasonable period afterward.
- Billing records: for 7 years or as required by tax and accounting law.
- Customer Content: according to workspace settings, deletion controls, enterprise agreements, or until deleted by the customer or account closure, subject to backups and legal retention by default.
- Security, diagnostic, and usage logs: for 180 days unless longer retention is needed for security, compliance, billing, or dispute purposes.

## 6. Security

We use administrative, technical, and organizational measures designed to protect information, including access controls, logging, encryption in transit, provider security controls, and monitoring. No system is completely secure, and you are responsible for safeguarding your credentials, API keys, and connected services.

## 7. International Transfers

Deepractice may process and store information in countries or regions where we, our affiliates, customers, model providers, infrastructure providers, or subprocessors operate. These locations may have data protection laws different from your location.

Where required, we use appropriate safeguards for cross-border transfers, such as contractual commitments, data processing agreements, security measures, or other legally recognized mechanisms.

## 8. Your Choices and Rights

Depending on your location and relationship with Deepractice, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing of personal information.

You may submit requests through /trust/requests or by contacting privacy@deepractice.ai. We may need to verify your identity and may redirect organization-managed requests to the relevant organization.

## 9. Enterprise and End User Data

If you are an organization customer, you are responsible for providing notices and obtaining rights from your end users where required. Deepractice processes end user data according to your instructions, applicable agreements, and law.

If you are an end user of a Deepractice customer, please contact that customer first for privacy requests relating to their workspace or application.

## 10. Children

The Services are not directed to children under 13. Do not use the Services if you are below the minimum age required by applicable law or our Terms.

## 11. Changes

We may update this Privacy Policy from time to time. We will update the effective date and provide notice where required or where changes are material.

## 12. Contact

Questions or requests may be sent to privacy@deepractice.ai.