Skip to main content
Security & Compliance
Praxis is built with security as a core principle, aligned with ISO 27001 standards. Your client data is protected with enterprise-grade security controls.
Authentication
- Multi-Factor Authentication (MFA) – TOTP-based MFA with authenticator app support
- Single Sign-On (SSO) – SAML-based SSO for enterprise customers
- Session management – Configurable session timeouts with automatic logout
- Password policy – Enforced minimum complexity requirements
Access Control
Praxis uses a granular role-based access control (RBAC) system with 24 individual permissions. Roles can be assigned at the user level, and custom permission sets can be configured for enterprise deployments.
Audit Logging
Every action in Praxis is logged in the Security Audit Log, accessible from the Admin section. The audit log records:
- Login attempts (successful and failed)
- Data access and modifications
- User management changes
- Security configuration changes
- API access patterns
Data Protection
- Encryption at rest – All data encrypted on EU-hosted servers
- Encryption in transit – TLS 1.3 for all connections
- EU data residency – All data stored within the European Union (Hetzner, Germany)
- Data retention policies – Configurable automatic data retention and deletion
- Automated backups – Daily encrypted backups with 30-day retention
GDPR Compliance
Praxis supports GDPR compliance with:
- Data export capabilities for data subject access requests
- Data deletion workflows for right-to-erasure requests
- Processing registers and data mapping
- Consent tracking and management
← Back to Documentation