Security

Every Praxis deployment lives inside a cloud account the client firm already owns, on AWS or Azure. The vector index, the open-source language model, the inference GPUs, and the audit log are provisioned inside that account and stay there. Client documents, embeddings, prompts, completions, and access logs never leave the client firm's environment.

Praxis holds no shadow index, no cached embeddings, no second copy of the client firm's data (or its clients' data) on infrastructure Praxis controls. When the Praxis engagement ends, the client firm decommissions the resources the same way it would decommission any other internal system, and there is nothing on the Praxis side to delete.

Praxis itself uses standard SaaS vendors to run its own operations (Vercel for the marketing website, Cloudflare for DNS, GitHub for source control, AWS for the booking calendar and outbound mail). None of those vendors sits in the path of a client deployment, because the client deployment does not transit Praxis infrastructure.

Production traffic does not cross the client firm's network boundary. The Praxis deployment runs against open-source models on private GPUs inside the client firm's cloud account, so prompts and completions do not transit OpenAI, Anthropic, Google, or any other frontier API. Cross-region replication is off by default and is only enabled when the client firm explicitly requires high availability across regions inside its own cloud.

The Praxis marketing site and booking flow sit on Praxis infrastructure and never receive the client firm's documents, prompts, or completions. The only thing that crosses between the client firm and Praxis is the deployment code itself, delivered through the client firm's standard source control and review process.

Each deployment pins a specific model version per client firm. Model identifiers are recorded in the deployment manifest, and any model swap requires a written change order signed by the client firm before it ships.

Before any agent touches a live workflow, it has to clear a 50-example evaluation suite drawn from the client firm's own historical files, with a 92 percent passing threshold. Agents that fall below the threshold are sent back to the prompt and retrieval layer rather than promoted into the live catalog.

Every retrieval and every generation is written to an append-only audit log, with enough context that a reviewer can reconstruct the prompt, the retrieved chunks, the model version, and the resulting output for any single request.

Praxis aligns its security and accountability practices against a set of named regulatory frameworks rather than against an internal checklist. The cross-practice layer is anchored on the NIST AI Risk Management Framework, which is the federal reference standard and is recognized as a safe harbor inside Texas HB 149 and Colorado SB 24-205.

On top of that, each practice area brings its own anchors. The cards below open a popover with a regulation summary, why it applies to AI deployments, and a direct link to the official source.

Praxis ships a documented stack rather than a black box. The deployment manifest, the agent definitions, the evaluation suites, the prompt templates, and the runbook are all maintained in the client firm's own repository, which means the client firm's next vendor or its own internal staff can take the Praxis deployment over without a knowledge transfer fee or a forced renewal.

Praxis is on a SOC 2 Type I trajectory with a target report date in the third quarter of 2026. A HIPAA business associate agreement is available on request for practice areas that touch protected health information.

Each agent has an off switch in the Praxis admin console inside the client firm's environment, and turning that switch off is the only thing required to stop the agent from running.