Privacy Policy.
We collect only what we need to process your purchase. No tracking, no newsletters, no selling your data.
Last updated: April 26, 2026
1. Who We Are
Praxalo ("Praxalo," "we," "us," or "our") operates https://praxalo.com (the "Site"). We sell website templates for medical and dental practices as one-time digital purchases.
Questions about this policy: legal@praxalo.com
2. Information We Collect
2.1 Information You Provide at Checkout
When you purchase a template, our payment processor Stripe collects your name, email address, and payment card details on our behalf. We receive a confirmation record that includes your email address, the product purchased, the license type, and the order amount. We do not receive or store your full card number — Stripe handles all payment data under PCI-DSS standards.
2.2 Information Collected Automatically
Our site runs on Cloudflare Workers. Like any web server, it generates standard access logs that may include your IP address, browser type and version, referring URL, and the pages you visit. These logs are retained for up to 30 days for security and debugging purposes.
We do not use Google Analytics, Meta Pixel, or any other behavioral tracking. We do not use fingerprinting. We do not run A/B tests or ad retargeting.
2.3 Cookies
We do not set any first-party cookies. Stripe may set essential cookies during the checkout process to prevent fraud and maintain session state. These cookies are strictly necessary for the payment flow to function and are not used for advertising.
3. How We Use Your Information
We use the information we collect to:
- Process your purchase and deliver your template files
- Send your order confirmation and download instructions
- Respond to refund requests within the 14-day guarantee window
- Comply with tax and accounting obligations
- Diagnose server errors and prevent abuse
We do not use your information to send marketing emails, build advertising profiles, or share data with third parties for their own marketing purposes.
Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|---|
| Processing your purchase | Contractual necessity (Art. 6(1)(b)) |
| Tax records and compliance | Legal obligation (Art. 6(1)(c)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Responding to support requests | Legitimate interest (Art. 6(1)(f)) |
4. How We Share Your Information
4.1 Service Providers
We share data with the following third-party processors:
- Stripe — payment processing and fraud prevention. Stripe's privacy policy is at stripe.com/privacy.
- Cloudflare — hosting, CDN, and DDoS protection. Cloudflare's privacy policy is at cloudflare.com/privacypolicy.
These processors act under our instructions and are contractually bound to protect your data.
4.2 Legal Requirements
We may disclose information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Praxalo, our customers, or others.
4.3 Business Transfers
If Praxalo is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your information is subject to a materially different privacy policy.
We do not sell, rent, or trade your personal information to third parties.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Purchase records (email, order details) | 7 years | Tax and accounting obligations |
| Refund correspondence | 3 years | Dispute resolution |
| Server access logs | 30 days | Security and debugging |
| Support emails | 2 years | Customer service history |
6. Data Security
All data is transmitted over HTTPS/TLS. Payment processing is handled entirely by Stripe under PCI-DSS Level 1 compliance — we never touch your card number. Access to purchase records is limited to authorized personnel.
No method of transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at legal@praxalo.com.
7. Your Rights Under GDPR (EEA and UK Residents)
If you are located in the European Economic Area or the United Kingdom, you have the following rights:
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — request correction of inaccurate data
- Right to Erasure — request deletion of your data, subject to legal retention requirements
- Right to Restrict Processing — request that we limit how we use your data
- Right to Data Portability — receive your data in a machine-readable format
- Right to Object — object to processing based on legitimate interests
- Right to Lodge a Complaint — contact your local Data Protection Authority
To exercise any of these rights, email legal@praxalo.com. We will respond within 30 days.
8. Your Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Delete your personal information (subject to legal retention requirements)
- Opt-Out of Sale or Sharing — we do not sell or share personal information
- Correct inaccurate personal information
- Non-Discrimination — we will not treat you differently for exercising your rights
Categories of personal information collected in the past 12 months:
| CCPA Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, IP address | Yes |
| Commercial information | Purchase history, license type | Yes |
| Internet activity | Server access logs | Yes |
| Financial data | Payment card info (via Stripe only) | No (Stripe only) |
| Geolocation | Precise physical location | No |
| Sensitive personal information | Health data, biometrics, SSN | No |
To submit a request, email legal@praxalo.com.
9. Children's Privacy
This Site is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has submitted information to us, contact us at legal@praxalo.com and we will delete it promptly.
10. International Data Transfers
Praxalo is based in the United States. If you are accessing the Site from the EU, UK, or other regions with data protection laws, please be aware that your data may be transferred to and processed in the United States.
We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to the United States where required. Stripe and Cloudflare maintain their own transfer mechanisms under GDPR.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be noted by updating the "Last Updated" date at the top. For significant changes, we will make a reasonable effort to notify affected customers by email if we have your address on file.
Continued use of the Site after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, requests, or concerns:
- Email: legal@praxalo.com
- General support: hello@praxalo.com
We aim to respond to all privacy inquiries within 5 business days, and within 30 days for formal GDPR requests.