Operator: Praxis Digital Solutions Ltd (Nigeria)
Service: Praxis — practice-management software for lawyers, available at https://app.praxisdgs.com (public beta)
Effective date: 7 July 2026 (beta)
Version: 1.0 (Beta)
This Policy explains how Praxis Digital Solutions Ltd ("Praxis", "we", "us") collects, uses, stores and protects personal data when you use Praxis. It is written to comply with the Nigeria Data Protection Act 2023 (NDPA) and is intended for our users, who are principally legal practitioners in Nigeria.
Please read it together with our Terms of Use. Praxis is software. We are not a law firm, we do not provide legal advice, and no lawyer–client relationship arises between you and Praxis Digital Solutions Ltd.
1. Who We Are
1.1 Praxis is practice-management software for lawyers. It helps you manage matters, keep a court diary, receive hearing, deadline and limitation-period reminders, track client-intake leads and fees, and maintain document checklists with links.
1.2 The Service is operated by Praxis Digital Solutions Ltd, a company incorporated in the Federal Republic of Nigeria.
1.3 The Service is currently in public beta at https://app.praxisdgs.com. This address may change; this Policy will continue to apply.
2. Our Two Roles: Controller and Processor
This is the most important clause in this Policy. Praxis handles two distinct categories of personal data, and our legal role under the NDPA differs for each.
2.1 Your account data — Praxis is the data controller. For the personal data you provide about yourself to open and operate your account (see clause 3.1), we determine the purposes and means of processing. We are the data controller within the meaning of the NDPA.
2.2 Your clients' data — you are the controller; Praxis is your processor. When you enter information about your clients and matters — names, phone numbers, email addresses, addresses, identification numbers (KYC fields), matter details, hearing dates, fees, notes — you are the data controller of that personal data. You collected it from your clients, you decide why and how it is used, and you owe them the duties the NDPA places on controllers. Praxis Digital Solutions Ltd acts only as your data processor: we store and process that data on your instructions, given through your use of the Service, and for no purpose of our own.
2.3 As your processor, we will not use your clients' personal data for our own purposes, will not sell it, and will not disclose it except (a) to the sub-processors listed in clause 7 as necessary to run the Service, or (b) where required by law.
2.4 As a controller, you are responsible for having a lawful basis to process your clients' data and for meeting your own NDPA obligations to your clients. The Terms of Use and this Policy together constitute the written arrangement governing that controller–processor relationship for the purposes of the NDPA.
3. The Data We Handle
3.1 Account data (we are controller):
- Your email address;
- Your password, stored only as a cryptographic hash by our authentication provider — we never store or see your password in plain text;
- Basic account settings you configure (for example, your firm name).
3.2 Practice data (you are controller; we are processor):
- Client and lead details you enter: names, phone numbers, email addresses, physical addresses, identification numbers captured through KYC fields;
- Matter details, court and hearing information, dates, deadlines and limitation dates;
- Fee records, notes, and document checklists with links.
This may include personal data of third parties (your clients, opposing parties, witnesses). You are responsible for the accuracy and lawfulness of this data.
3.3 Technical data (we are controller):
- A self-hosted error log that records technical faults in the application so we can fix them. It is designed not to contain client content;
- Standard infrastructure logs generated by our hosting and database providers (such as request metadata and IP addresses) in the ordinary course of operating a web service.
3.4 What we do not collect. We do not run third-party analytics or advertising trackers on Praxis. We do not process payments and therefore hold no card or bank details. Accounts are single-practitioner accounts; there are no shared or firm accounts at this time.
4. Purposes and Lawful Bases
Under section 25 of the NDPA, we rely on the following lawful bases:
| Processing | Purpose | Lawful basis (NDPA) |
|---|---|---|
| Account data (email, password hash, settings) | To create and operate your account, authenticate you, and provide the Service | Performance of a contract with you |
| Practice data (your clients' data) | Stored and processed solely on your instructions to provide the Service to you | We act as processor; the lawful basis is yours to establish as controller |
| Daily email digest | To send you a summary of upcoming hearings and deadlines (see clause 5) | Performance of a contract / our legitimate interest in delivering the Service's core reminder function |
| Error and infrastructure logs | To keep the Service secure, diagnose faults and prevent abuse | Our legitimate interests in security and service reliability |
| Communications with you | To respond to support requests and give notices about the Service | Performance of a contract; legal obligation where notice is required by law |
We do not use your data, or your clients' data, for marketing to third parties, profiling, or automated decision-making producing legal effects.
5. The Daily Email Digest
5.1 Praxis sends a daily email digest summarising your upcoming hearings, deadlines and limitation dates. Because matter titles and party names appear in the digest, it may contain personal data of your clients; treat your inbox accordingly.
5.2 The digest is sent through our email sub-processor, Resend, from the address praxis@yusufjimoh.com.
5.3 The digest is currently enabled for all accounts. An in-app setting to switch it off is planned. Until then, you may contact us (clause 16) and we will disable it for your account.
5.4 Important: the digest is a convenience, not a guarantee. Email can fail or be delayed. You remain solely responsible for your professional obligations, including court dates, filing deadlines and limitation periods, and should maintain independent systems and professional judgment. See the Terms of Use for the full disclaimer.
6. Where Your Data Is Stored
6.1 Your data is stored on infrastructure provided by the sub-processors in clause 7, in the [FILL IN: hosting region — Supabase dashboard → Settings → General] region.
6.2 That region is outside Nigeria, so the storage involves a cross-border transfer of personal data. Transfers to our sub-processors are protected by contractual safeguards in their data-processing terms, in line with the NDPA's cross-border transfer provisions.
7. Sub-processors
We use the following service providers to run Praxis. Each processes data only to provide its service to us:
| Provider | Service | Role in your data |
|---|---|---|
| Supabase | Database and authentication | Stores all account and practice data; manages login credentials (password hashing, sessions) |
| Cloudflare | Hosting / CDN / DNS | Serves the web application and resolves the Service's domain names; generates standard access logs; does not store your practice data |
| Resend | Transactional email | Sends the daily digest email (which may contain matter titles and dates) |
We will update this table before adding or replacing a sub-processor that handles personal data.
8. Retention and Deletion
8.1 While your account is active, we retain your data so the Service can function.
8.2 Trash (soft delete). When you delete records in the app, they move to Trash, from which you can restore them. Items remain in Trash until you restore them or permanently delete them.
8.3 Permanent delete. You can permanently delete records from Trash. Permanently deleted records are removed from the live database and cannot be restored by you.
8.4 Account closure. You may close your account by contacting us (clause 16). On closure we will delete your account and practice data from the live database within 30 days. Provider-level database backups are maintained for disaster recovery and expire on a rolling basis; residual copies may therefore persist for a limited period in those backups before being overwritten in the ordinary course.
8.5 Before closing your account, export your data. Praxis provides an in-app CSV export of your data (Settings → "Your data" → "Export my data (CSV)"), producing five CSV files covering your matters, hearings, leads, notes and document checklists. During beta, we recommend exporting regularly in any event.
9. Your Rights under the NDPA
As the data subject for your account data, you have the rights the NDPA confers, including to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data (most practice and account data you can edit directly in the app);
- Delete your data (see clause 8);
- Data portability — obtain your data in a structured, commonly used format via the in-app CSV export (five CSV files: matters, hearings, leads, notes and document checklists);
- Object to, or ask us to restrict, particular processing;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise any right you cannot action in-app, contact us (clause 16). We will respond within the timelines the NDPA prescribes and will not charge for a first request unless it is manifestly unfounded or excessive.
10. Your Clients' Rights — Exercised Through You
10.1 Your clients (and other third parties whose data you enter) are data subjects under the NDPA. Because you are their controller, they should direct requests — access, correction, deletion, and the rest — to you, not to Praxis.
10.2 The Service is built so you can honour those requests yourself: you can view, edit, export (CSV), soft-delete and permanently delete client records in-app.
10.3 If a data subject contacts Praxis directly about data you control, we will refer them to you and, on your instruction, provide reasonable assistance available through the Service.
11. Security
We apply the following measures:
- Encryption in transit: connections to the Service are encrypted with TLS (HTTPS);
- Account isolation: database row-level security rules are designed to ensure each account can only read and write its own data;
- Authentication: access requires your email and password; passwords are stored only as cryptographic hashes by Supabase Auth;
- Segregated error logging: our error log is designed to capture technical faults without client content;
- Least data: we collect no analytics trackers and no payment data.
No internet service can guarantee absolute security, and Praxis is in beta. Please use a strong, unique password, keep it confidential, and export backups of your data regularly.
12. Data Breach Notification
12.1 For your account data (we are controller): if a breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within the period the NDPA prescribes (72 hours of becoming aware, where required) and will inform you without undue delay where the breach is likely to result in a high risk to you.
12.2 For your clients' data (we are your processor): if a breach affects practice data, we will notify you without undue delay after becoming aware, with the information available to us, so that you can meet your own notification duties as controller.
13. Children
Praxis is a professional tool for legal practitioners and is not directed at children. We do not knowingly collect personal data from anyone under 18 as a user. (Your matters may lawfully contain data about minors — for example, in family or guardianship matters — for which you are the controller.)
14. Beta Status
The Service is provided in beta, "as is", and may change, including in ways that affect the features described in this Policy (for example, the digest opt-out setting and hosting arrangements). We will keep this Policy updated as the Service evolves. Export your data regularly using the in-app CSV export.
15. Changes to This Policy
We may amend this Policy from time to time. The current version will always be available at the Service's privacy policy URL, with its effective date at the top. For material changes we will give you reasonable notice by email or in-app notice before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the amended Policy.
16. Contact and Data Protection Point of Contact
- General and privacy enquiries: [FILL IN: official contact email]
- Data protection point of contact: Praxis Digital Solutions Ltd, via the general enquiries email. Praxis keeps its registration obligations under the NDPA under review and will register with the NDPC and designate a Data Protection Officer if it meets the thresholds for a data controller or data processor of major importance.
- Postal address: Praxis Digital Solutions Ltd, [FILL IN: registered office address], Nigeria
You may also complain to the Nigeria Data Protection Commission (NDPC) if you believe our processing of your personal data infringes the NDPA.
17. Governing Law
This Policy is governed by the laws of the Federal Republic of Nigeria, including the NDPA and regulations made under it. Subject to your right to complain to the NDPC, the courts of Lagos State, Nigeria shall have exclusive jurisdiction over disputes arising from this Policy, consistent with the dispute-resolution provisions of the Terms of Use.
Praxis Digital Solutions Ltd — Praxis (public beta), https://app.praxisdgs.com