Legal
Last updated: June 7, 2026
RTW Advisors LLC ("RTW Advisors," "we," "us," or "our") operates the Praxis platform, a white-label SaaS product for accounting and CPA firms. This Privacy Policy describes how we collect, use, store, and protect information in connection with the Praxis service. Our contact for privacy questions is privacy@rtwadvisors.net.
Firm account data: Firm name, partner name(s), billing email, payment method information (handled by Stripe — we do not store card numbers), firm logo, custom domain configuration, and subscription tier.
Client financial data: Transaction records, journal entries, bank feed data, and financial reports accessed via OAuth integrations (QuickBooks Online, Xero). This data is processed on your behalf to provide the bookkeeping automation features. We act as a data processor for this information; your firm is the controller.
Email and calendar data: For firms using the Inbox Command feature, we access email content and calendar data via Microsoft Graph (Microsoft 365 firms) or Google APIs (Google Workspace firms) using delegated OAuth permissions. Email content is processed in-platform to provide classification and routing; it is not stored beyond 90 days and is not transmitted to third-party AI providers with client identity intact.
Avatar training data (Enterprise): Headshot images and voice recordings submitted for Virtual Twin training. These are provided to Synthesia via their API for avatar rendering. We retain copies in isolated per-firm S3 storage.
Usage analytics: Platform usage patterns (feature usage, page views, session duration) collected to improve the service. This data is aggregated and anonymized — individual client financial records are never included in analytics.
Decision log: A record of every AI action taken within your firm's environment: timestamp, action type, confidence score, configuration state at time of action, and approver identity. This log is firm-scoped and is not used for cross-firm analytics.
We use the data described above to:
We do not sell your data or your clients' data to any third party. We do not use your clients' financial data for any purpose other than providing the Praxis service to your firm.
We use the following third-party services to operate Praxis. Each is contractually bound to process data only for the purpose stated:
Amazon Web Services (AWS)
Purpose: Compute, database, and storage infrastructure. Primary hosting provider.
Data received: All platform data, including firm data and client financial records.
US data residency (us-east-1, us-west-2). AWS Business Associate Agreement (BAA) executed for HIPAA-eligible workloads.
Stripe
Purpose: Payment processing.
Data received: Billing information (firm name, email, payment card). Zero client financial data.
PCI DSS Level 1 certified. Stripe stores card data; we do not.
Synthesia
Purpose: Avatar video rendering for the Virtual Twin feature.
Data received: Video scripts and avatar ID. No client financial data. No personally identifiable client information in scripts.
Scripts describe client situations in general terms. Client-specific dollar figures are displayed as on-screen slides, not spoken by the avatar.
Microsoft (Graph API)
Purpose: Email and calendar integration for Microsoft 365 firms.
Data received: OAuth token only. Email content is processed on-platform.
No email content is transmitted to Synthesia or other AI providers intact.
Google (APIs)
Purpose: Email and calendar integration for Google Workspace firms.
Data received: OAuth token only. Email content processed on-platform.
Same protections as Microsoft 365 integration.
Active subscription: Your firm's data is retained for the duration of your active subscription.
Upon cancellation: A full data export is provided within 14 days of termination. Following export delivery, we delete your firm's data within 30 days unless we are required to retain it by applicable law or a legal hold.
Decision log: The AI decision log is retained for 7 years to support professional compliance requirements for licensed CPA firms. Log data is used only for your firm's audit trail and is not used for any other purpose.
Email content: Email content processed through the Inbox Command feature is retained for 90 days in the decision log and then deleted. We do not maintain a long-term archive of email content.
Anonymized analytics: Aggregated, anonymized usage patterns may be retained indefinitely to improve the platform. These patterns cannot be traced back to any individual firm or client.
You may request a full export of your firm's data at any time. Exports include transaction records (CSV), workpapers and reports (PDF), decision log (CSV), and configuration settings (JSON). Export requests are fulfilled within 7 business days. Contact privacy@rtwadvisors.net to initiate an export.
For firms on the Enterprise tier, Praxis offers HIPAA-eligible infrastructure. RTW Advisors will execute a Business Associate Agreement (BAA) with Enterprise subscribers whose practices involve Protected Health Information (PHI). Under the BAA, RTW Advisors agrees to: (a) use PHI only to provide the Praxis service, (b) maintain appropriate safeguards, (c) report breaches as required by HIPAA, and (d) return or destroy PHI upon termination.
PHI is handled exclusively on AWS infrastructure covered by the AWS BAA. PHI is not transmitted to Synthesia or other third-party processors that are not covered by a HIPAA BAA.
If your practice involves PHI and you are on the Starter or Professional tier, you should consult with your compliance counsel before using the Inbox Command or document delivery features for PHI-related communications.
California residents have the right to: (a) know what personal information we collect about them, (b) request deletion of their personal information, (c) opt out of the sale of personal information (note: we do not sell personal information), and (d) not be discriminated against for exercising these rights.
To exercise these rights, contact privacy@rtwadvisors.net. We respond within 45 days of receiving a verifiable request.
Note: This policy covers information collected in connection with the Praxis platform. Your clients' data is not subject to the same CCPA rights against us — your firm is the controller of client data, and your clients' rights should be addressed by your firm's own privacy policies.
We implement technical and organizational measures to protect the data we process. See our Security page for a full description of our infrastructure posture, including encryption standards, access controls, and compliance certifications. In the event of a data breach that affects your firm's data, we will notify you within 72 hours of becoming aware of the breach.
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
For any questions about this Privacy Policy, data requests, or to exercise your rights:
Email: privacy@rtwadvisors.net
RTW Advisors LLC
Atlanta, Georgia
