Effective Date: April 4, 2026 | Last Updated: May 19, 2026
PRAXIS AI LLC ("Vannus," "we," "us," or "our") is a Missouri limited liability company that operates the website vannus.co and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit or use the Platform.
By accessing or using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Platform.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Platform with a revised "Last Updated" date. Your continued use of the Platform after such changes constitutes your acceptance of the updated Privacy Policy.
When you visit the Platform, we automatically collect certain information about your device and your interaction with the Platform, including:
This information is collected through cookies, server logs, and analytics tools as described in Section 4 of this Privacy Policy.
We may collect information that you voluntarily provide to us, including:
If you interact with third-party tools or services through links on the Platform, those third parties may collect information about you subject to their own privacy policies. Vannus does not control and is not responsible for the privacy practices of third parties.
When you engage Vannus for a paid service (currently: Concierge audit engagements; Pro and Pro+ subscriptions will be available when Room launches), payment is processed exclusively through Stripe (stripe.com), our third-party payment processor. Payment card details are entered directly into Stripe-hosted pages or Stripe-issued invoices and are not transmitted to or stored on Vannus servers at any time. Vannus retains only what Stripe returns to us about a completed payment: a Stripe customer identifier and the customer's name and email address as provided to Stripe at checkout, for purposes of receipt issuance, subscription management (when applicable), and tax compliance via Stripe Tax. Stripe's privacy policy is available at stripe.com/privacy.
For full details on our refund policy, auto-renewal terms, and statutory rights of withdrawal, see Section 12 (Subscription Billing and Refund Policy) of our Terms of Service.
When you use the Vannus Room, the prompts you submit and the responses returned (collectively, "Chat Content") are: (a) transmitted to one or more third-party large language model ("LLM") providers selected by you or routed by Vannus's neutrality-driven routing engine; (b) stored in our database in encrypted form, associated with your account, so you can revisit past sessions and so we can enforce compute caps; and (c) accessible to Vannus staff only as needed for service operation, abuse detection, debugging, and legal compliance.
Vannus does not use Chat Content to train Vannus's own models. Chat Content is processed by third-party LLM providers subject to their own terms; Vannus selects providers whose API terms commit to not training on customer inputs. Current sub-processors include Google (Gemini family), Anthropic (Claude family), DeepSeek, and Meta via Groq (Llama family) — see Section 6 for the full list. However, Vannus cannot guarantee third-party compliance, and you should treat any Chat Content as if it could be reviewed by your selected LLM provider.
Do not submit confidential, regulated (PHI under HIPAA, payment card data under PCI DSS, attorney-client privileged communications, government identification numbers), or otherwise sensitive third-party information through the Room. Vannus has no Business Associate Agreement (BAA), PCI compliance certification, or similar regulated-data handling in place. Submitting such information is at your sole risk and violates Section 8 of the Terms of Service.
When you create an account, Vannus computes a non-reversible hash combining your IP address, browser user-agent string, and accepted language headers. This "fingerprint" is approximately sixteen (16) hexadecimal characters and is used solely for fraud prevention and abuse detection. The fingerprint is not shared with third parties, cannot be used to identify you outside the Platform, and is not a biometric identifier under the Illinois Biometric Information Privacy Act (BIPA) or equivalent laws. The fingerprint is automatically computed from headers your browser sends on every web request; we collect no additional information for this purpose.
When you submit your AI tool stack through the public Rate-my-stack tool at /static/rate-my-stack.html, the tool names you enter (and any optional monthly cost figures) are sent to our /api/stack/rate scoring endpoint solely to generate your rating. The request body is not persisted to any database, log file, or backup; the HTTP response carries Cache-Control: no-store, private, max-age=0 so that no intermediary cache retains it. Your IP address is briefly held in transient in-memory state by the global rate limiter (purged within 5–10 minutes per Section 4.3 of these Terms). By default, no email address, no account, no cookies, and no PII are required or set. Each scoring request is stateless: the response is the entire artifact you take with you.
Optional email delivery. If you choose to enter an email address into the optional “email me a copy of my rating” field, that address is sent one time to our transactional email provider (Resend, see Section 6) for the sole purpose of delivering the rating to you. The email address is not stored in any Vannus database or log, is not added to any mailing list or marketing audience, and is not retained by Vannus beyond the single send-attempt window. Resend retains the address subject to Resend's own retention and privacy policies. Providing an email is entirely optional; the rating is fully visible in your browser without it.
When you submit a fit-check inquiry through /api/concierge/fit-check or initiate a Concierge engagement, the information you provide (which may include your name, email address, company, stated AI tool list, monthly cost figures, and free-text notes) is transmitted to Vannus's operational email through our transactional email provider (Resend), and held in Vannus's operational email account for the purpose of evaluating fit and scheduling the intake call. Intake materials are stored in the Vannus operational account and not exposed to any third party; retention follows Section 7 (Concierge engagement records: the longer of 3 years or as required by applicable tax/accounting law).
When you submit a bug report through the public form at /static/report-bug.html (or directly via /api/bug-report), the free-text description you write — together with your optional email address, the page URL where you observed the bug, and your browser’s User-Agent string — is transmitted to Vannus’s operational email through our transactional email provider (Resend, see Section 6) for the sole purpose of letting our team reproduce and respond to the report. Nothing you submit through this form is persisted to any Vannus database, log file, or backup. Your IP address is briefly held in a transient in-memory rate-limit bucket (1-hour window, purged automatically) to prevent abuse of the form. If you provide an email address, it is set as the Reply-To header on the operator notification so our team can reply directly; the email address is not retained by Vannus beyond the single send-attempt window, is not added to any mailing list or marketing audience, and Resend retains the address subject to Resend’s own retention and privacy policies. Providing an email is entirely optional; bug reports submitted without one are anonymous and we have no way to reply.
We use the information we collect for the following purposes:
Vannus does not set first-party cookies on your device for any purpose. Instead, the Platform uses server-side request logging to record page visits and basic request metadata, including page path, referrer URL, user-agent string, IP address, and timestamp. These logs are used for understanding usage patterns, monitoring Platform performance, and detecting abuse. No persistent user identifier is associated with these logs.
When you interact with feedback features on the Platform (such as rating a recommendation or flagging a tool), the Platform generates an ephemeral UUID-style session identifier in your browser's memory to group your interactions within a single browsing session. This identifier is not stored as a cookie, in localStorage, or in any persistent client-side storage; it is regenerated every time you reload the page and is never associated with personally identifiable information.
The Platform records IP addresses in server logs and in transient in-memory rate-limit state. IP addresses are used solely for (a) abuse prevention and rate limiting, (b) request-routing diagnostics, and (c) recording aggregate usage patterns. IP addresses are not used to identify you personally and are not used to derive your geographic location unless we expressly notify you and obtain consent before doing so.
If you click an affiliate link on the Platform (see Section 5), the destination third-party site may set cookies on your device. Those cookies are placed by the third-party site or its affiliate network at the moment you visit it; Vannus does not place them. Such cookies are governed by the privacy policies of the third party, not by Vannus.
Because Vannus does not set first-party cookies or use cross-site tracking, browser-level "Do Not Track" signals do not change how the Platform processes your request. We do honor Global Privacy Control (GPC) signals as described in Section 9.2 below.
The Platform contains affiliate links to selected third-party products. When you click an affiliate link, you are directed to the third-party vendor's site, where tracking may occur via a third-party affiliate network or directly via the vendor's own program. Current affiliate relationships are administered through PartnerStack for the majority of partner products (including but not limited to ActiveCampaign, Dify, Foxit, Turbotic, and Prezi), through Impact.com for Semrush, and through a direct sign-up with Apify. The complete list of current affiliate partners is available on request at support@vannus.co.
Vannus does not place affiliate-tracking cookies on your device directly. Any tracking cookies are placed by the destination site or its affiliate network at the moment you visit it. The information collected through affiliate tracking is used by the third party to attribute referrals and calculate any commission owed to Vannus. Vannus receives only anonymized or aggregated conversion data from these networks; we do not receive personally identifiable information about you from affiliate tracking.
We do not sell, rent, trade, or otherwise transfer your personally identifiable information to third parties except in the following limited circumstances:
Service Providers: We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only for the purposes of providing services to Vannus and are bound by confidentiality obligations. Our current service providers are:
Each of these providers operates under its own privacy policy. Where required by applicable law, transfers of personal data to these providers are protected by Standard Contractual Clauses or equivalent transfer mechanisms. We will provide at least fourteen (14) days' notice of material sub-processor additions where practicable, via email to account holders or in-product notice.
Affiliate Networks: As described in Section 5, affiliate tracking services may collect limited data through cookies set on third-party sites when you click affiliate links. This data is used solely for referral attribution.
Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or other illegal activity; (d) protect the personal safety of users or the public; or (e) protect against legal liability.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
With Your Consent: We may share your information with third parties when you have given us your explicit consent to do so.
We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
When information is no longer needed for the purposes described above, we will securely delete or anonymize it. Anonymization means the removal or transformation of all direct and reasonably-linkable identifiers such that the remaining information cannot reasonably be associated with you.
We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to HTTPS encryption for all Platform communications, secure hosting infrastructure, and access controls limiting who can view user data.
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security. You use the Platform at your own risk.
Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to:
To exercise any of these rights, please contact us at support@vannus.co. We will respond to your request within thirty (30) days or as required by applicable law.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
Vannus does not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising.
Vannus does not collect "sensitive personal information" as defined by California Civil Code § 1798.140(ae), including but not limited to government-issued identifiers, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, the contents of mail/email/text messages other than as necessary to provide the goods or services requested, genetic data, biometric information processed for the purpose of uniquely identifying a consumer, health information, or information about sexual orientation. The personal information Vannus does collect (IP address, browser metadata, email address, billing data, Chat Content as defined in Section 2.5) does not fall within this statutory category, and the right to limit sensitive-PI use is therefore inapplicable to Vannus's processing.
The Platform honors Global Privacy Control (GPC) signals as required by the California Consumer Privacy Act and the California Privacy Protection Agency regulations. If your browser transmits a GPC signal, we will treat it as a valid opt-out request.
To submit a CCPA/CPRA request, contact us at support@vannus.co. We will verify your identity before processing your request.
Vannus does not collect, capture, or otherwise obtain biometric identifiers or biometric information (as defined by the Illinois Biometric Information Privacy Act) through the Platform.
Residents of other states with comprehensive privacy laws (including but not limited to Virginia under the VCDPA, Colorado under the CPA, Connecticut under the CTDPA, Utah under the UCPA, Texas under the TDPSA, Oregon under the OCPA, Montana under the MCDPA, and Delaware under the DPDPA) may have additional rights, including the right to know, access, correct, delete, opt out of certain processing, and appeal a denied request. To exercise any such rights, please contact us at support@vannus.co with "Privacy Request" in the subject line. We will respond within the period required by your state's law (typically forty-five (45) days, extendable as permitted). If we deny your request, you may appeal by replying to our denial; we will respond to your appeal within the period required by your state's law (typically sixty (60) days).
Data-broker statutes — carve-out. Vannus does not meet the statutory definition of a "data broker" under California Civil Code § 1798.99.80, Vermont 9 V.S.A. § 2430, Texas Business & Commerce Code § 509.001, or Oregon Revised Statutes § 646A.804. Vannus does not knowingly collect and sell personal information of consumers with whom it has no direct relationship. The Platform's catalog activity rates business entities and software products — not consumer personal information — and is therefore outside the scope of these statutes. If you believe Vannus has been mischaracterized as a data broker by a third party, please contact us at support@vannus.co.
Vannus has designated the following point of contact for privacy and data protection inquiries: support@vannus.co (subject line: "Privacy Request"). As a small U.S.-based company that processes personal data of European Economic Area ("EEA"), United Kingdom, and Swiss residents only on an occasional basis within the meaning of GDPR Article 27(2) and the UK GDPR equivalent, Vannus has not appointed a separate Data Protection Officer or EU/UK Representative. If our processing of EEA or UK resident data becomes regular or large-scale, or otherwise falls outside the Article 27(2) exemption, we will appoint an EU Representative under GDPR Article 27 and a UK Representative under the UK GDPR and update this Privacy Policy accordingly.
Self-trigger. Vannus monitors EEA / UK / Swiss visitor share quarterly. If, at any quarter-end review, EEA/UK personal-data processing volume crosses the threshold at which the "occasional" carve-out under Article 27(2) would no longer apply — including without limitation: signing a paying Concierge or Room customer based in the EEA or UK, EEA-resident traffic exceeding a non-trivial share of total unique visitors, or onboarding any sub-processor with primary EEA presence — Vannus will appoint an EU Representative under GDPR Article 27 and a UK Representative under the UK GDPR within thirty (30) days of the relevant trigger and update this Privacy Policy with the appointed Representative's contact details.
The Platform is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@vannus.co. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information.
Some web browsers transmit "Do Not Track" (DNT) signals. The Platform currently does not respond to DNT signals, as there is no universally accepted standard for how online services should respond to such signals. However, we do honor Global Privacy Control (GPC) signals as described in Section 9.2.
The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform, you consent to the transfer of your information to the United States.
If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, the following terms apply to our processing of your personal data under the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK General Data Protection Regulation as retained in UK law ("UK GDPR"), and the Swiss Federal Act on Data Protection ("FADP"), respectively.
(a) Controller. PRAXIS AI LLC (dba Vannus), a Missouri limited liability company, is the data controller for personal data we collect through the Platform. You may contact the controller at support@vannus.co.
(b) Lawful Basis for Processing. We process your personal data on the following lawful bases under GDPR Article 6:
We do not process special categories of personal data (Art. 9) intentionally. Submission of special-category data through the Room is prohibited under Section 9.4 of the Terms of Service.
(c) Your GDPR / UK GDPR Rights. Subject to applicable conditions and exceptions, you have the right to:
To exercise any of these rights, contact support@vannus.co with "Privacy Request" in the subject line. We will respond within thirty (30) days, extendable by up to sixty (60) additional days where necessary, with notice to you. We may need to verify your identity before fulfilling certain requests.
(d) International Data Transfers. Personal data of EEA, UK, and Swiss residents is transferred to the United States for processing on Vannus's hosting and operational infrastructure. We rely on the European Commission's Standard Contractual Clauses (SCCs) for transfers from the EEA to the United States, the UK International Data Transfer Addendum to the SCCs ("IDTA") for transfers from the UK, and the equivalent mechanism recognized by the Swiss Federal Data Protection and Information Commissioner for transfers from Switzerland. Vannus may also rely on other lawful transfer mechanisms, including the EU-U.S. Data Privacy Framework where applicable (Vannus is not currently certified under the DPF; if Vannus self-certifies in the future, this Privacy Policy will be updated). Sub-processor relationships (Section 6) include transfer-impact assessment as required.
(e) Right to Lodge a Complaint. If you believe our processing of your personal data infringes GDPR or other applicable data-protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (GDPR Art. 77). In the UK, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. In Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch. We encourage you to first contact us at support@vannus.co so we may attempt to address your concern directly.
(f) EU / UK Representative. Vannus's processing of EEA and UK resident personal data is currently occasional within the meaning of GDPR Article 27(2) and the UK GDPR equivalent. Accordingly, Vannus has not appointed a dedicated EU Representative or UK Representative at this time. The data-protection contact in Section 9.5 above is the designated point of contact. If our processing becomes regular or large-scale, we will appoint a Representative and update this Privacy Policy.
The Platform may contain links to third-party websites, tools, or services that are not owned or controlled by Vannus. This Privacy Policy applies only to the Platform. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every site you visit.
Vannus does not use your personal information, search queries, browsing behavior, or Chat Content to train, fine-tune, or otherwise improve any Vannus-developed artificial intelligence or machine learning models. Your data is used solely to operate the Platform and provide services to you as described in this Privacy Policy. As described in Section 2.5 and Section 6, Chat Content is transmitted to third-party LLM providers (currently Google, Anthropic, DeepSeek, and Meta via Groq) whose own terms govern their use of API customer inputs; those providers commit in their API terms not to train their publicly-available models on customer API inputs, but Vannus cannot guarantee third-party compliance and you should treat all Chat Content accordingly.
In the event of a data breach that affects your personal information, Vannus will notify affected users and applicable regulators as required by applicable federal, state, and international data-protection laws. Notification will be provided without unreasonable delay and within the specific timelines required by the laws applicable to you, including:
Notifications will be provided by email to the email address associated with your account, by conspicuous notice on the Platform where required, and by such other means as required by applicable law. Notifications will include the categories of information affected, the date or estimated date of the breach, the steps Vannus has taken or will take in response, and steps you may take to protect yourself.
Notwithstanding the foregoing, PRAXIS AI LLC shall not be liable for any damages, losses, or costs arising from or related to any data breach, unauthorized access, or security incident, except to the extent such liability cannot be excluded under applicable law (including without limitation breach-related liability under GDPR Art. 82, where applicable). You acknowledge that no data transmission over the internet or electronic storage system is guaranteed to be 100% secure.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, PRAXIS AI LLC AND ITS MEMBERS, MANAGERS, OFFICERS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO OUR DATA PRACTICES, INCLUDING BUT NOT LIMITED TO THE COLLECTION, USE, STORAGE, DISCLOSURE, OR LOSS OF YOUR INFORMATION, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Vannus does not engage in fully automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Article 22 and analogous provisions of other applicable privacy laws. Specifically:
If, in the future, Vannus introduces any feature that involves fully automated decision-making within the meaning of GDPR Art. 22 or analogous law, we will update this Privacy Policy and, where required, provide the additional notices and rights (including opt-in consent, human-review rights, and the right to contest the decision) required by the applicable law.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
PRAXIS AI LLC
Email: support@vannus.co
Website: vannus.co
For privacy-specific inquiries, please include "Privacy Request" in the subject line of your email.
This Privacy Policy is effective as of the date first written above.
© 2026 PRAXIS AI LLC. All rights reserved.
Governed by the laws of the State of Missouri.