Thanks to visit codestin.com
Credit goes to docs.reducto.ai

Skip to main content
At Reducto, we take data security and privacy extremely seriously. We understand the importance of protecting our customers’ sensitive information and have implemented robust measures to ensure the highest level of security. This report outlines our data storage practices, encryption protocols, and compliance adherence.

Data storage

  1. Storage Location: Reducto utilizes the cloud infrastructure providers listed in our authorized subprocessors for storing and processing data. All data is encrypted at rest and in transit.
  2. Access Permissions: Access to stored data is strictly limited to Reducto’s authorized processing services. This ensures that only authenticated processes can interact with the stored data, minimizing the risk of unauthorized access.
  3. Data Retention: We have a Zero Data Retention policy (ZDR) for users on our “Growth” tier and above, meaning all data submitted via API is set to expire within 24 hours. This means that any data older than 24 hours is automatically deleted, reducing the amount of data we retain and minimizing the potential impact of any data breaches.
  4. Data Usage: For users on our “Growth” tier and above, we never use any of their data for training purposes. We respect the privacy of our customers and ensure only they have access to the data from their requests.

Encryption

  1. Encryption at Rest: All stored data is encrypted at rest using industry-standard encryption algorithms. This means that even if unauthorized individuals were to gain access to the stored data, they would not be able to decipher it without the proper encryption keys.
  2. Encryption in Transit: We employ encryption protocols to protect data in transit. All communication between our systems and data storage is conducted over secure channels using encryption mechanisms such as SSL/TLS. This ensures that data remains confidential and tamper-proof during transmission.

Compliance

  1. SOC 2 Type 2: We have completed our SOC 2 Type I and Type II process. Please reach out to receive the report. This rigorous certification demonstrates our commitment to maintaining a secure and reliable system. It involves a comprehensive audit of our security controls, policies, and procedures by an independent third party.
  2. HIPAA Compliance: We currently offer a HIPAA compliant processing pipeline for Growth and Enterprise tier customers. By adhering to HIPAA regulations, we ensure that any PHI processed by our system is handled with the utmost care and in compliance with the stringent security and privacy standards set forth by HIPAA. Please reach out to us via email to sign a BAA with us.
We continuously monitor and update our security measures to stay ahead of evolving threats and maintain the highest level of protection for our customers’ data. Our dedicated security team regularly conducts assessments, penetration testing, and vulnerability scans to identify and address any potential weaknesses in our system. If you have any further questions or require additional information regarding our security practices, please don’t hesitate to reach out to [email protected].

List of authorized subprocessors

For a current list of authorized subprocessors, please visit trust.reducto.ai.