top of page

Reducify Data Security Policy


Effective Date: November 1, 2025


1. Data Collection
Reducify collects only the information necessary to support financial education and repayment tracking, including:

  • Basic profile information (name, email, optional school affiliation)
     

  • Self-reported financial data (loan servicer, total balance, interest rate)
     

  • Behavioral insights (user progress and in-app reflections)
     

  • Subscription Data: Limited information related to program access status, purchase confirmation, trial eligibility, and participation in the current Reducify program cycle.
     

Reducify does not store or monitor conversations between accountability partners conducted through external communication platforms such as Instagram, FaceTime, WhatsApp, phone or email.
 

No sensitive personal identifiers (e.g., Social Security numbers, credit card details, or banking credentials) are collected or stored on Reducify’s servers.


2. Data Security Measures

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
     

  • Access Controls: Only authorized personnel with relevant responsibilities can access user data. All access is logged and regularly monitored.
     

  • Authentication: Secure authentication protocols are applied for user logins and administrative functions.
     

  • Storage: Data is hosted using secure cloud infrastructure  providers that maintain industry-standard security certifications and practices, including ISO 27001 and SOC 2 compliance frameworks where applicable.
    .

  • Third-Party Services: We use trusted third-party infrastructure and service providers that meet industry security standards to support app functionality and data processing.
     

3. Payment Security
Program purchases are processed through third-party platforms such as Apple's App Store. Reducify does not store, process, or have access to full payment card information.


4. Data Retention & Deletion

  • Data is retained only as long as necessary to provide our services, comply with legal obligations, or resolve disputes..
     

  • Users may request data deletion anytime via in-app settings or by emailing support@reducifyteam.com .
     

  • For institutional partners, all associated educational data is securely deleted within 30 days of contract termination.
     

5. Breach Response
If a data breach occurs, Reducify will notify affected users and partners in accordance with applicable laws and regulations.
 

6. Continuous Compliance
Reducify conducts regular internal reviews of privacy and data security practices. All new features undergo privacy and security assessments before release.

bottom of page