​

Reducify Data Security Policy

Effective Date: November 1, 2025

1. Data Collection
Reducify collects only the information necessary to support financial education and repayment tracking, including:

• Basic profile information (name, email, optional school affiliation)
   

• Self-reported financial data (loan servicer, total balance, interest rate)
   

• Behavioral insights (user progress and in-app reflections)
   

No sensitive personal identifiers (e.g., Social Security numbers, credit card details, or banking credentials) are collected or stored on Reducify’s servers.

2. Data Security Measures

• Encryption: All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
   

• Access Controls: Only authorized personnel with relevant responsibilities can access user data. All access is logged and regularly monitored.
   

• Authentication: Secure authentication protocols are applied for user logins and administrative functions.
   

• Storage: Data is hosted on secure U.S.-based servers compliant with ISO 27001 and SOC 2 Type II standards.
   

3. Payment Security
All subscription payments are processed through third-party PCI-DSS–compliant providers (e.g., Apple Pay, Google Pay, or Stripe). Reducify does not store or process payment card information.

4. Data Retention & Deletion

• Data is retained only as long as necessary for service delivery.
   

• Users may request data deletion anytime via in-app settings or by emailing info@reducifyapp.com.
   

• For institutional partners, all associated educational data is securely deleted within 30 days of contract termination.
   

5. Breach Response
If a data breach occurs, Reducify will notify affected users and partners within 72 hours of discovery, consistent with GDPR and CCPA guidelines.
 

6. Continuous Compliance
Reducify conducts regular internal reviews of privacy and data security practices. All new features undergo privacy and security assessments before release.