top of page

Reducify Data Security Policy


Effective Date: November 1, 2025


1. Data Collection
Reducify collects only the information necessary to support financial education and repayment tracking, including:

  • Basic profile information (name, email, optional school affiliation)
     

  • Self-reported financial data (loan servicer, total balance, interest rate)
     

  • Behavioral insights (user progress and in-app reflections)
     

  • Subscription Data: Limited information about your subscription status (e.g.; active subscription, plan type, renewal status) from third-party payment providers.
     

No sensitive personal identifiers (e.g., Social Security numbers, credit card details, or banking credentials) are collected or stored on Reducify’s servers.


2. Data Security Measures

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
     

  • Access Controls: Only authorized personnel with relevant responsibilities can access user data. All access is logged and regularly monitored.
     

  • Authentication: Secure authentication protocols are applied for user logins and administrative functions.
     

  • Storage: Data is hosted on secure U.S.-based servers compliant with ISO 27001 and SOC 2 Type II standards.
    .

  • Third-Party Services: We use trusted third-party infrastructure and service providers that meet industry security standards to support app functionality and data processing.
     

3. Payment Security
All subscription payments are processed through third-party PCI-DSS–compliant providers (e.g., Apple, Google, or Stripe). Reducify does not store, process, or have access to full payment card information. We only receive limited subscription-related data necessary to manage access to the App.


4. Data Retention & Deletion

  • Data is retained only as long as necessary to provide our services, comply with legal obligations, or resolve disputes..
     

  • Users may request data deletion anytime via in-app settings or by emailing info@reducifyapp.com.
     

  • For institutional partners, all associated educational data is securely deleted within 30 days of contract termination.
     

5. Breach Response
If a data breach occurs, Reducify will notify affected users and partners in accordance with applicable laws and regulations.
 

6. Continuous Compliance
Reducify conducts regular internal reviews of privacy and data security practices. All new features undergo privacy and security assessments before release.

bottom of page