Security at Reduct

Reduct is trusted by Fortune 500 companies and public sector organizations alike to keep their data safe and secure, and we take that responsibility seriously. We maintain the highest standards of data privacy and security, and work with third-parties to audit our security practices.

SOC 2 Type II certification

A SOC 2 Type II certification is considered the gold standard for Enterprise-grade Security. It is issued after a months-long audit period by an independent third-party auditor, who we work with to receive and maintain this certification. For a copy of our SOC2 report please email

GDPR compliance

Reduct is designed to be GDPR compliant, and organizations in the EU or who work with EU-based constituents can contact us about engaging in a Data Processing Agreement with Reduct. For a copy of our Data Processing Agreement, please email

Secure and reliable infrastructure

Reduct uses Google Cloud Platform (GCP) for hosting both staging and production environments. GCP data centers are protected by secure perimeter defense systems, comprehensive camera coverage, biometric authentication, and 24/7 security staff. GCP is compliant with numerous standards, including SOC1, SOC 2, SOC 3, ISO 27001, and HIPAA.

Continuous monitoring

We engage a third-party firm to continuously monitor Reduct's policies, procedures, and IT infrastructure to ensure we adhere to industry-standard security, privacy, confidentiality, and availability standards.

This monitoring produces daily and weekly gap assessments against the SOC 2 standard, and allows Reduct to be compliant on an ongoing basis.

Data encryption

Data is encrypted in-transit using bank-grade TLS 1.2, the safest method available today. Data is encrypted at-rest using 256-bit encryption via native GCP capabilities.

Single sign-on (SSO)

Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Role-based access control

Advanced role-based access control (RBAC) is offered on all our enterprise accounts and allows our users to define roles and permissions.

Credit card data safety

When you enter your credit card on Reduct, all credit card data is handled by Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.

Business continuity and disaster recovery

We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.

Data permissions & authentication

Access to customer data is limited to authorized employees who require it for their job, and background checks are required for sensitive data access. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers' sensitive information.

Secure software development

Reduct utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Employee trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

For more information

If you have any questions or concerns, please contact