Security at Reduct

Reduct is trusted by Fortune 500 companies and public sector organizations alike to keep their data safe and secure, and we take that responsibility seriously. We maintain the highest standards of data privacy and security, and work with third-parties to audit our security practices.

SOC 2 Type II certification

A SOC 2 Type II certification is considered the gold standard for Enterprise-grade Security. It is issued after a months-long audit period by an independent third-party auditor, who we work with to receive and maintain this certification. For a copy of our SOC2 report please email support@reduct.video.

GDPR compliance

Reduct is designed to be GDPR compliant, and organizations in the EU or who work with EU-based constituents can contact us about engaging in a Data Processing Agreement with Reduct. For a copy of our Data Processing Agreement, please email privacy@reduct.video.

Secure and reliable infrastructure

Reduct uses Google Cloud Platform (GCP) for hosting both staging and production environments. GCP data centers are protected by secure perimeter defense systems, comprehensive camera coverage, biometric authentication, and 24/7 security staff. GCP is compliant with numerous standards, including SOC1, SOC 2, SOC 3, ISO 27001, and HIPAA.

Continuous monitoring

We engage a third-party firm to continuously monitor Reduct's policies, procedures, and IT infrastructure to ensure we adhere to industry-standard security, privacy, confidentiality, and availability standards.

This monitoring produces daily and weekly gap assessments against the SOC 2 standard, and allows Reduct to be compliant on an ongoing basis.

Data encryption

Data is encrypted in-transit using bank-grade TLS 1.2, the safest method available today. Data is encrypted at-rest using 256-bit encryption via native GCP capabilities.

Single sign-on (SSO)

Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Role-based access control

Advanced role-based access control (RBAC) is offered on all our enterprise accounts and allows our users to define roles and permissions.

Credit card data safety

When you enter your credit card on Reduct, all credit card data is handled by Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.

Business continuity and disaster recovery

We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.

Data permissions & authentication

Access to customer data is limited to authorized employees who require it for their job, and background checks are required for sensitive data access. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers' sensitive information.

Secure software development

Reduct utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Employee trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

For more information

If you have any questions or concerns, please contact support@reduct.video.

FAQs

Can't find your answer? Please email support@reduct.video.

What AI engines are used?

Reduct uses Google Cloud Platform (GCP) for our server infrastructure. Our transcription, speaker diarization, and transcription alignment models are all self-hosted within GCP infrastructure. For translation, we use Google Cloud's Translation API.

Optionally, we offer LLM-based features (such as summarization, suggested highlights / tags, and "Ask"), powered by OpenAI. This usage is protected by a data processing agreement between Reduct and OpenAI in which OpenAI promises that they will not train any models on your data, nor retain it more than 30 days.

I don't want any data going to subprocessors, is it possible?

No language models from subprocessors are required to use Reduct. We do use OpenAI's GPT models for certain features, such as summarization; these features can be turned off if desired. We also have a signed agreement with OpenAI in which OpenAI promises not to train on any data that we submit to them using the API, and that all data they receive from us is deleted within 30 days.

How secure is the data when processing?

It is very secure. All data is encrypted in transit and rest, and we have extremely high standards for data processing. We verify our high standards of data security every year with an independently audited SOC 2 Type II certification.

Do you have full audit logs which are exportable?

Audit logs can be provided upon request by email to support@reduct.video

How can we prove the data you run through the engine isn’t used to train the models?

For our enterprise customers, we sign a "Data Processing Agreement" that establishes how we process your data. To provide further assurance around our data practices, we can also provide you our "SOC 2 Type II" certification, which we obtain after a third-party auditing process every year.