Operational Policies

Effective Date: April 1, 2026

Service Availability

Reddox targets 99.9% uptime for all production services. We invest heavily in redundant infrastructure and monitoring to minimize unplanned downtime.

Scheduled maintenance windows are communicated to users in advance via email and in-app notification. Whenever possible, maintenance is performed during off-peak hours to reduce disruption. During scheduled maintenance, some features may be temporarily unavailable.

Current platform status is available at our status page. We recommend subscribing to status updates if your workflow depends on continuous access to Reddox.

Data Security

Reddox takes the security of your documents and data seriously. All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Data stored on our servers is encrypted at rest using AES-256 encryption.

Our infrastructure is hosted on Amazon Web Services (AWS), which provides physical security, network isolation, and compliance certifications across its data centers. We use Cloudflare for additional DDoS protection, web application firewall capabilities, and edge caching.

We conduct regular security audits, including automated vulnerability scanning and periodic third-party penetration testing. Any identified vulnerabilities are triaged and remediated according to their severity level.

Acceptable Use Policy

By using Reddox, you agree to use the platform only for lawful purposes and in accordance with these policies. The following activities are prohibited:

• Using Reddox in connection with any illegal activity or to process documents related to unlawful transactions
• Automated scraping, crawling, or programmatic access to the platform without prior written authorization
• Sharing account credentials with unauthorized individuals or allowing multiple users to access a single-user account
• Uploading files that contain malware, viruses, or other malicious code
• Attempting to extract, reverse-engineer, or replicate the AI model weights, training data, or proprietary algorithms used by Reddox

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account without prior notice. Reddox reserves the right to investigate suspected violations and cooperate with law enforcement when required.

Data Retention

Reddox is designed to minimize the amount of data we store. Document text is processed in memory and is not persisted to disk after the review is complete. We do not retain copies of your uploaded documents once processing has finished.

Conversation history and review metadata (such as timestamps, document names, and settings used) are retained while your account remains active. This data is used to provide you with a history of your reviews and to improve the quality of the service.

When you close your account, all associated data, including conversation history, account information, and stored preferences, will be permanently deleted within 30 days of account closure. You may also request early deletion by contacting our support team.

Backup and Recovery

Reddox performs regular automated backups of all critical databases and system configurations. These backups are stored in geographically separate locations to protect against regional failures.

We maintain point-in-time recovery capabilities for our database systems, allowing us to restore data to any specific moment in the event of data corruption or loss. Our disaster recovery procedures are tested periodically to verify their effectiveness and to ensure that recovery time objectives are met.

Incident Response

In the event of a security incident, our team initiates an investigation within 24 hours of detection. The incident response process includes containment, root cause analysis, remediation, and communication.

If a security incident affects user data, all affected users will be notified as quickly as possible with details about the nature of the incident, the data involved, and the steps being taken to resolve it. We will also provide guidance on any actions users should take to protect their accounts.

Following resolution, we publish a post-incident report summarizing the timeline, impact, root cause, and the measures implemented to prevent recurrence. These reports are shared with affected users and, where appropriate, made available publicly.

Third-Party Compliance

Reddox is SOC 2 ready and has implemented controls aligned with the SOC 2 Trust Services Criteria for security, availability, and confidentiality. We are working toward formal SOC 2 Type II certification.

Our data handling practices are aligned with the General Data Protection Regulation (GDPR). Users located in the European Economic Area can exercise their rights under GDPR, including the right to access, correct, or delete their personal data, by contacting our support team.

Reddox does not sell user data to third parties under any circumstances. We do not share your documents, review history, or personal information with advertisers, data brokers, or any other external parties for commercial purposes.

Rate Limits and Fair Use

All paid Reddox plans include unlimited contract reviews. However, we expect that usage remains within reasonable bounds consistent with normal human-driven workflow. If your usage patterns suggest automated or programmatic bulk processing, we may contact you to discuss your needs.

Automated bulk processing of documents requires a Team plan. If you anticipate high-volume usage or need API access for integration into your own systems, please contact our sales team to discuss the appropriate plan.

Reddox reserves the right to implement temporary rate limits during periods of unusually high demand to maintain service quality for all users.

Contact

For operational questions, platform support, or general inquiries, please contact support@reddox.ai.

For security concerns, vulnerability reports, or incident-related communications, please contact security@reddox.ai.