Purpose
This DPA explains the main data-processing positions for Reddi. It should be read together with the Terms of Service, Privacy Policy, Data Processing overview and Subprocessors list.
In the normal Reddi workflow, the accounting firm acts as controller for its client evidence collection decisions and Reddi acts as processor for the service data it handles on the firm's behalf.
Processing scope
| Topic | Reddi position |
|---|
| Customer role | The accounting firm determines what client evidence is requested, why it is needed, who may access it and how it is used in professional work. |
| Reddi role | Reddi provides software that processes firm, user, client, request, file, audit, support and billing data to operate the service. |
| Processing purpose | Operate client document collection, request packs, reminders, no-login uploads, AI-assisted operational review, support diagnostics and billing metadata. |
| Categories of data subjects | Firm users, invited team members, client contacts, upload recipients and support contacts. |
| Categories of data | Account data, firm metadata, client metadata, request answers, uploaded files, file metadata, audit logs, support diagnostics and billing metadata. |
| Subprocessors | The provider list is disclosed on the Subprocessors page and may be updated as providers or account configuration changes. |
| International transfers | Provider regions and transfer handling depend on the configured production accounts and the relevant provider terms. |
| Deletion and return | Reddi supports export, deletion, retention and legal-hold workflows where enabled and where no overriding retention duty applies. |
| Security measures | Tenant isolation, RLS, app-mediated file access, malware scanning, audit logs, incident response and human AI review are product controls; they are not a certification claim. |
Customer responsibilities
- Confirm the firm has a lawful basis and client notice for collecting each category of evidence.
- Configure request packs so clients are asked only for evidence the firm actually needs.
- Review AI-assisted outputs and uploaded evidence before using them in professional work.
- Manage firm users, access permissions, local exports and client communications responsibly.
- Tell Reddi promptly if the firm suspects unauthorised access, an incorrect recipient or a compromised upload link.
Reddi responsibilities
- Process customer data only to provide, secure, support, improve and bill for Reddi.
- Use access controls, tenant boundaries, audit logging and storage controls appropriate for the product.
- Make subprocessor information available to customers.
- Support export, deletion and support workflows where enabled and technically available.
- Keep AI-assisted review as an operational aid that remains subject to firm staff review.
Data rights and support
Requests about access, correction, deletion, export, retention or processing assistance should first go to the firm owner or privacy contact. Product support questions can be sent to support@askreddi.com.