Trust · Security

Client documents deserve boring, careful handling.

Reddi holds the evidence your firm is professionally responsible for. These are the principles it's built on — written plainly, with the full detail in our legal documents below.

01 · No client passwords

Upload links are scoped, not shared

Clients upload through no-login upload links tied to one request. No accounts to create means no client passwords to leak, reuse or forget.

02 · Audit-logged access

File access goes through the app

Reddi uses app-mediated file access through signed URLs, written to audit logs, so there's a record of every reminder, upload, replacement request and staff touch.

03 · Tenant isolation

Every check is tenant-scoped

Access is tenant-scoped and firm-scoped end to end — one firm's clients, documents and audit trail are never visible to another.

04 · Humans decide

AI assists; it never acts alone

Human review boundaries are enforced: checks use cautious language — appears, possible, unable to verify — and route to a person. Nothing is approved, rejected or filed without staff sign-off.

05 · Your retention rules

The firm controls the records

Retention, deletion and legal-hold workflows are configured against your firm's own regulatory obligations — Reddi doesn't decide what you keep.

06 · Published providers

Subprocessors listed, in public

Every infrastructure and service provider Reddi relies on is listed on the subprocessors page — the list your IT reviewer will ask for first.

The paperwork

Bring your IT reviewer. We like the hard questions.

We describe our posture honestly: Reddi does not claim SOC2 certification, and an independent security review is not claimed. What's written here is what we actually do — bring your IT reviewer and we'll answer the hard questions.

No advice given. Reddi collects; your firm advises.

AI assistance never provides accounting, tax, VAT, legal or compliance advice. Professional judgement stays with your people.