Incident and Breach Process

Last updated: May 2026

This page describes how redu.cloud handles service incidents, security incidents, and personal data breaches, and how affected customers will be notified.

1. Service Incidents

A service incident is any unplanned disruption or degradation to the availability or performance of the redu.cloud platform — including compute, networking, storage, backups, or the control plane.

How we detect incidents

We use automated monitoring systems to detect service disruptions. Our monitoring covers platform availability, API responsiveness, and infrastructure health. When an issue is detected, our team is alerted automatically.

How we respond

• Our team investigates the issue and works to restore normal service
• For incidents affecting multiple customers or causing significant disruption, we aim to communicate updates as the situation develops
• We conduct post-incident reviews on significant events to understand root causes and prevent recurrence

Customer reporting

If you believe you are experiencing a service disruption or have detected unusual behaviour in your environment:

• Email: office@redu.cloud
• Include: your account email, the affected resource(s), a description of the issue, and the time it started

2. Security Incidents

A security incident is an event that may have compromised the confidentiality, integrity, or availability of customer data or platform systems — such as unauthorised access, data exposure, or a suspected breach.

Reporting a security issue

If you suspect a security incident — including unauthorised access to your account or data — contact us immediately:

• Security email: security@redu.cloud
• General contact: office@redu.cloud

Please do not publicly disclose a potential security vulnerability before we have had a reasonable opportunity to investigate.

3. Personal Data Breaches

A personal data breach is a security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

Our obligations

Under UK GDPR and EU GDPR, we are required to:

• Notify the ICO (Information Commissioner's Office) of a notifiable breach without undue delay and where feasible within 72 hours of becoming aware of it, where the breach is likely to result in a risk to individuals' rights and freedoms
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms

Business customer notification

Where redu.cloud is acting as a data processor on behalf of a business customer (controller), and we become aware of a personal data breach affecting customer data, we will notify the affected business customer without undue delay so that the customer can meet their own regulatory notification obligations.

Business customers who have a Data Processing Agreement (DPA) with redu.cloud should refer to that agreement for breach notification terms.

4. Contact for Incidents

• Security issues: security@redu.cloud
• Service incidents and general support: office@redu.cloud

Note: redu.cloud does not currently operate a public status page. Critical incident communications will be sent directly to affected customers by email.