BackCadence

Privacy Policy

Last updated May 16, 2026

The short version: we collect what we need to make Cadence work for you. We don't sell your data. We don't use it to train models. We don't embed advertising trackers. Mood entries and weekly reflections are private to you, even on shared cadences.

What we collect

From you, when you sign in

  • Email address — used to authenticate you and send transactional emails (magic links, invitations, account notices).
  • Name — from your Apple or Google account, or derived from your email if you sign in with a magic link. Shown to people you share cadences with.
  • A provider identifier — if you sign in with Apple or Google, we store the opaque user id they give us so we recognize you on next sign-in.

What you create in the app

  • Cadences and tasks — the names, themes, and task text you add.
  • Mood entries — one of five glyphs per day (private to you).
  • Weekly reviews — your reflections on the week (private to you).
  • Invitations you send or receive — recipient email, your relationship to the cadence, optional note.

Technical data

  • Auth tokens — refresh tokens are hashed before we store them; the plaintext only exists on your device.
  • Email-delivery records — when we send you an email and whether it was sent successfully.
  • Crash and error reports — when the app crashes, we collect the stack trace and a user id so we can fix the bug. We do not collect your task content in crash reports.

We don't place advertising trackers. We don't use analytics SDKs that profile you across apps or sites. We don't track your location.

How we use your data

  • To run the app: store your tasks, sync them across your devices, deliver invitations.
  • To communicate about your account: sign-in links, invitations, account-closed confirmations, optional Sunday review nudges (you can turn these off in settings).
  • To improve the app: diagnose crashes, find bugs.
  • To enforce our terms: respond to abuse reports, comply with legal requests.

Who we share it with

We use a small number of third-party services to operate Cadence. Each sees only what it needs to do its job.

  • Resend — our transactional email provider. Sees your email address and the contents of emails we send you.
  • Sentry — error reporting, when enabled in a build. Sees crash stack traces and your numeric user id.
  • Apple — only if you choose Sign In with Apple. Apple gives us a user identifier and (on first sign-in) your email.
  • Google — only if you choose Sign In with Google. Google gives us a user identifier, your email, and your name.
  • Our hosting provider — runs the servers that store the database and process requests.

We don't sell your data to anyone. We don't share it with advertisers or data brokers. We'll only share it with law enforcement if we're legally required to and, where we can, we'll notify you first.

What shared-cadence members can see

When you join a shared cadence, the people in it can see:

  • Your display name and avatar initials.
  • The tasks you create in that cadence, and which tasks you mark complete.
  • The cadence owner (only the owner) can see your email.

They can't see your mood entries, your weekly reviews, tasks in other cadences, or your settings.

How long we keep your data

While you have an account, we keep your data so the app works. If you delete your account, we mark everything for deletion immediately. You have 90 days to change your mind and sign back in to restore — after that, we permanently delete it from our active systems. Backups roll over within 30 days of permanent deletion.

Email-delivery logs are kept for 90 days for troubleshooting. Crash reports are kept for 90 days.

Your rights

  • Access— you can see all your data inside the app at any time. We'll add a one-tap export in a future release.
  • Correction — edit your profile, tasks, cadences, and reflections directly in the app.
  • Deletion — delete your account from Profile → Account → Delete account.
  • Objection — email us if you want us to stop processing your data for a specific reason.

If you're in a region with statutory privacy rights (GDPR, CCPA, the Nigerian NDPR), those rights apply. You can exercise them by emailing hi@cadence.app.

Children

Cadence isn't directed at children under 13. If we learn we've collected data from a child under 13, we'll delete it.

Security

We use TLS for all traffic between your device and our servers. We hash refresh tokens before storing them. Passwords aren't stored — we don't use them. No system is unbreakable; we'll tell you promptly if your data is ever exposed in a breach.

International transfers

Cadence is operated globally. Your data may be processed in a country other than the one you're in. Where required, we use standard contractual clauses or equivalent safeguards.

Changes to this policy

We'll update this policy as the product changes. When we make a material change — for instance, adding a new third-party service that sees your data — we'll notify you in the app or by email before it takes effect.

Contact

Questions, complaints, or requests: hi@cadence.app.