Privacy Policy
Last updated July 5, 2026
The short version
Cadence is a CRM for coaches. The data in your workspace (your leads, notes, tasks, and pipeline) is yours. We use it for exactly one thing: running the service for you. We don't sell it, we don't show ads, we don't run third-party analytics or tracking, and we don't train AI models on it.
What we store
Your account: your email address and a password handled by our authentication provider (we never see or store the password itself). Creating an account requires confirming your email; account emails (confirmation, password reset) are sent only when you ask for them.
Your workspace data: everything you or your team put into the CRM: lead names and contact details (email, phone, social handles), notes, timeline activity, tasks, pipeline stages, templates, and automation rules.
Intake form submissions: if you connect a lead intake form, the answers people submit are routed into your workspace as leads and timeline entries. A raw copy of the most recent submission is kept per form purely to power the setup screen, and is automatically purged after 90 days of form inactivity.
Integration data, only if you connect them: Google Calendar (we read your day's events to display them and write the blocks you create; tokens are stored encrypted) and Calendly (booking events for your leads; credentials stored encrypted). Disconnecting an integration deletes its credentials.
Your leads' data: who's responsible
For the personal data of the leads and clients you manage, you are the data controller and we are the processor: we handle that data only on your instructions, to run the service. If one of your leads asks about their data, that request is yours to answer, but the tools to honor it are built in (view, edit, export, and delete their record), and we'll help if you need it.
Where it lives
The service runs on Supabase (database and authentication) and Vercel (application hosting). If you connect them, data also flows to/from Google (Calendar) and Calendly under their own privacy policies. Our sign-up and password-reset forms may be protected by Cloudflare Turnstile, a bot check that runs in your browser and doesn't identify or track you. Those are the only subprocessors. There are no analytics, advertising, or tracking services anywhere in the product.
How it's protected
All traffic is encrypted in transit (TLS) and data is encrypted at rest. Third-party credentials (calendar and Calendly tokens) are additionally encrypted at the application layer (AES-256-GCM). Every workspace is isolated at the database layer with row-level security: one workspace can never read another's data, and we continuously test that with an adversarial isolation suite.
How long we keep it
Your data stays as long as your account is active. Items you delete go to your workspace trash, restorable for 30 days, then are permanently purged. Raw intake submission snapshots are purged after 90 days of form inactivity. You can export your leads and tasks as CSV anytime from Settings.
Deleting everything
Email chrismatthews.mktg@gmail.com from your account address and we'll permanently erase your workspace (account, leads, timelines, integrations, trash, all of it) within 30 days, and confirm when it's done. Residual copies in encrypted platform backups age out on the backup provider's rotation schedule shortly after.
Cookies
The only cookies are the ones that keep you signed in. No tracking cookies, no ad pixels, no fingerprinting.
Your rights
Wherever you are, and specifically under GDPR and CCPA, you can access, correct, export, or delete your data, and you can object to or restrict processing. Most of that is self-serve in the app; for anything else, email us and we'll respond within 30 days. We don't sell personal information, so there's nothing to opt out of on that front.
Changes
If this policy changes in a way that matters, we'll update this page and note the new date at the top. Material changes will be flagged to you directly.