Iconcadence

Privacy Policy

Read our privacy policy to understand how we collect, use, and protect your data on Cadence.

Last updated: November 23, 2025

1. Information We Collect

We collect information you provide directly to us, as well as information generated through your use of our services.

Account Information

  • Name and display name
  • Email address
  • Profile image or avatar URL
  • Account creation and last update timestamps

Discord Information

  • Discord user ID
  • Discord display name
  • Discord avatar URL
  • Discord email address

Event and Scheduling Data

  • Events you create (names, descriptions, dates, times)
  • Your availability responses
  • Event participation records
  • Event invitations

Team and Group Data

  • Teams you create or join
  • Your role and permissions within teams
  • Team invitations
  • Team settings

Preferences and Settings

  • Discord notification preferences
  • User interface preferences
  • Privacy settings
  • Calendar integration settings

Subscription and Billing Information

  • Subscription plan and status
  • Billing history (processed through Stripe)
  • Feature usage and access levels

Technical and Usage Data

  • IP address and location data
  • Browser type and version
  • Device information
  • Session information and authentication tokens
  • Log data and error reports (retained 90 days)

Cookies and Tracking Technologies

  • Strictly Necessary Cookies: Session cookies and authentication tokens required for secure login.
  • Functional Storage: Local storage for UI preferences (theme settings).
  • Analytics: Privacy-preserving analytics via Vercel Web Analytics (no cookies tracking individual users).

We do not use non-essential cookies for marketing. You can manage cookies through browser settings, but disabling them will prevent login.

2. How We Use Your Information

Service Delivery

  • Create and manage your account
  • Authenticate you and maintain your session
  • Store and synchronize data across devices
  • Enable event creation and coordination
  • Facilitate team management
  • Generate scheduling recommendations

Communication and Notifications

  • Send event and team notifications via Discord
  • Deliver technical notices and security alerts
  • Communicate about service updates and features
  • Respond to support requests

Service Improvement and Analytics

  • Analyze usage patterns
  • Debug technical issues
  • Monitor service performance
  • Develop new features
  • Conduct security monitoring

Data Sharing Within the Platform

  • Your profile (name, avatar) visible to team members
  • Availability responses visible to event organizers and participants
  • Participation status visible to event attendees
  • Your role visible to authorized team members

Automated Decision-Making

Cadence uses automated decision-making to generate optimal time suggestions and availability heatmaps based on your responses. These suggestions are provided for informational purposes only. You retain full control over scheduling and can request manual human review by contacting privacy@unknownhost.name. We will respond within 30 days with an explanation of the automated decision-making process.

Legal and Compliance

  • Comply with legal obligations
  • Enforce Terms of Service
  • Protect rights and prevent fraud
  • Investigate policy violations

3. Legal Basis for Processing (GDPR & CCPA)

For Users in the EU/EEA (GDPR)

We process personal information based on:

  • Contract Performance: Processing necessary to create and maintain your account
  • Legitimate Interests: Service improvement, analytics, security, fraud prevention. Details available upon request.
  • Consent: For optional marketing and advanced analytics
  • Legal Obligation: Compliance with laws and law enforcement requests

For Users in California (CCPA)

California residents have rights under CCPA (see Section 13).

For Users in Other States

Virginia, Colorado, Connecticut, Utah, and Montana residents have similar privacy rights. Same contact methods and response timelines apply.

4. Discord Integration

We collect Discord user ID, username, avatar, and email via Discord OAuth for authentication and notifications. Discord's use of your information is governed by their Privacy Policy. You can revoke access through Discord settings anytime.

5. Third-Party Service Providers

Cadence works with the following service providers:

Autumn

Purpose: Subscription management. useautumn.com/privacy

Stripe

Purpose: Payment processing (we don't store full card data). stripe.com/privacy

Convex (Self-Hosted)

Purpose: Real-time database for application data. We run the open-source Convex backend on our own US servers. convex.dev/legal/privacy

Vercel

Purpose: Web hosting and deployment. vercel.com/legal/privacy-policy

Discord

Purpose: Authentication and notifications. discord.com/privacy

Data Processing Agreements

We have Data Processing Agreements with all service providers ensuring they comply with data protection laws. You can request copies by contacting privacy@unknownhost.name.

6. Team and Event Data Visibility

When You Join a Team

  • Your display name, avatar, and role visible to team members
  • Team owners can see your role and permissions

When an Event Is Created

  • Team events visible to all team members
  • Private events restricted to invitees only
  • Participants see each other's names and availability

When You Leave or Delete Your Account

  • Your historical event data retained for audit purposes
  • Events you created show "[Deleted User]" if others participated
  • Your availability responses deleted
  • You can request complete event deletion via privacy@unknownhost.name

7. Information Sharing

We do not sell or rent personal information. We share data only with:

  • Convex (database and backend)
  • Autumn (subscription management)
  • Stripe (payment processing)
  • Vercel (hosting)
  • Discord (authentication)
  • You (with explicit consent)
  • Legal authorities (as required by law)

8. Data Storage and Retention

Data Location and Backups

All application data stored on our self-hosted servers in the US. We maintain regular backups. If data loss occurs due to our negligence, you're entitled to compensation per our Terms of Service.

Retention Timeline

  • Active accounts: Data retained while active
  • Deleted accounts: Personal data deleted within 30 days
  • Backups: Retained for 90 days
  • Billing records: Retained 7 years (tax compliance)
  • Log files: Retained 90 days (security)
  • Legal hold: Retained as required by law

Account Deletion

When you request deletion, the following is permanently removed:

  • Your profile, email, avatar, and credentials
  • Your availability responses
  • Personal messages and communications
  • Event creation records show "[Deleted User]"

9. International Data Transfers

For EU/EEA Users

Your application data is stored on our US servers. We ensure GDPR compliance through:

Legal Safeguards

  • Standard Contractual Clauses (SCCs) with US service providers
  • Binding agreements with each processor
  • Regular security audits

Technical Safeguards

  • Encryption in transit (TLS 1.2+) and at rest
  • Access controls
  • Security assessments

Your Rights

  • Request transfer safeguard details anytime
  • Object to transfers if you believe risk is unacceptable
  • Lodge complaint with your data protection authority
  • Request data deletion if transfers can't be made compliant

10. Data Security

Security Measures

  • TLS encryption for all data in transit
  • Discord OAuth and secure session management
  • Role-based access controls
  • Security monitoring and audit logs
  • Regular security patches

Limitations

No method is 100% secure. We cannot guarantee protection against all attacks or breaches. You're responsible for keeping your Discord account and password confidential.

Internal Data Access

  • Only authorized team members access personal data
  • Access logged and reviewed for unauthorized use
  • Employees sign confidentiality agreements

11. Breach Notification

Timeline

  • High-risk breaches: User notification within 24 hours
  • Lower-risk breaches: Notification within 72 hours
  • Authorities (GDPR): Notified within 72 hours

Notification Content

  • Description of the breach
  • Types of data affected
  • Likely consequences
  • Recommended actions
  • Contact information
  • Public notice on our website

12. Children's Privacy

Cadence is not intended for users under 13. We don't knowingly collect data from children under 13. If discovered, we'll delete the account and data immediately. Contact privacy@unknownhost.name if you believe we've collected data from a child under 13.

13. Your Rights and How to Exercise Them

Contact privacy@unknownhost.name with your request. Include details to identify your account.

All Users - General Rights

  • Access: View your data in account settings
  • Update: Modify profile and settings anytime
  • Delete Account: Request account and data deletion
  • Export Data: Get your data in JSON/CSV format
  • Opt-out: Unsubscribe from marketing emails
  • Revoke Discord Access: Through Discord settings

EU/EEA Users - GDPR Rights

  • Rectification: Correct inaccurate data
  • Erasure: Request deletion (with exceptions)
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive data in machine-readable format
  • Object: Opt out of certain processing
  • Withdraw Consent: Withdraw optional processing consent
  • Lodge Complaint: File with your data protection authority
  • Human Review: Request human review of automated decisions

California Users - CCPA Rights

  • Right to Know: Request what data we collect and use
  • Right to Delete: Request data deletion
  • Right to Opt-Out: Opt out of data sales (we don't sell)
  • Right to Correct: Request correction of inaccurate data
  • Right to Limit Use: Limit use of sensitive data
  • Right to Non-Discrimination: No penalty for exercising rights
  • Authorized Agent: Designate agent for requests

Other States (VCDPA, CPA, CTDPA, UCPA, MCDPA)

Virginia, Colorado, Connecticut, Utah, and Montana residents have similar rights to CCPA.

Response Timelines

  • GDPR (EU/EEA): 30 days (may extend 60 days for complex requests)
  • CCPA (California): 45 days (may extend 45 additional days)
  • Other states: 45 days (per state law)

We may request identity verification. We won't charge fees unless your request is manifestly unfounded. If denied, we'll explain why.

14. Marketing Communications

For EU/EEA Users (GDPR)

We send marketing emails only if you explicitly opt-in.

For US Users

We may send marketing emails. You can opt out by clicking "unsubscribe" or emailing privacy@unknownhost.name.

Transactional Emails

You cannot opt out of account updates, billing notices, security alerts, and support responses.

15. Changes to This Policy

We may update this policy anytime. Material changes will be posted with 30 days' notice. We'll email you if changes materially affect your privacy rights. Continued use constitutes acceptance.

16. Dispute Resolution and Governing Law

Internal Resolution Process

Contact privacy@unknownhost.name with details. We'll:

  • Acknowledge within 5 business days
  • Investigate and respond within 30 days
  • Propose remedial action if needed
  • Provide info about escalation options

Governing Law

Governed by US law and Indiana state law (except GDPR applies to EU/EEA residents).

17. Contact Us

Primary Contact

Data Protection Authorities - EU/EEA

If you've exhausted our internal process, lodge a complaint with your data protection authority:

California Attorney General

California residents can contact the California Attorney General's Consumer Protection Division at oag.ca.gov/privacy.

18. Acknowledgment

By using Cadence, you acknowledge that you have read this policy and understand our privacy practices. If you disagree with any part, you should not use Cadence.

We will respond to all inquiries as specified and will do our best to resolve any concerns you may have.

Privacy Policy | Cadence