Privacy Policy

Waitlist email. When you join the waitlist, we store your email address so we can send you one email when Cadence opens. Nothing else at this stage.

Account email. When you create an account, we store your email address and a securely hashed password (Argon2id). We never store your password in plain text.

Subscription details you enter. The service name, price, renewal date, cycle, category, and any optional notes you add (like a payment method label such as “Visa ••24”). This is information you choose to put in. We do not scrape it from anywhere.

Reminder logs. A record of which reminders were sent and when, so we can avoid sending duplicates and so you can see your history.

Session data. A hashed session token stored in a secure, HTTP-only cookie that expires after 30 days. Used only to keep you logged in.

Onboarding answers. If you take the short signup quiz, we store the answers you choose (such as how many subscriptions you think you have, how often you check them, and a rough monthly spend band). We use these in aggregate to understand our users and improve Cadence, never to profile you individually.

Bank credentials. Cadence never connects to Plaid, Open Banking, or any other bank-linking service. We do not ask for your bank login, ever.

Full card numbers. You can optionally note a payment method with a label like “Visa ••24”. We never ask for, store, or process a full card number for the subscriptions you track, so your real card details never sit on our servers.

Transaction history. We do not read your bank statements, email receipts, or transaction feeds. Everything in Cadence is entered by you.

Advertising or tracking data. We do not use advertising pixels, third-party trackers, or sell your data. We do not profile you for advertising purposes.

Waitlist. One email when Cadence opens. Nothing else, unless you become an account holder.

Reminders. Your subscription data is used to calculate upcoming renewal dates and send you the reminder emails you configured. We do not use it for any other purpose.

Product improvement. We may look at aggregate, anonymised usage patterns (for example, how many people use a given category) to improve the product. This is never linked back to individual accounts.

No selling, no sharing. We never sell your data. We never share it with third parties for their own purposes. The only external services we use are our hosting provider (Vercel) and our email delivery service (Resend), both of which process data strictly to deliver the service.

Export. You have the right to a full copy of your data. Until self-serve export lands in your settings, email us and we will send it to you.

Delete. You have the right to erase your account and all associated data. Until one-click deletion lands in your settings, email us and we will permanently delete everything. We never send goodbye emails asking you to reconsider.

Unsubscribe. Email us to stop receiving reminders and we will act on it immediately. One-click unsubscribe in every email and in-app reminder controls are on the way.

Correction. All your subscription data is editable in the app. Your account email can be changed from your settings.

Your data is encrypted at rest and in transit (TLS). Passwords are hashed with Argon2id, a modern, memory-hard algorithm designed to resist brute-force attacks. Session tokens are hashed before storage so a database breach cannot be used to impersonate you.

We use a managed Postgres database (Neon) with row-level isolation: your data is scoped to your account and cannot be read by other users.

For waitlist signups, we rely on your consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by contacting us or clicking the unsubscribe link in any email we send.

For account holders, we process your data on the basis of contract performance (GDPR Art. 6(1)(b)): you gave us your subscription data so we could send you reminders, and that is what we use it for.