Privacy Policy
Last updated: April 1, 2026
Who we are
Cadence is operated by Dinesh Dawonauth, based in Toronto, Ontario, Canada. If you have questions about this policy or your data, contact us at privacy@dineshd.dev.
What we collect
Health data
When you log entries in Cadence, we store the following data types. All health data is encrypted on your device before it reaches our servers.
| Data type | Examples |
|---|---|
| Period flow | None, spotting, light, medium, heavy |
| Mood | Happy, calm, anxious, irritable, sad, energetic, tired |
| Energy level | Low, medium, high |
| Symptoms | Cramps, headache, bloating, backache, tender breasts, nausea, acne, custom entries |
| Sleep quality | Poor, okay, good |
| Intimacy | Logged or not logged, protected or unprotected |
| Notes | Free-text entries |
Account data
- Email address
- Display name
- Whether you track a cycle (your selected role)
Usage data
We use TelemetryDeck for app analytics. TelemetryDeck collects anonymized usage signals with no personal identifiers — no device IDs, no IP addresses, no fingerprinting.
Our website uses Vercel Analytics for anonymized page view data. The website does not use cookies.
How your health data is protected
Your health data is encrypted on your device before it ever reaches our servers. The data stored on our servers is ciphertext — we cannot read it, even if we wanted to.
Cadence uses AES-256-GCM encryption via Apple's CryptoKit framework. A unique encryption key is derived for each user on their device. Because we never hold the key needed to decrypt your health data, we are technically unable to access it — whether for internal use, in response to data breaches, or under legal compulsion.
In addition to client-side encryption, all data is encrypted at rest at the infrastructure level by our hosting provider.
How we use your data
- To provide the Cadence service: cycle tracking, predictions, and daily logging
- To calculate cycle predictions using your logged data on your device
- To share selected categories with your connected partner, only when you enable them
- To send push notifications you have opted into
- To improve the app through anonymized, non-personal usage analytics
Partner sharing
Cadence lets you share selected health data with a connected partner. Sharing is entirely opt-in — nothing is shared by default.
Categories you can choose to share
- Period flow and dates
- Mood
- Energy level
- Symptoms
Categories that can never be shared
- Intimacy and sex data
- Sleep quality
- Notes
When you share data, Cadence writes a separate copy of only the enabled categories to a shared data store. Your partner reads from this copy — they never have access to your full logs.
When you turn off a category, that data is removed from the shared store, including historical entries. When either partner disconnects, all shared data for that connection is permanently deleted.
Third-party services
| Service | Purpose | Data received |
|---|---|---|
| Supabase | Database, authentication, real-time sync | Encrypted health data, account data |
| Apple | Authentication (Sign in with Apple), push notifications | Device token, Apple ID if used for sign-in |
| TelemetryDeck | App analytics | Anonymized usage signals, no personal identifiers |
| Vercel | Website hosting and analytics | Anonymized page view data |
We do not use advertising SDKs, tracking pixels, or fingerprinting technologies.
Where your data is stored
Your data is stored on Supabase servers in the United States (us-east-1 region). All data is encrypted at rest at the infrastructure level, in addition to the client-side encryption Cadence applies to health data before upload.
Data retention and deletion
We retain your data for as long as your account exists. To request deletion of your account and all associated data, email privacy@dineshd.dev. We will delete your data within 30 days of verifying your request.
Deletion includes your account, cycle logs, shared logs, sharing settings, and partner connections. Self-service account deletion will be available in a future version of the app.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Restrict or object to certain processing
- Receive your data in a portable format
- Withdraw consent at any time
To exercise any of these rights, email privacy@dineshd.dev.
Because health data is encrypted on your device and we cannot decrypt it on our servers, some requests — such as data access or portability for health data — may require coordination, as the decryption key exists only on your device.
Children
Cadence is not intended for anyone under 16 years of age. We do not knowingly collect data from anyone under 16. If you believe someone under 16 has created an account, contact us at privacy@dineshd.dev and we will delete the account.
We never sell your data
We do not sell your personal data. We do not share it with advertisers or data brokers. This is not a future promise — it is how Cadence is built.
Law enforcement and legal requests
If we receive a legal request for user data, we will comply to the extent required by law. However, because health data is encrypted on your device with a key we do not hold, we are technically unable to provide readable health data in response to any request.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the date at the top of this page and notify you through the app. Continued use of Cadence after changes take effect constitutes acceptance of the updated policy.
Contact
For privacy questions or data requests:
privacy@dineshd.dev