Cadence Privacy Policy
Last updated: March 30, 2026
1. Introduction
Cadence (“we,” “our,” or “us”) is operated by Motive Labs, a company organized in the United States. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use the Cadence mobile application and any related websites, APIs, or services (collectively, the “Service”).
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service. This Privacy Policy should be read in conjunction with our Terms & Conditions.
2. Information We Collect
2.1 Account & Profile Information
When you create an account we collect your email address and, optionally, your display name and full name. If you sign up using a third-party authentication provider (e.g., Apple Sign-In or Google Sign-In), we receive only the information you authorize that provider to share.
2.2 Health & Fitness Data
With your explicit, opt-in permission, Cadence reads health data from Apple Health / HealthKit (iOS) or Health Connect (Android). Data types include: steps, sleep duration and stages, heart rate, and body-fat percentage. This data is read-only — Cadence never writes to Apple Health or Health Connect. We process health data solely to display your metrics and generate personalized insights within the app. We never sell, share, or use health data for advertising, marketing, or data-mining purposes.
2.3 Self-Reported Data
Daily check-ins, emotional-state entries, journal entries, personal reflections, compass readings, and SparQ responses are voluntarily provided by you. This data powers your personal insights and the AI coaching features.
2.4 Birth Details (Optional)
If you choose to provide your birth date, birth city, and birth time, this information is used exclusively for the Perspective pillar features (natal-node calculations). It is stored in your private profile and never shared with third parties.
2.5 Nutrition & Body-Composition Data
Meal logs, barcode-scanned food entries, macronutrient data, and weight entries you record are stored to support your Fuel and fitness-tracking features.
2.6 Device & Technical Data
We automatically collect device model, operating system version, app version, browser type, IP address, time zone, push-notification tokens (Firebase Cloud Messaging), and anonymized crash reports. This data is used for debugging, performance monitoring, and Service improvements.
2.7 Usage Analytics
We collect anonymized, aggregated analytics on feature usage patterns to improve the Service. We do not use third-party advertising SDKs, and we do not build advertising profiles from your data.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:
Consent (Art. 6(1)(a) & Art. 9(2)(a)): For processing health and fitness data (special-category data under GDPR) and optional data such as birth details.
Contract Performance (Art. 6(1)(b)): For account creation, service delivery, and subscription management.
Legitimate Interest (Art. 6(1)(f)): For anonymized analytics, security monitoring, and Service improvements, where these interests are not overridden by your data-protection rights.
Legal Obligation (Art. 6(1)(c)): Where we must comply with applicable laws or regulatory requirements.
You may withdraw your consent at any time (see Section 9). Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.
4. How We Use Your Information
To provide, maintain, and improve the Service
To personalize your experience with AI-powered insights (Cadie)
To display your health metrics and track personal growth over time
To send push notifications you have opted into
To process subscriptions and in-app purchases
To detect, prevent, and address security incidents and abuse
To comply with legal obligations and respond to lawful requests
To generate anonymized, aggregated analytics that cannot identify you
We do not use your personal data for advertising, and we do not sell your data to third parties under any circumstances.
5. Data Storage, Security & International Transfers
Your data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256 or equivalent. Access to your data is restricted by Row-Level Security (RLS) policies, ensuring that only you can access your own records. Our infrastructure is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data-protection laws may differ from your jurisdiction. By using the Service, you consent to this transfer. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.
6. Third-Party Services & Sub-processors
Cadence integrates with or relies on the following third-party services. Each operates under its own privacy policy:
Apple Health (HealthKit) / Health Connect: Read-only access to health metrics with your permission. Health data is never shared with these platforms by Cadence.
Firebase Cloud Messaging (Google): For push-notification delivery. Only device tokens are shared; no health data.
Spotify: Optional music integration. Only the data you authorize via Spotify’s OAuth flow is accessed.
Apple App Store / Google Play: For subscription and purchase processing. Payment credentials are handled entirely by the app store; Cadence never receives your credit-card details.
OpenStreetMap Nominatim: For geocoding birth-city entries. Only the city name is sent; no personal identifiers.
AI Model Providers: Cadie’s AI coaching processes your self-reported data (not raw health data) via large-language-model APIs. Your data is not used to train third-party AI models.
We do not embed advertising SDKs, social-media tracking pixels, or cross-app tracking frameworks.
7. Health Data Permissions
7.1 Health Connect (Android)
On Android, Cadence uses Health Connect to read Steps, Sleep, Heart Rate, and Body Fat Percentage. This data is read-only — Cadence never writes to Health Connect. You can revoke permissions at any time through your device’s Health Connect settings (Settings → Apps → Health Connect → Cadence). Revoking permissions stops new data from syncing but does not delete previously synced data from your Cadence account. To delete previously synced data, use the account-deletion flow (Section 11).
7.2 Apple Health / HealthKit (iOS)
On iOS, Cadence uses HealthKit to read Steps, Sleep, Heart Rate, and Body Fat Percentage. This data is read-only — Cadence never writes to Apple Health. You can revoke permissions at any time through Settings → Privacy & Security → Health → Cadence. In compliance with Apple’s HealthKit guidelines, health data is never used for advertising, is never sold, and is never shared with third parties for marketing purposes.
7A. Biometric & Physiological Data Disclosures
Certain health metrics collected by Cadence — such as heart rate — may be classified as “biometric data” or “biometric identifiers” under specific state and international laws. This section provides the additional disclosures required by those laws.
Illinois Biometric Information Privacy Act (BIPA)
If you are an Illinois resident: Cadence collects heart-rate data solely for the purpose of displaying your personal health metrics and generating wellness insights within the app. This data is stored securely (encrypted at rest and in transit) and retained for the lifetime of your account. Upon account deletion, all biometric data is permanently destroyed within 30 days, or within 3 years of your last interaction with the Service, whichever comes first. We do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose your biometric data to any third party except as required by law or with your explicit, informed, written consent.
Texas Capture or Use of Biometric Identifier Act (CUBI)
If you are a Texas resident: Cadence does not capture biometric identifiers for a “commercial purpose” as defined by CUBI. Heart-rate data is collected solely at your direction to provide your personal wellness insights. We do not sell, lease, or otherwise disclose your biometric identifiers. Biometric data is destroyed upon account deletion within 30 days.
Washington Biometric Privacy Law (RCW 19.375)
If you are a Washington resident: We provide this notice that Cadence collects biometric data (heart rate) with your opt-in consent. We do not enroll biometric data in a database for a commercial purpose, and we do not sell or share it without your consent. You may withdraw consent at any time by revoking health-data permissions on your device.
European Union & United Kingdom
Under the EU General Data Protection Regulation (GDPR) and the UK GDPR, heart-rate data constitutes “data concerning health” — a special category of personal data under Article 9. We process this data solely on the basis of your explicit consent (Art. 9(2)(a)), which you provide when granting health-data permissions on your device. You may withdraw consent at any time (see Section 9), and we will cease processing your health data promptly. We implement appropriate technical and organizational measures (encryption, access controls, Row-Level Security) in compliance with Article 32. For data transfers outside the EEA/UK, we rely on Standard Contractual Clauses as described in Section 5.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:
Active accounts: Data is retained for the lifetime of your account.
Account deletion: Upon account deletion, all personal data — including check-ins, journal entries, health data, compass readings, conversations, and profile information — is permanently and irreversibly deleted within 30 days.
Backups: Encrypted backups may retain fragments of deleted data for up to 90 days, after which they are automatically purged.
Anonymized data: Aggregated, de-identified analytics data that cannot be linked back to you may be retained indefinitely for product-improvement purposes.
Legal obligations: We may retain certain data longer if required by applicable law (e.g., tax or financial records).
9. Your Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:
9.1 Rights Under GDPR (EEA/UK)
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure (“Right to Be Forgotten”): Request deletion of your data.
Restriction: Request that we restrict processing of your data.
Portability: Receive your data in a structured, machine-readable format (JSON).
Objection: Object to processing based on legitimate interest.
Withdraw Consent: Withdraw consent for health-data processing at any time.
Complaint: Lodge a complaint with your local data-protection supervisory authority.
9.2 Rights Under CCPA/CPRA (California)
Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
Right to Delete: Request deletion of your personal information.
Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
9.3 Exercising Your Rights
To exercise any of these rights, email us at contact@motivelabs.us with the subject line “Privacy Rights Request.” We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.
10. Cookies & Tracking Technologies
Cadence is primarily a native mobile application and does not use cookies for tracking or advertising. When you access the Service via a web browser, we use only essential, first-party cookies (e.g., session tokens for authentication). We do not use cross-site tracking cookies, advertising pixels, or fingerprinting technologies.
11. Account Deletion
You can delete your account at any time by navigating to Profile → Account Settings → Delete Account. Upon deletion, all your personal data — including check-ins, journal entries, health data, compass readings, conversations, nutrition logs, and account settings — will be permanently and irreversibly removed within 30 days. This action cannot be undone. If you only wish to remove specific data (e.g., health data), you may contact us at contact@motivelabs.us.
12. Children’s Privacy
Cadence is not intended for use by anyone under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such data, we will delete it promptly and terminate the associated account. If you believe a child under 13 has provided us with personal information, please contact us at contact@motivelabs.us.
13. Data Breach Notification
In the unlikely event of a data breach that affects your personal data, we will notify affected users via email and/or in-app notification within 72 hours of becoming aware of the breach (as required by GDPR). We will also notify the relevant supervisory authorities where legally required. Notifications will include the nature of the breach, the data affected, the measures taken, and recommended steps you can take.
14. HIPAA Disclaimer
Cadence is not a HIPAA-covered entity and is not intended to be used as a medical device, clinical tool, or substitute for professional medical care. The health and fitness data processed by Cadence does not constitute Protected Health Information (PHI) under HIPAA. If you are a healthcare provider or organization, do not use Cadence to store or transmit PHI.
15. Do Not Track
Cadence honors Do Not Track (DNT) browser signals. Because we do not engage in cross-site tracking, our practices remain the same regardless of your DNT setting.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the revised Privacy Policy within the app with an updated “Last updated” date, and (b) sending you an email or in-app notification for significant changes. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy. If you disagree with the changes, you should stop using the Service and delete your account.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Motive Labs
Email: contact@motivelabs.us
Website: motivelabs.us
© 2026 Motive Labs. All rights reserved.