Privacy Policy
Last updated: May 14, 2026
This Privacy Policy explains how Cadence ("we", "us", or "our") collects, uses, and safeguards information when you use the Cadence application ("Service"). Cadence is operated by Brahim Zeqiraj as an independent developer based in the European Union.
Contact: brahim.zeqiraj@hotmail.com
1. Scope
Cadence is currently in private beta and used by a small number of invited users. This policy applies to information collected through the mobile and web applications and any associated developer integrations.
2. Information We Collect
2.1 Information you provide directly
- Account information — your email address and any profile information you choose to provide when creating an account.
- Preferences and feedback — session ratings, "more like this" / "less like this" reactions, and other in-app feedback you submit.
2.2 Information from third-party services you connect
When you connect a third-party service to Cadence, we receive data from that service to personalize your music recommendations.
- Spotify — when you sign in with Spotify, we receive your Spotify user identifier, email, top tracks and artists, saved tracks, recently played tracks, playlists, and current playback state. Cadence uses these to build your taste profile and to control playback through Spotify Connect on your active Spotify device.
- WHOOP (optional) — if you choose to connect your WHOOP account, we receive your recovery scores, sleep summaries, workout summaries, daily cycle data, and resting heart rate. We use these signals to adapt music recommendations to your physical state. We do not store live heart-rate values; we store only categorical zone information (e.g., "rest", "light", "moderate", "vigorous").
- Apple Health / Google Fit (optional, if connected in a future version) — similar biosignal data is read on-device and only categorical summaries are sent to our servers.
2.3 Information collected automatically
- Listening events — which tracks you played, skipped, completed, or saved, with timestamps. We use this to improve recommendations.
- Device and diagnostic information — anonymized device type, operating system version, and crash reports. We use Sentry to collect error data.
- Usage analytics — aggregated, anonymized event data via PostHog (EU Cloud) to understand how the Service is used. We do not transmit raw biosignal values to PostHog.
3. How We Use Information
We use the information we collect to:
- Personalize music recommendations and adapt them to your context.
- Operate, maintain, and improve the Service.
- Diagnose and fix bugs.
- Communicate with you about the Service (only when necessary; we do not send marketing emails).
We do not sell your personal information. We do not share it with advertisers. We do not use your data to train third-party AI models.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, our legal bases for processing your personal data are:
- Consent — you actively connect Spotify, WHOOP, and other services and may disconnect them at any time.
- Performance of a contract — to provide the Service you've signed up for.
- Legitimate interest — to maintain and improve the Service, prevent abuse, and ensure security.
5. Data Retention
- Account data is retained for as long as your account exists.
- Listening events and biosignal-derived signals are retained for up to 24 months for recommendation quality, then aggregated or deleted.
- If you delete your account, all personal data is removed from our systems within 30 days, with limited exceptions for legal record-keeping.
6. Data Sharing
We share data only with the service providers necessary to operate Cadence:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database, storage | Account info, listening events, taste profile |
| Fly.io | Application hosting | All data passes through hosted services in transit |
| Upstash | Cache | Ephemeral session state |
| Cyanite | Audio analysis | Track identifiers only (no personal data) |
| Sentry | Error tracking | Anonymized diagnostic data |
| PostHog (EU) | Usage analytics | Anonymized event data |
| Anthropic | LLM-generated explanation copy | Track and context metadata, no user identifiers |
All providers process data under GDPR-compliant Data Processing Agreements or equivalent. Data is hosted within the European Union where possible.
7. Your Rights
If you are in the EEA, UK, or California, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Delete your data (right to erasure).
- Restrict or object to certain processing.
- Portability — request a copy of your data in a machine-readable format.
- Withdraw consent at any time without affecting prior lawful processing.
To exercise any of these rights, email brahim.zeqiraj@hotmail.com. We respond within 30 days. The Cadence app also provides in-app data export and account deletion under Settings → Account.
8. Security
We protect your data with:
- TLS encryption for all data in transit.
- Encryption at rest for all third-party access tokens (Spotify, WHOOP).
- Access controls so only authorized services can read sensitive fields.
- Regular dependency updates and security review.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours where required by GDPR.
9. Children
Cadence is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has used the Service, contact us and we will remove the account.
10. International Transfers
Cadence is operated in the European Union. If data is transferred outside the EEA (for example, to U.S.-hosted services like Anthropic), we rely on Standard Contractual Clauses or equivalent safeguards.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post any updates here and update the "Last updated" date. Material changes will be communicated by email if you have an account.
12. Contact
For any questions about this Privacy Policy or your data:
Brahim Zeqiraj Email: brahim.zeqiraj@hotmail.com
This policy is provided in good faith for a personal-use developer project in private beta. It is not a substitute for legal advice. As Cadence grows beyond beta, this policy will be reviewed by qualified counsel.