Privacy Policy
Last updated: July 2, 2026
1. What we collect
Account details (name, email), studio business records you enter (clients, jobs, invoices, expenses), files you upload (recordings, receipts, watermark audio), payment metadata from Stripe (never card numbers), and technical logs (IP addresses, audit events) used for security.
2. What we never collect
Card numbers (all card data is handled by Stripe), your bank credentials (bank connections use a provider token, never your username or password), and your studio's Stripe secret keys (payment access uses Stripe Connect authorization, not keys).
3. How we use data
To operate the service: authenticate you, store and watermark your files, send transactional email, process subscription billing, and keep audit trails of money and file activity. We do not sell personal data or use your recordings for anything other than serving them back to you and your clients.
4. Your clients' data
Studios enter their own clients' contact details. That data belongs to the studio; Cadenza processes it only on the studio's behalf. Client review links use expiring signed tokens rather than requiring accounts.
5. Subprocessors
Supabase (database, authentication, file storage), Stripe (payments and billing), SendGrid (email), Cloudflare (bot protection), and our hosting providers (Vercel; Railway or Render for audio processing). If you connect your own email (SMTP or Google app password), those credentials are stored encrypted and used only to send email you initiate.
6. Retention and deletion
Business records are kept while your account is active. Files subject to auto-expiry are deleted after your configured retention window with advance warning. Closing your account deletes your data after a 30-day export window, except records we must keep for legal or financial-compliance reasons.
7. Security
Tenant isolation is enforced at the database level (row-level security), files are private-by-default and served only through short-lived signed links, per-studio email credentials are encrypted at rest, and money/file actions are audit-logged.
8. Your rights
You may export your data (CSV exports are built in), correct it, or request deletion by contacting support. US residents may have additional rights under state privacy laws.