How Your Privacy Works

Where Your Data Lives

All your check-ins, reflections, goals, and photos are stored in your browser's IndexedDB. They never leave your device unless you explicitly export them. Here is exactly what stays local and what goes over the network:

On your device

Check-ins

Reflections

Goals

Photos

Settings

Achievements

Leaves device (anonymized)

Usage signals

Push tokens

Feedback text

AI prompts (sanitized)

Your Data Inventory

Every table Cadence stores on your device, with live record counts. Tables marked "synced" send anonymized data only when you have given consent.

Table	Description	Records
Entries	Your daily logs — mood, food, sleep, caffeine, movement, stress, and anything else you track.	--
Goals	Your personal goals and habits — what you want to achieve, with status tracking and optional parent-child relationships for sub-goals.	--
Goal check-ins	Daily progress on your goals — whether you completed a habit or moved toward a milestone on a given day.	--
Reflections	Your evening reflection sessions — the guided conversations where you look back on your day and surface patterns.	--
Morning intentions	Your daily intentions set each morning — what you plan to focus on and how you want your day to feel.	--
Commitments	Action items you commit to during reflections — concrete next steps you decide to take based on your insights.	--
Custom trackers	Tracker definitions you create yourself — any metric Cadence does not cover out of the box, with your chosen value type and scale.	--
Settings	Your preferences — display name, enabled categories, notification times, AI personality, privacy choices, and onboarding state.	--
Saved meals	Stores your favorite and frequently logged meals for quick re-entry.	--
Research insights	Curated research-backed insights matched to your tracking domains.	--
Citations	Academic references backing the research insights — study metadata so you can verify claims yourself.	--
Research chunks	Downloaded segments of the research library, versioned and timestamped for efficient updates.	--
Insight interactions	How you have responded to research insights — dismissed, saved, or acted on — so Cadence can prioritize relevant ones.	--
Personal research	Your own research notes and bookmarks on health topics, optionally included in AI analysis.	--
User profile	Basic profile metadata used internally for personalization.	--
Usage stats	Aggregated usage counters stored locally — total entries, streaks, and session counts for achievements and progress tracking.	--
Achievements	Milestones and badges you have earned — streak records, entry counts, and feature discoveries.	--
User sessions	Session tracking for internal analytics — when you opened the app and how long you used it.	--
Data exports	A log of when you exported your data — timestamps and formats, so you know when your last backup was.	--
Feedback queuesynced	Feedback messages you have submitted — queued locally and sent to our feedback endpoint when you are online.	--
Anonymous signalssynced	Anonymized usage signals — page views, tap counts, and timing data.	--
AI data log	A transparency log of every AI API request made from your device — shows what sanitized data was sent, which provider was used, and how long it took.	--
Food corrections	Tracks corrections you make to AI food identification — used to improve accuracy over time by learning from mistakes.	--
AI usage	Tracks AI API usage for cost monitoring — records each request with model, task type, and token counts.	--
Prompt history	A record of AI-generated reflection questions — used to avoid repeating the same questions and to track prompt diversity over time.	--
Reflection program enrollments	Tracks your progress through guided reflection programs — which program you enrolled in, what day you are on, and your daily responses.	--
Food nutrition cache	Caches nutrition lookup results from the local database, Open Food Facts API, and AI estimates to avoid redundant lookups.	--
Food photos	Stores meal photos as base64 mementos attached to food entries.	--

View full schema details with example rows

Your Data Lives in Your Browser

Because Cadence stores everything locally, you have complete control -- but it also means you are responsible for backing it up. There is no automatic cloud copy unless you enable sync.

These actions will permanently delete your data:

Clearing your browser's site data or cookies
Uninstalling the PWA from your device
Using private or incognito browsing mode
Resetting your device or switching browsers

We recommend:

Export your data regularly (JSON or CSV)
Enable cloud sync for automatic encrypted backups

Export my data Set up cloud sync

What Leaves Your Device

Below is an exhaustive list of every network request Cadence makes. No hidden calls, no surprises.

Leaves device (with consent)

Anonymized usage signals
Push notification tokens
Feedback you submit
AI prompts (PII-sanitized)
Encrypted backup blobs

Never leaves device

Check-ins and mood values
Food logs (photos may be sent for AI recognition if enabled)
Reflections and journals
Goals and progress
Settings and preferences

Third-party services we use

Your coach keeps your secrets. Here is exactly what each service receives and what it never sees.

SambaNova / OpenAI-- Powers your AI coaching conversations

What we send:: PII-sanitized reflection text and today's check-in summaries. Names, emails, locations, and phone numbers are replaced with anonymous tokens before sending.; Never sees: Your name, email, historical entries, goals, mood values, food logs, or any data outside the current conversation; PII removed before sending. No data stored by provider.

Supabase-- Handles authentication, feedback, anonymous signals, and encrypted cloud backup

What we send:: Email and auth token (when you sign in), feedback text (when you submit it), anonymous usage counts, encrypted backup blobs (unreadable without your key); Never sees: Your check-ins, mood entries, reflections, goals, food logs, or any health data. Backup blobs are end-to-end encrypted.; Auth uses industry-standard tokens. Backup is end-to-end encrypted. Signals contain no personal content.

PostHog-- Anonymized analytics so we can improve the app

What we send:: Anonymous event names (like 'page viewed'), page paths, session duration, and browser type. Opt-in only.; Never sees: Any user content, mood values, food logs, personal notes, reflection text, or health data. IP addresses are anonymized.; Opt-out by default. Do Not Track respected. No session recording. No autocapture. Sensitive keys stripped from all events.

RevenueCat-- Manages your Pro subscription billing

What we send:: An anonymous app user ID (a random string, not your email), purchase receipts, and subscription status; Never sees: Your entries, reflections, goals, mood data, food logs, or any health information. No email or name is sent.; Anonymized user ID. Only active if you subscribe to Pro.

Open Food Facts-- Looks up nutritional information when you search for food

What we send:: Food search terms or barcode numbers that you enter; Never sees: Your account, mood data, reflections, goals, or any data beyond the specific food query. No authentication or user identifiers sent.; Public API. No login required. Only triggered by your food searches.

Open-Meteo-- Adds weather context to your check-ins when enabled

What we send:: Your latitude and longitude coordinates (geolocation is considered personal data under GDPR); Never sees: Your entries, mood data, food logs, reflections, goals, or account information. No authentication or user identifiers sent.; Only sends location when you enable weather auto-capture in Settings. Public API with no login.

Vercel-- Hosts the app and delivers updates

What we send:: Standard HTTP requests to load the app. API calls transit Vercel infrastructure.; Never sees: Any user data at rest. Vercel serves static files and proxies API requests without storing personal content.; Encrypted in transit (HTTPS). No personal data logged.

Show all 16 network requests in detail

Anonymous analytics: You control this
Destination:: PostHog (us.posthog.com)
Trigger:: Page views and feature usage (when consent is on)
What we send:: Anonymous event names, page paths, session duration, browser type
What we never send:: Entry content, mood values, food logs, personal notes, IP address (anonymized by PostHog); Settings > Privacy > Analytics consent

Error reporting: You control this
Destination:: PostHog (us.posthog.com)
Trigger:: When an unhandled error occurs (when consent is on)
What we send:: Error message, stack trace, browser type, page URL
What we never send:: Entry content, personal data, mood values, any user-generated text; Settings > Privacy > Error reporting

Feedback submission: You control this
Destination:: Supabase (ycqonykynyrkctbgwmwg.supabase.co)
Trigger:: When you tap the feedback button and submit
What we send:: Your feedback text, page context, timestamp
What we never send:: Entry content, mood data, personal notes, health data; You choose when to send feedback

Usage signals: You control this
Destination:: Supabase (ycqonykynyrkctbgwmwg.supabase.co)
Trigger:: Batched every few minutes (when analytics consent is on)
What we send:: Anonymous interaction signals: page views, entry type counts, timing data
What we never send:: Entry content, mood values, food descriptions, personal notes, reflection text; Settings > Privacy > Analytics consent

Push notification registration: You control this
Destination:: Browser push service (FCM, APNs, or Mozilla)
Trigger:: When you enable push notifications
What we send:: Push subscription endpoint token
What we never send:: Entry data, personal information, usage patterns, any Cadence content; Settings > Notifications > Push notifications

Push notification scheduling: You control this
Destination:: Supabase Edge Function
Trigger:: When you enable push notifications or change meal times
What we send:: Push subscription token, meal reminder times
What we never send:: Entry data, meal content, mood data, personal notes, health information; Settings > Notifications > Push notifications

AI coaching: You control this
Destination:: SambaNova Cloud (api.sambanova.ai) or your own API key provider
Trigger:: During reflection and coaching conversations
What we send:: Reflection prompts including your text (text is PII-sanitized before sending)
What we never send:: Historical entries, goals, settings, or any data outside the current reflection. Names, emails, phone numbers, and locations are stripped before sending.; Settings > AI provider

Service worker and app updates
Destination:: Vercel CDN (vercel.app)
Trigger:: Automatic when you open the app (checks for updates)
What we send:: Standard HTTP request (no personal data)
What we never send:: Entry data, personal information, usage patterns, any Cadence content

Cloud backup sync: You control this
Destination:: Supabase (ycqonykynyrkctbgwmwg.supabase.co)
Trigger:: When you sign in and tap Sync Now
What we send:: End-to-end encrypted data blob (unreadable without your key)
What we never send:: Unencrypted entry data -- the server only sees encrypted bytes; Settings > Sync & transfer > Sync now

Authentication: You control this
Destination:: Supabase Auth (ycqonykynyrkctbgwmwg.supabase.co)
Trigger:: When you sign in, sign up, or sign out
What we send:: Email address and auth token
What we never send:: Entry data, mood values, food logs, personal notes, health information; Account page (sign-in is optional)

Subscription billing: You control this
Destination:: RevenueCat (api.revenuecat.com)
Trigger:: When you subscribe, restore purchases, or the app checks entitlements
What we send:: Anonymous app user ID, purchase receipts, entitlement status
What we never send:: Entry content, mood values, food logs, reflections, goals, personal notes, health data; Subscription is optional — only active if you subscribe to Pro

Research challenge submission: You control this
Destination:: Supabase (ycqonykynyrkctbgwmwg.supabase.co)
Trigger:: User challenges a research-backed insight
What we send:: Insight ID and your reason for challenging the finding. Only what you explicitly type.
What we never send:: Entries, goals, reflections, health data; Only sent when you explicitly challenge an insight

Food database lookup: You control this
Destination:: Open Food Facts (world.openfoodfacts.org)
Trigger:: When you search for a food item or scan a barcode
What we send:: Food search terms or barcode numbers. User-Agent header identifies the app as Cadence.
What we never send:: Entry content, mood data, personal notes, health data, account information. No authentication or user identifiers are sent.; Only triggered by food search or barcode scan actions you initiate

Crash and error reporting (Sentry)
Destination:: Sentry (sentry.io)
Trigger:: When an unhandled JavaScript error or crash occurs — only if a DSN is configured for this build
What we send:: Error message, stack trace, browser type, page path (query string removed)
What we never send:: Entry content, mood values, food logs, reflection text, personal notes, cookies, IP address, request headers, or any user-generated data. `sendDefaultPii` is off and all URL query params are stripped before transport.; Only active in production builds configured with a Sentry DSN

Internal Discord alerts (server-side only): You control this
Destination:: Discord webhook (discord.com)
Trigger:: When a feedback submission is classified P0/P1. Runs server-side in the feedback API, never from your browser.
What we send:: The feedback text you submitted plus its priority and type — same data you sent through the feedback form
What we never send:: Entry content, mood values, food logs, reflections, goals, or any data outside the feedback you submitted. No browser identifiers.; Only triggered when you submit feedback

Weather data enrichment: You control this
Destination:: Open-Meteo (api.open-meteo.com)
Trigger:: When weather auto-capture is enabled and you create an entry
What we send:: Latitude and longitude coordinates (geolocation is considered personal data under GDPR)
What we never send:: Entry content, mood data, food logs, personal notes, account information. No authentication or user identifiers are sent.; Settings > Weather > Auto-capture weather

How AI Coaching Works

Your reflections are sent to an AI service for coaching responses. The AI does not store your data. Prompts include today's check-ins for context, but no historical data is sent. All text is automatically sanitized for personally identifiable information before it leaves your device.

Bring Your Own Key (BYOK)

When using your own API key, prompts go directly from your browser to your chosen provider (e.g., OpenAI). Cadence never sees them and cannot log or read them. Your key is stored only in your browser's local storage.

AI responses are generated in real-time and not stored by the provider
Your text is PII-sanitized before sending -- names, locations, emails, and phone numbers are replaced with anonymous tokens
Only today's check-ins are included for context -- no historical data is sent
You can disable AI features entirely in Settings

How We Strip Personal Details

Before any text is sent to an AI provider, Cadence automatically detects and replaces personally identifiable information (PII). Here is a real example of what the AI provider sees versus what you typed:

What you wrote in your check-in:

"Had lunch with Sarah at Café Luna on Main St. Feeling good, mood 4/5."

What the AI provider actually receives:

"Had lunch with [NAME] at [LOCATION]. Feeling good, mood 4/5."

What analytics signals look like:

{
  "event": "entry_completed",
  "type": "mood",
  "timestamp": "2026-03-25T14:00:00Z"
}

No mood value, no note text, no personal details -- just the event type and when it happened.

Your Data, Your Control

You own your data completely. Export it, inspect it, or delete it at any time.

Export your data

Settings > Privacy & Data > Export

View data schema

See every table, field, and example row

AI transparency log

See every AI request made from your device

Remember: clearing browser data deletes everything. See data loss details above and export regularly.

Verify It Yourself

You do not have to take our word for it. Open your browser's developer tools to see every network request Cadence makes in real-time.

Step 1: Watch network requests

1. Press F12 or Cmd+Option+I to open DevTools
2. Click the Network tab
3. Use Cadence normally and watch the requests appear
4. Click any request to see exactly what was sent

Firefox: same steps using the Network Monitor. Safari: enable the Develop menu in Preferences, then use Web Inspector.

Step 2: See your data stored locally

1. Open DevTools (F12) and go to the Application tab
2. In the left sidebar, expand IndexedDB and click CadenceDB
3. Browse the tables to see your actual data -- this confirms everything lives in your browser, not on a remote server

Step 3: Confirm only expected destinations

1. In the Network tab, use the filter/search bar to filter by domain
2. Confirm that requests only go to: lifecadence.app, posthog.com, supabase.co, sambanova.ai, revenuecat.com, openfoodfacts.org, and open-meteo.com
3. If you see any domain not in that list, something unexpected is happening -- let us know via feedback