PRIVACY POLICY

CADENCE INNOVATION LABS LLC – PRIVACY POLICY

Last updated :  August 21st, 2025

This Privacy Policy explains how Cadence Innovation Labs LLC — doing business as “Cadence” (“Cadence,” “we,” “our,” or “us”) — collects, uses, discloses, and safeguards your information when you:

  • visit cadenceinnovationlabs.com or any page that links to this Policy (the “Site”);

  • download or use the Cadence mobile applications (the “Apps”);

  • interact with us in e‑mail, support channels, surveys, beta programs, or events (together with the Site and Apps, the “Services”).

If you have questions, e‑mail eric@joincadence.ai.

QUICK SUMMARY

  • What we collect – account details, contact info, subscription data, and fitness / biometric data streamed from wearables you connect - Learn more in Section 1.

  • Why we use it – to deliver adaptive coaching, operate the Apps, secure the platform, comply with law, and communicate with you - Learn more in Section 2.

  • Legal bases (EEA/UK/Canada) – consent, contract performance, legitimate interests, legal obligations - Learn more in Section 3.

  • Sharing – with processors who help us run the Service (e.g., cloud hosting, payment platforms), in business transfers, or when you ask us to- Learn more in Section 4.

  • Your rights – access, correction, deletion, portability, opt‑out of marketing, and regional rights (e.g., CCPA, CPRA, VCDPA) - Learn more in Sections 8-11.

  • Security & retention – industry‑standard safeguards; we keep data only as long as needed - Learn more in Sections 6-7.

TABLE OF CONTENTS

  1. What information do we collect?

  2. How do we use (“process”) your information?

  3. What legal bases do we rely on?

  4. When and with whom do we share data?

  5. Cookies & similar tech

  6. How long do we keep data?

  7. How we protect data

  8. Your privacy rights

  9. Do‑Not‑Track signals

  10. California privacy rights

  11. Virginia privacy rights

  12. Updates to this Policy

  13. Contact us

  14. Review / update / delete your data

1. WHAT INFORMATION DO WE COLLECT?

a) Information you give us

Category & Examples

  • Account & profile (e.g. Name; e‑mail; password; avatar; preferred units)

  • Subscription & billing (e.g. Apple / Google‑Play transaction IDs (payment details stay with the storefront))

  • Feedback & support: (e.g. Messages, survey responses, beta feedback)

b) Information we receive automatically

Category, Examples & purpose

  • Device & usage (e.g. IP address, device IDs, OS, browser, crash logs, in‑App actions → security, diagnostics, analytics)

  • Log & telemetry (e.g. Time‑stamps, feature use, referral URL → product improvement)

  • Location (optional) (e.g. GPS route data for mapping & pace calculations (disable in device settings to opt‑out))

c) Information from connected wearables (Sensitive / biometric)

With your explicit permission we ingest heart‑rate, pace, cadence, distance, motion and related exercise metrics broadcast over Bluetooth LE or via a vendor API (e.g., Apple HealthKit). These data are used solely to generate in‑workout coaching and post‑workout analytics.

We do not collect data from minors and the Services are intended for users age 18+.

d) Microphone Access (Android only)

If you use the Android version of our Apps and enable voice commands, we request permission to access your device’s microphone. This access is used solely for real-time speech-to-text transcription to enable hands-free interaction during workouts.

We do not record, store, or share any audio data captured via the microphone. The voice input is processed on-device or by trusted speech recognition providers solely for generating text. No audio is saved or sent to our servers.

Summary Table of Collected Information

The following table maps the categories of personal information we collect, examples, our business purposes for using the data, and with whom we may share it:

Category Examples Purpose Shared With
Identifiers Name, email, account login Account creation, authentication, communication Cloud hosting (AWS), App Stores (Apple/Google)
Subscription/Billing Transaction IDs, subscription tier Manage subscriptions, customer support, legal compliance App Stores (Apple/Google)
Device & Usage Info IP address, device IDs, logs Diagnostics, analytics, fraud prevention Cloud hosting (AWS), analytics providers
Location Data (Sensitive) GPS routes, pace, distance Real-time workout tracking & analytics None (not sold/shared)
Biometric/Fitness Data (Sensitive) Heart rate, cadence, motion Real-time adaptive coaching, workout analytics None (not sold/shared)
Feedback & Support Survey responses, support messages Improve services, customer support None

2. HOW DO WE PROCESS YOUR INFORMATION?

Purpose & Examples of processing

  • Provide the Service (e.g. Pair with wearables, compute real‑time zones, deliver AI voice prompts, store workouts)

  • Account management (e.g. Sign‑up, log‑in, subscription management, restore purchases)

  • Customer support (e.g. Respond to e‑mails, bug reports, surveys)

  • Research & development (e.g. Aggregate, de‑identify usage statistics to improve coaching models)

  • Marketing (e.g. Send product updates or offers (you may opt out at any time)

  • Legal / security (e.g. Detect fraud, enforce Terms, respond to lawful requests)

We do not use your biometric data for advertising or sell it to third parties.

3. LEGAL BASES (EEA / UK GDPR, CANADA PIPEDA)

  • Consent – when you connect a wearable, enable location, or join beta programs.

  • Contract – to deliver the Services you request.

  • Legitimate interests – to develop and secure our platform.

  • Legal obligation – to keep tax or accounting records, comply with court orders.

You may withdraw consent at any time (see section 8).

4. WHEN & WITH WHOM WE SHARE DATA

Recipient & Reason

  • Cloud infrastructure & analytics (e.g., AWS, Google Cloud, Amplitude). Used for hosting, data processing, product analytics

  • Payment & app‑store providers (Apple, Google). Used managing subscriptions and refunds

  • AI & speech vendors (e.g., 11 Labs for TTS) . Used for generating voice prompts; only the text of the prompt, never raw biometric streams

  • Business transfers. Used for an acquisition, merger, or asset sale (we will notify you).

  • Legal / safety. To comply with subpoenas or protect rights, property, or safety

All processors are bound by strict data‑protection agreements.

If you reside in the EEA or UK, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and additional safeguards to protect your information in accordance with GDPR requirements.

5. COOKIES & SIMILAR TECH

The Site uses first‑ and third‑party cookies for analytics and session management. Manage preferences in your browser or review our full Cookie Notice (link in Site footer).

6. DATA RETENTION

We keep personal data only as long as necessary for the purposes described or as required by law. Workout and biometric history remain until you delete it or close your account.

Billing & Transaction Records: Retained for up to 7 years as required by tax and accounting laws.

Back‑ups are purged on a rolling 30‑day schedule.

When you delete your account, your data is removed from active systems immediately. Copies may persist in encrypted backups for up to 30 days, after which they are automatically permanently deleted. These backups are not used for routine access or processing and are automatically overwritten after the retention window.

Sensitive Personal Information (SPI)

Cadence processes sensitive personal information, such as biometric workout data (e.g., heart rate, cadence) and precise geolocation, solely to provide and improve the Service. We do not use or disclose sensitive personal information for advertising, profiling, or any purpose not permitted under California Civil Code §1798.121. California residents may exercise their right to limit the use of SPI (see Section 10).

7. SECURITY

Cadence employs SOC‑2–aligned controls: encryption in transit (TLS 1.2+), encryption at rest (AES‑256), least‑privilege access, routine pen‑testing, and incident‑response procedures. No Internet system is 100 % secure; you transmit data at your own risk.

8. YOUR PRIVACY RIGHTS

Depending on your region you may have the right to:

  • access or download a copy of your data in a portable format (e.g. JSON/CSV);

  • correct inaccurate data;

  • delete your account and associated data;

  • restrict or object to certain processing;

  • withdraw consent;

  • opt out of marketing e‑mails (click “unsubscribe” in any message).

To exercise rights, e‑mail eric@joincadence.ai or submit an in‑App request. We will respond within the timelines required by applicable law.

We provide exports in standard machine-readable formats (e.g., CSV/JSON) covering account data, subscription history, and workout summaries. Raw biometric time-series can be included upon request.

9. DO‑NOT‑TRACK

Because there is no uniform DNT standard, Cadence does not currently respond to DNT signals.

10. CALIFORNIA PRIVACY (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected about you.

  • Right to Delete: Request that we delete personal information we hold, subject to certain exceptions.

  • Right to Correct: Request that we correct inaccurate personal information.

  • Right to Opt Out of Sale/Sharing: Request that we do not sell or share your personal information. Cadence does not sell or share your data for cross-context behavioral advertising.

  • Right to Limit Use of Sensitive Personal Information: Restrict our use of SPI (e.g., biometric and location data) to only what is necessary to provide the Service.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, email us at eric@joincadence.ai with “California Rights Request” in the subject line or submit a request via the App.

11. VIRGINIA PRIVACY (VCDPA)

Virginia residents may exercise rights of access, correction, deletion, and opt‑out of targeted advertising as detailed in § 8. Appeals may be sent to the same address; unresolved complaints may be raised with the Virginia Attorney General.

12. CHANGES TO THIS POLICY

We may update this Policy periodically. Material changes will be highlighted in‑App or on the Site. The “Last updated” date reflects the latest revision. Continued use after an update constitutes acceptance.

13. CONTACT US

Cadence Innovation Labs LLC

118 35th Street,

Hermosa Beach, CA 90254

eric@joincadence.ai

14. REVIEW / UPDATE / DELETE YOUR DATA

To protect your privacy and security, we verify consumer requests by matching the information you provide (such as your account email, device authentication, or transaction records) with the information already on file. We may request additional information if necessary to confirm your identity.

Submit an in‑App request under Settings or e‑mail eric@joincadence.ai. If we deny your privacy request, you may appeal our decision by emailing eric@joincadence.ai with “Appeal” in the subject line. We will review and respond within the time required by law. If you remain unsatisfied, you may contact your state Attorney General.

When you delete your account, we permanently erase your personal identifiers and unlink them from workout data. Remaining workout data is stored only in a de-identified form that cannot reasonably be re-associated with you. We may retain de-identified or aggregated workout data (e.g., GPS traces, heart rate samples) that cannot reasonably identify you, for analytics and product improvement.

© 2025 Cadence Innovation Labs LLC. All rights reserved.