Cadence operates on sensitive workforce data โ 1:1 conversations, performance records, HR cases, compensation context. We hold this data with the care it demands. Here's exactly how we think about security, consent, and compliance.
This page is for security-conscious buyers, legal teams, and IT professionals who need specifics, not vague reassurances.
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys are per-tenant. AI processing runs over encrypted channels and returns results to isolated tenant environments.
Hosted on Google Cloud Platform (GCP) in us-central1. Production workloads run on Cloud Run (containerized, auto-scaling). Database: Cloud SQL (PostgreSQL) with point-in-time recovery. Redis for caching only โ no PII.
Role-based access controls enforced at the API layer. Manager coaching is separated from employee coaching at the data layer โ not just the UI. ER records have separate access controls with HR-only visibility.
All administrative actions, data exports, and access to sensitive records (ER cases, AI outputs) generate immutable audit logs. Logs retained 7 years. Available for export on request.
Cadence does not train AI models on customer data. Meeting transcripts and 1:1 content are processed for the specific tenant's coaching outputs and are not used in model training. Coaching outputs are tenant-isolated.
Dependency scanning on every CI build. Container image scanning before deploy. Security patches applied within 48 hours for critical CVEs. Penetration test cadence: annual. Bug bounty program: coming Q3 2026.
Cadence's policy is stricter than most applicable laws: explicit, all-party consent before any recording or AI processing of a meeting. The system is fail-closed โ if consent isn't received from every participant, the recording doesn't start. There is no override for administrators or managers.
This isn't a legal position โ it's a design philosophy. Meeting content is inherently sensitive. The default should protect employees, not the organization's administrative convenience.
Honest, current, with GA gate requirements stated clearly. Last updated: May 2026.
| Regulation | Cadence Posture | Status / Gate |
|---|---|---|
GDPR EU / EEA employee data |
Cadence acts as a data processor for customer workforce data. Consent UX provides transparency and control; it is not the sole lawful basis. EU employee recording requires lawful-basis mapping, DPIA, and non-recording fallback. | In Progress DPIA, lawful basis mapping, DSR workflow, and transfer register required before EU production launch. |
CCPA / CPRA California employee data |
Cadence is a service provider / contractor by default. No sale or sharing of workforce data. Employee rights workflow covers access, deletion, and correction requests. | Ready Notice at collection, access/delete/correct workflows, and sensitive personal information review complete. |
BIPA Illinois biometric data |
Voiceprint and speaker identification are biometric data under BIPA. Cadence's position: plain audio transcript is allowed under recording consent controls; speaker ID, voice profiling, and voice matching are disabled without specific BIPA approval. No biometric features without written release. | Protected No identity-capable voice features without explicit BIPA-compliant written release and retention policy. |
Recording Law Multi-jurisdiction |
Product policy is all-party consent everywhere โ stricter than most applicable laws. Jurisdiction resolution happens at session time. Unknown jurisdictions default to recording off. | Implemented Consent receipt chain, visible recording state, stop-on-revoke, and non-recording fallback all in production. |
SOC 2 Type II Security audit |
SOC 2 Type II audit is on the security roadmap for H2 2026. Current controls are designed to the SOC 2 Type II Trust Services Criteria. Controls documentation available to enterprise customers under NDA. | Roadmap H2 2026 Controls in place. Audit engagement target: Q3 2026. Report expected Q4 2026. |
We believe in stating retention periods clearly. These are defaults; Enterprise customers can configure custom periods within policy bounds.
| Data Class | Default Retention | Notes |
|---|---|---|
| Raw audio (if recorded) | 30 days | Auto-deleted unless legal hold or approved customer extension. Never used for AI training. |
| Meeting transcript (draft) | 180 days | Delete or promote to approved summary. Employee can request deletion at any time. |
| AI coaching outputs | 365 days | Manager and employee coaching lanes retained and deleted separately. Not shared cross-lane. |
| Consent & policy receipts | 7 years | Immutable evidence records. Tamper-evident and access-controlled. Not deletable by tenant admins. |
| ER case records | 7 years after case closure | Legal hold overrides deletion. Separate access controls from manager/employee views. |
| 1:1 notes and agendas | Duration of employment + 1 year | Employee can export their own data at any time via DSAR process. |
| Survey responses | 3 years | Raw responses anonymized at source. Aggregated insights retained longer. |
Data subject access requests (DSARs) can be submitted via your HR admin or directly at privacy@cadencehr.ai. We respond within 30 days.
Our security maturity roadmap โ honest about current state and committed target dates.
AES-256 at rest, TLS 1.3 in transit, per-tenant key management on GCP.
Fail-closed consent system with immutable receipt chain, revocation hooks, and non-recording fallback. In production.
Manager / employee / HR / CHRO / admin roles with separate data access controls enforced server-side.
Access, deletion, correction, and export workflows in production. DSAR response SLA: 30 days.
Audit firm engaged, controls documentation complete. Audit period: Q3 2026. Report expected Q4 2026.
Data Protection Impact Assessment, lawful basis mapping, and EU data residency option in progress.
External penetration test by certified third party. Summary report available to Enterprise customers on request.
Responsible disclosure program with CVSSv3-based rewards. Details to be published at cadencehr.ai/security/bounty.
Enterprise customers โ and any customer with EU employees or GDPR obligations โ can request a Data Processing Agreement (DPA). Our standard DPA covers:
Full sub-processor list with notification policy available to customers on request.
If you have specific security or compliance requirements, we'd rather have a real conversation than send you a generic PDF. Reach out and we'll schedule time with our engineering and legal team.