Cadence — Privacy Policy
Last updated: 12 July 2026
Cadence is made by Trion Technology, a solo developer based in Malaysia. This policy explains exactly what Cadence does with your information. It is written to be read, not to be survived.
The short version: Cadence works fully offline and stores your habits on your own device. If you choose to create an account, a copy is stored on our server so it can sync across your devices. We do not sell your data, we do not advertise, and we do not track you.
1. Who we are
Trion Technology ("we", "us") Contact: freddy.chia@trioncreation.com
We are the data controller for the information described below.
2. What we collect, and why
If you never create an account
Nothing. Your habits, check-ins and settings live only on your device. Cadence does not contact our server at all. We have no way to see any of it.
If you create an account (optional)
| What | Why | Legal basis (GDPR) |
|---|---|---|
| Email address | To identify your account, let you sign in, and send password resets. | Art. 6(1)(b) — performance of a contract |
| Password | To secure your account. Stored only as an Argon2id hash — we never store, see, or can recover the password itself. | Art. 6(1)(b) |
| Your habits — their names, colours, weekly goals, check-in dates, and pause/archive state | This is the thing being synced. It is the entire purpose of the account. | Art. 6(1)(a) and Art. 9(2)(a) — your explicit consent |
| Sync timestamps | To merge changes correctly between devices. | Art. 6(1)(b) |
A habit name can be sensitive, and we treat it that way. "Take my medication", "AA meeting", "Pray at dawn", "Therapy homework" — a habit name can reveal health, religion, or recovery status. Under GDPR that is special-category data, and we do not collect it on an implied yes. That is why creating an account requires you to tick an unticked box that says so plainly. You can withdraw that consent at any time by deleting your account (see §6), and Cadence keeps working offline exactly as before.
If you buy Cadence Pro
Purchases are processed by Apple or Google, and managed for us by RevenueCat. We never see your card details. RevenueCat receives an anonymous app user ID and your subscription status.
Crash reports (optional, off by default)
If you turn on crash reporting in Settings, we receive the technical details of a crash — the error, the app version, the device model and OS. We configure this to exclude personal information, and it never includes your habit names. Legal basis: Art. 6(1)(f), our legitimate interest in the app not crashing. You can turn it off at any time.
3. What we do NOT do
- We do not sell your personal information, and we do not share it for cross-context behavioural advertising.
- There are no advertising SDKs, no analytics SDKs that profile you, and no third-party trackers in Cadence.
- We do not send marketing email unless you separately, explicitly ask for it — and every such email has an unsubscribe link.
- We do not use your data to train machine-learning models.
4. Who we share it with
Only the services required to run the app:
| Recipient | What they get | Where |
|---|---|---|
| [YOUR VPS HOST] | Hosts the database (your email + habits) | [REGION] |
| RevenueCat | Anonymous app user ID, subscription status | USA |
| Apple / Google | Payment processing | Global |
| [EMAIL PROVIDER] | Your email address, to send password resets | [REGION] |
| Expo | Build and update infrastructure | USA |
Each is bound by a data-processing agreement. Transfers outside the EEA rely on the European Commission's Standard Contractual Clauses.
5. How long we keep it
- Your habits and account: until you delete your account.
- Inactive accounts: deleted after 24 months of no sign-in. We email you first.
- Backups: encrypted, and rotated out within 30 days.
- Deleted accounts: removed from the live database immediately, and from backups within 30 days.
6. Your rights
You can exercise all of these inside the app, without asking us:
- See and export your data — Settings → Your data → Export. Gives you everything, as JSON.
- Delete everything — Settings → Account → Delete account. This is immediate and permanent: your account and every habit and check-in on the server are erased. (Also available without signing in, at https://cadence.trioncreation.com/delete-account.)
You also have the right to correct your data, to restrict or object to processing, to withdraw consent, and to lodge a complaint with a supervisory authority — in the EU/UK with your national data protection authority, and in Malaysia with the Jabatan Perlindungan Data Peribadi (JPDP).
Email freddy.chia@trioncreation.com and we will respond within one month.
7. Security
Passwords are hashed with Argon2id. All traffic is encrypted with TLS. The database is encrypted at rest. We do not log personal information. If a breach ever affects your data, we will notify the relevant authority within 72 hours and you without undue delay.
8. Children
Cadence is not intended for anyone under 16, and creating an account requires you to confirm you are 16 or older. We do not knowingly collect data from children. If we learn that we have, we delete the account and its data. If you believe a child has created an account, email us.
9. Changes
If we change this policy in a way that affects you, we will tell you in the app before the change takes effect.
Placeholders in [BRACKETS] must be filled before this page is published.