Cadence

Privacy Policy

Last updated: 2026-04-23

Cadence is software for Instagram creators. This policy describes what we collect, why, and how we protect it. Plain language, no legalese dressed up as clarity.

Who we are

Cadence is operated by Vikas Bendha, trading as Cadence. Contact: connect@vikasbendha.com. If you are an Italian or EU resident, we are the data controller for your account under the GDPR.

What we collect

  • Account data — email, name, workspace name, timezone, language preference. Required to run the service.
  • Instagram public data — on your behalf we scrape publicly available reels of accounts you add as your own or as competitors. We do not log into Instagram. We do not access private accounts. Data is fetched through Apify using your own Apify key.
  • AI provider keys — you connect your own Apify, Google AI, OpenRouter, and Anthropic keys. We encrypt them with AES-256-GCM before writing to disk. They are never stored in plaintext, never logged, and never leave Cadence decrypted.
  • Usage logs — the model runs, scrape runs, and actions you take inside the app, so we can show you costs and debug failures.
  • Billing data — handled by Stripe. We store your Stripe customer id, subscription status, and period end. We never see your card number.

Google Calendar integration

If you connect Google Calendar from Settings → Integrations, Cadence asks Google for the https://www.googleapis.com/auth/calendar.events scope. We use this scope for one purpose only: to create, update, and delete events on the calendar you pick whenever you schedule, reschedule, or unschedule a post inside Cadence. We never read other events on your calendar, never share calendar data with third parties, and never use it to train AI models. The refresh + access tokens Google issues are encrypted at rest with AES-256-GCM and are deleted immediately when you click Disconnect in Settings. Cadence's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Why we collect it

To provide the service, to show you how much your own API keys are costing, to send you the reports and notifications you opted into, and to comply with tax and accounting law.

BYOK — bring your own keys

You pay Apify, Google, OpenRouter, and Anthropic directly. Cadence bills only its own software subscription. Your keys are your property; you can rotate or revoke them from Settings at any time.

Subprocessors

We use a short list of third parties to run Cadence: Vercel (application hosting), Supabase (Postgres database + auth), Stripe (payments), Resend (transactional email), Apify (Instagram scraping — your key), OpenRouter (LLM routing — your key), Google AI (embeddings — your key, optional), Anthropic (LLM — your key, optional), and Google Calendar (one-way calendar sync — your OAuth grant, optional). The full list with locations and DPAs is published at /legal/subprocessors.

Retention

  • Archived content items: 90 days from the archive date, then deleted.
  • Audit logs: 12 months, then rolling deletion.
  • Account data: kept while your account is active. On deletion, purged within 30 days except where law requires us to retain records.
  • Google Calendar tokens: kept until you click Disconnect or delete your account, whichever comes first. Deletion is immediate.

Cookies

Session cookies only. We do not use third-party analytics cookies or tracking pixels without your consent.

Your rights

You can access, export, or delete your data at any time. Email connect@vikasbendha.com or use the Settings page. EU users have full GDPR rights including the right to object and the right to lodge a complaint with a supervisory authority.

Changes

We'll tell you in-app and by email before any change that expands what we collect or share.

Version v2 · Updated 2026-04-23