Skip to content
Cadence
Sign inStart free trial

Security and privacy

Consent-first people intelligence.

Cadence is designed around visible capture, current flat Admin/Member access, human approval, no model training on customer data, and an honestly labeled security maturity roadmap.

Start free trialRead resources
Current: flat Admin/Member permissions, consent-first capture, human approval, and no customer data used to train AI models. Roadmap: granular role-aware access and SOC 2 Type II readiness remain labeled as Coming Q3 / roadmap work until shipped.

All-party consent

Meeting capture is consent-first and visible to participants. Raw audio and transcripts follow configurable retention.

Human approval

AI drafts summaries and coaching, but humans approve memorialized meeting records and own outbound communication.

Enterprise posture

Encryption, current flat Admin/Member access, audit trails, DPA process, and SOC 2 Type II roadmap are stated honestly.

Security architecture

Specifics for buyers, legal, and IT.

Cadence holds sensitive workforce data: 1:1 conversations, performance context, ER cases, recognition, goals, and survey signal. The trust model keeps current controls explicit and roadmap controls clearly labeled.

Encryption

Customer data is encrypted in transit and at rest. Per-tenant key management remains roadmap-labeled until it is production-ready.

Infrastructure

Production workloads run on Google Cloud Platform with containerized services, managed PostgreSQL, and Redis used for cache-only paths.

Access control

Current access uses flat Admin/Member permissions. Granular manager, employee, HR, and CHRO access controls remain roadmap work.

Audit logging

Administrative actions, exports, and sensitive-record access generate audit records designed for review and export workflows.

AI data handling

Customer workforce data is processed for tenant-specific summaries, coaching, and signal. It is not used to train AI models.

Vulnerability management

Dependency and container scanning are part of the build path; SOC 2 Type II readiness is described as roadmap until complete.

Meeting consent

All-party consent. No silent capture.

Meeting content is inherently sensitive. Cadence is designed so recording and AI processing are visible, opt-in, revocable, and fail-closed.

  1. 1Tenant enables recording only after privacy prerequisites are complete.
  2. 2Every meeting starts in non-recorded mode; capture is never passive.
  3. 3Participants see what is captured, why, retention, and a clear decline path.
  4. 4Capture unlocks only after all required participants consent.
  5. 5Any participant can revoke consent; revocation stops future capture and processing.

Compliance posture

Honest status, not vague assurance.

AreaCadence postureStatus
GDPRProcessor posture for customer workforce data; EU employee recording requires lawful-basis mapping, DPIA, and non-recording fallback.In progress
CCPA / CPRAService-provider posture; no sale or sharing of workforce data.Ready for customer DPA review
SOC 2 Type IIControls and evidence collection are roadmap/readiness work, not a completed certification claim.Roadmap
AI governanceAI drafts, summarizes, and coaches; humans own judgment and outbound communication.Current design principle