Cadence operates on sensitive workforce data — 1:1 conversations, performance records, HR cases, compensation context. We hold this data with the care it demands. Here's exactly how we think about security, consent, and compliance.
This page is for security-conscious buyers, legal teams, and IT professionals who need specifics, not vague reassurances.
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Customer-specific key management is on our Q3 2026 roadmap. AI processing runs over encrypted channels and returns results to isolated tenant environments.
Hosted on Google Cloud Platform (GCP) in us-central1. Production workloads run on Cloud Run (containerized, auto-scaling). Database: Cloud SQL (PostgreSQL) with point-in-time recovery. Redis for caching only — no PII.
Persona-based access control is live in production: self-serve workspaces provision role-scoped views for admins, HR/CHRO, managers, and employees, so each role sees only what it should. Fully custom role definitions remain roadmap.
Administrative actions and access to sensitive ER records generate audit logs. Export packaging and full AI-output audit coverage are handled case-by-case during beta unless separately verified for a tenant.
Cadence does not train AI models on customer data. AI summaries and coaching process meeting content only for that tenant's outputs and are not used in model training.
Dependency scanning on every CI build. Container image scanning before deploy. Security patches applied within 48 hours for critical CVEs. Penetration test cadence: annual. Bug bounty program: coming Q3 2026.
Cadence's policy is stricter than most applicable laws: explicit, all-party consent before any recording or AI processing of a meeting. The system is fail-closed — if consent isn't received from every participant, the recording doesn't start. There is no override for administrators or managers.
This isn't a legal position — it's a design philosophy. Meeting content is inherently sensitive. The default should protect employees, not the organization's administrative convenience.
Honest, current, with GA gate requirements stated clearly. Last updated: July 2026.
| Regulation | Cadence Posture | Status / Gate |
|---|---|---|
GDPR EU / EEA employee data | Cadence acts as a data processor for customer workforce data. Consent UX provides transparency and control; it is not the sole lawful basis. EU employee recording requires lawful-basis mapping, DPIA, and non-recording fallback. | In Progress DPIA, lawful basis mapping, DSR workflow, and transfer register required before EU production launch. |
CCPA / CPRA California employee data | Cadence is a service provider / contractor by default. No sale or sharing of workforce data. Employee rights workflow covers access, deletion, and correction requests. | Ready Notice at collection, access/delete/correct workflows, and sensitive personal information review complete. |
BIPA Illinois biometric data | Voiceprint and speaker identification are biometric data under BIPA. Cadence's position: plain audio transcript is allowed under recording consent controls; speaker ID, voice profiling, and voice matching are disabled without specific BIPA approval. No biometric features without written release. | Protected No identity-capable voice features without explicit BIPA-compliant written release and retention policy. |
Recording Law Multi-jurisdiction | Product policy is all-party consent everywhere — stricter than most applicable laws. Jurisdiction resolution happens at session time. Unknown jurisdictions default to recording off. | Implemented Consent receipt chain, visible recording state, stop-on-revoke, and non-recording fallback all in production. |
SOC 2 readiness Security audit readiness | SOC 2 readiness is in progress. Current controls are being prepared against the Trust Services Criteria. Controls documentation is available to enterprise customers under NDA. | Readiness in progress Controls documentation in progress. Auditor engagement pending — no signed engagement letter yet. |
We believe in stating retention periods clearly. These are defaults; Enterprise customers can configure custom periods within policy bounds.
| Data Class | Default Retention | Notes |
|---|---|---|
| Raw audio (if recorded) | 15 days | Auto-deleted unless legal hold or approved customer extension. Never used for AI training. |
| Meeting transcript (draft) | 180 days | Delete or promote to approved summary. Employee can request deletion at any time. |
| AI coaching outputs | 365 days | Retention and lane visibility are configured during preview tenant setup. Not used for AI model training. |
| Consent & policy receipts | 7 years | Immutable evidence records. Tamper-evident and access-controlled. Not deletable by tenant admins. |
| ER case records | 7 years after case closure | Legal hold overrides deletion. Live role-based access separates workspace admin, manager, and employee views; deeper HR, executive, and auditor policy surfaces remain entitlement-scoped. |
| 1:1 notes and agendas | Duration of employment + 1 year | Employee can export their own data at any time via DSAR process. |
| Survey responses | 3 years | Raw responses anonymized at source. Aggregated insights retained longer. |
Data subject access requests (DSARs) can be submitted via your HR admin or directly at [email protected]. We respond within 30 days.
Our security maturity roadmap — honest about current state and committed target dates.
AES-256 at rest, TLS 1.3 in transit. In production.
Additional customer-specific key controls. Targeted Q3 2026.
Fail-closed consent system with immutable receipt chain, revocation hooks, and non-recording fallback. In production.
Live role-based access separates workspace admin, manager, and employee views. Deeper HR, executive, and auditor policy surfaces remain entitlement-scoped.
Access, deletion, correction, and export workflows in production. DSAR response SLA: 30 days.
Controls documentation in progress. Auditor engagement pending — no signed engagement letter yet.
Data Protection Impact Assessment, lawful basis mapping, and EU data residency option in progress.
External penetration test by certified third party. Summary report available to Enterprise customers on request.
Responsible disclosure program with CVSSv3-based rewards. Details to be published at cadencehr.ai/security/bounty.
Enterprise customers — and any customer with EU employees or GDPR obligations — can request a Data Processing Agreement (DPA). Our standard DPA covers:
Full sub-processor list with notification policy available to customers on request.
If you have specific security or compliance requirements, we'd rather have a real conversation than send you a generic PDF. Reach out and we'll schedule time with our engineering and legal team.