Privacy Policy

Cadence · Last updated 31 May 2026

Cadence is an iOS app that turns your workouts into shareable images. This policy explains what data Cadence accesses, how it is handled, and your rights. It is written to meet the requirements of the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Cadence is operated by Marco Haber (Limassol, Cyprus), referred to here as “we” or “us.” If you have any questions, contact support@try-cadence.com.

The short version

• Cadence runs on your device. We do not operate user accounts or a central database of your activity data.
• If you connect Strava, your activity data is fetched directly to your device and stored only on your device.
• We never sell or share your data, and we never use it to train artificial-intelligence or machine-learning models.
• Disconnecting Strava deletes the related data from your device.

Data we access

Apple Health (HealthKit). With your permission, Cadence reads workout data from Apple Health on your device (such as activity type, distance, duration, elevation, and route, where available) to build overlays. This data is read on your device and is not transmitted to us. Cadence does not write data to Apple Health. Health data is never used for advertising and is never shared.

Strava. If you choose to connect your Strava account, Cadence requests the activity:read_all permission. This allows Cadence to read your Strava activities, including those marked private, so that it can display them and build overlays from them. We request this scope only to show you your own activities; we do not access other athletes’ data.

How your Strava connection works

To connect to Strava, Cadence uses Strava’s standard OAuth authorization. Because Strava requires a confidential client secret for this exchange, Cadence uses a small server component (a stateless Cloudflare Worker) solely to exchange and refresh authorization tokens with Strava. This server:

• holds the application’s Strava client secret so it never ships inside the app;
• passes authorization codes and refresh tokens to Strava and returns the resulting tokens to your device;
• does not store your tokens, your activity data, or any personal data, and keeps no database or logs of your personal information.

All of your actual activity data is fetched directly from Strava to your device; it does not pass through our server.

Where your data is stored

• Strava access and refresh tokens are stored securely in the iOS Keychain on your device. They are never stored on our servers.
• A local cache of your recently fetched Strava activities is stored on your device to make the app fast and usable offline. In line with Strava’s API terms, no Strava data is kept in this cache for longer than seven days.
• Photos you select for an overlay are read from your photo library on your device to compose the image. Exported images are saved to your photo library at your request. Photos are not transmitted to us.

We do not maintain a server-side copy of your Health data, Strava activity data, photos, or tokens.

Artificial intelligence and machine learning

We do not use your Strava data, directly or indirectly, for training artificial-intelligence or machine-learning models, in keeping with the Strava API Agreement. Should Cadence ever introduce features that involve such processing, those features will not use Strava-sourced data.

Deleting your data

You are in control of your data at all times:

• Disconnecting Strava in Cadence’s settings deletes the stored Strava tokens and the local activity cache from your device, and revokes Cadence’s access to your Strava account.
• Deleting the app removes all data Cadence stored on your device.
• You can also review and revoke Cadence’s access at any time from your Strava connected-apps settings, and manage Cadence’s Health permissions in the iOS Settings app.

Sharing and selling

We do not sell your personal data, and we do not share it with third parties for their own purposes. Your data is processed only to provide the app’s functionality on your device.

Third-party services

Cadence interacts with Apple (HealthKit and your photo library) and, if you connect it, Strava. Your use of Strava is also governed by Strava’s Privacy Policy. Our server component is hosted on Cloudflare; Cloudflare may process technical connection information (such as IP addresses) as part of routing requests, as described in Cloudflare’s privacy documentation.

Your rights

Under the GDPR and UK GDPR, you have rights to access, correct, and delete your personal data, and to object to or restrict its processing. Because Cadence stores your data on your own device rather than on our servers, you can exercise most of these rights directly, by managing the connection in-app, adjusting iOS permissions, or deleting the app. For any other request, contact us at support@try-cadence.com.

Children

Cadence is not directed to children under the age of 16, and we do not knowingly collect personal data from them.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the date at the top of this page.

Contact

Marco Haber
Limassol, Cyprus
support@try-cadence.com