Privacy Policy
Last Updated: June 20, 2026
Daniel Sticker ("we", "us", "our") operates the Cadenza service (the "Service") as a paid service. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law. The data-subject rights described below apply in full to every natural person whose personal data we process.
I. Information We Collect.
When you create an account, we collect your name, email address, and authentication provider (such as Google or GitHub). When you subscribe, we collect the billing details needed to process your payment, handled by our payment processors as described below. When you use the Service, we collect usage data including pages visited, features used, and interactions with the Service through analytics. When you connect your own LinkedIn account, we process data from that account on your instruction to provide the outreach features, as described in Section VII below. When you use the support chat, we collect the messages and any attachments you send.
II. How We Use Your Information.
We use your information to provide and maintain your account, process your subscription and payments, send transactional emails (such as verification, password reset, and support replies), send service-related communications that are necessary to operate your account (for example security notices and material changes to the Service), and improve the Service through aggregated, pseudonymized analytics. We use the data from a connected account only to provide the features you ask for, on your instruction. We do not sell, share, or rent your personal data to third parties for marketing purposes, and we do not sell or resell data from your connected account. Any optional, promotional communications are sent only where you have given consent, and you can withdraw that consent at any time.
III. Legal Basis for Processing.
We process your data on the following legal bases under the GDPR: contract performance (Art. 6(1)(b)) to provide your account, your subscription, and the Service, legitimate interest (Art. 6(1)(f)) to improve the Service and ensure security, compliance with a legal obligation (Art. 6(1)(c)) where we are required to retain data, for example the billing and invoice records we must keep for tax and accounting purposes, and consent (Art. 6(1)(a)) where explicitly given, for example for optional communications.
IV. Third-Party Processors.
We use the following GDPR-compliant third-party services to operate the Service: Convex (EU, Ireland) for database and backend infrastructure, Cloudflare (Workers) for hosting and deployment, Unipile for LinkedIn account access, Resend for transactional email delivery, Autumn and Stripe for billing and subscription management, OpenRouter for AI features, and PostHog for product analytics. Each of these processors maintains appropriate technical and organizational measures to protect your personal data. Section VI describes how we handle payment data, and Section VII describes how connected-account data is handled.
Inside the signed-in application (never on our public pages), PostHog also records session replays of your own use of the app interface, such as the dashboard, settings, and support chat, so we can diagnose problems and improve the Service. A replay captures only your own interactions with the application; it does not capture your connected LinkedIn account's contacts or message content, which are processed through your AI assistant and are never rendered in our web app. The legal basis is our legitimate interest in operating and improving the Service (Art. 6(1)(f) GDPR), and you may object at any time using the contact details below.
V. International Data Transfers.
Some of our processors operate outside the European Union, including in the United States (for example Cloudflare, Stripe, Resend, and PostHog). Where personal data is transferred to a processor outside the EU or the European Economic Area, the transfer is covered by appropriate safeguards under the GDPR, in particular the European Commission's Standard Contractual Clauses together with any additional measures required to protect your data. You can request more detail about these safeguards using the contact details below.
VI. Payment Processing.
Subscription billing for the Service runs through Autumn and Stripe. Stripe processes your card and payment details directly as a payment processor. We do not store your full card number, and we receive only the limited billing information needed to manage your subscription, such as the status of your payment and a reference to the transaction. Stripe processes payment data in accordance with its own privacy terms and applicable payment-industry standards.
VII. Connected-Account (LinkedIn) Data.
The Service lets you connect and operate your own LinkedIn account to draft and send outreach. We access your connected LinkedIn account exclusively through our integration partner, Unipile (Unipile SAS), acting as our subprocessor for that access. We connect to and access your account only on your instruction and on your behalf, to provide the features you request. We access only the data and actions your own authenticated account is already entitled to, and we do not circumvent any access control, rate limit, or paywall of any connected platform.
To the extent we process data from your connected account on your behalf, you act as the controller and we act as your processor within the meaning of the GDPR, and we process that data only in accordance with your instructions and applicable law. We do not build, hold, or maintain an independent database of third-party LinkedIn profiles, and we do not resell data from your connected account. The connected-account data remains under your control as the account holder, and access to it ends when you disconnect the account or close your subscription.
VIII. Cookies.
We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. No consent banner is required as these cookies are strictly necessary for the operation of the Service.
IX. Data Retention.
We retain your personal data for as long as your account is active. When you delete your account, your personal data is removed, and we cease accessing your connected account. Some data may be retained in aggregated, pseudonymized form for analytics, or as required by applicable law, including the billing and invoice records we must keep for tax and accounting purposes in connection with your payments.
X. Your Rights.
Under the GDPR, you have the right to access your personal data (Art. 15), rectify inaccurate data (Art. 16), request deletion of your data (Art. 17), restrict processing (Art. 18), data portability (Art. 20), and object to processing (Art. 21). These rights apply to every natural person whose personal data we process. Where we rely on your consent, you also have the right to withdraw it at any time (Art. 7(3)), and withdrawal does not affect the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact us using the details below. You also have the right to lodge a complaint with a supervisory authority.
XI. Changes to This Policy.
We may update this Privacy Policy from time to time. If we do this, we will post the changes on this page and will indicate the date these terms were last revised. Your continued use of the Service after the date any such changes become effective constitutes your acceptance of the updated Privacy Policy.
Questions?
For privacy-related questions or to exercise your rights, please contact us at .