Legal
Privacy Policy
Last updated June 1, 2026 (revised)
What we collect
When you use Cadence, we collect the biometric and schedule inputs you enter into the form — sleep duration, morning energy, HRV, resting heart rate, priorities, and calendar events. If you connect Google Fit, we also store an encrypted OAuth access token and refresh token so we can fetch your health data on your behalf. The health data we retrieve from Google Fit (step count, sleep session duration, and heart rate readings from the last 24 hours) is used in real time to generate your protocol and is never persisted beyond the current request.
If you connect Google Health (the primary wearable integration), we store an encrypted OAuth access token and refresh token and use them to fetch steps, resting heart rate, HRV, and sleep duration for the current day. Google Health consolidates data from Fitbit, Wear OS, Pixel Watch, and any Android device syncing through Health Connect. The health data we retrieve is used in real time to generate your protocol and is never persisted beyond the current request.
If you connect Google Fit (legacy), we store an encrypted OAuth token and use it to fetch step count, sleep session duration, and heart rate readings from the last 24 hours. This integration remains active for backward compatibility; Google Health is preferred when both are connected.
If you connect Google Calendar (a separate, independent connection), we fetch today’s events — start time, end time, title, location, and duration only. We do not fetch attendees, meeting links, descriptions, or events from any day other than today. This data is used in real time to generate your protocol and is never persisted.
If you connect Notion, we store an encrypted OAuth access token and the IDs of the parent page and Cadence Protocol database in your workspace. When you use “Push to Notion,” we write your generated protocol items as pages in that database — action text, scheduled time, category, rationale, and duration. We never read, list, or modify any other content in your Notion workspace. Notion tokens do not expire; you can revoke access at any time from the dashboard or from Notion’s integration settings.
When you chat with 4F (the conversational coach within the Dashboard), your messages and the protocol context are sent to Anthropic’s Claude API to generate responses. Conversations are not stored — they exist only in your browser session and clear on page refresh.
We set a single first-party session cookie (cadence_session) to associate your browser with your stored OAuth tokens across all integrations. This cookie has a 30-day lifespan and is marked HttpOnly and SameSite=Lax.
Why we collect it
The sole purpose of collecting your biometric data and Google Fit tokens is to generate a personalized daily protocol via Claude AI. Your data is not used for advertising, sold to third parties, or used to train any machine learning model we control.
Where it's stored
OAuth tokens (access token and refresh token) are stored in a Supabase PostgreSQL database. Before being written to disk, each token is encrypted with AES-256-GCM using a server-side key that is never transmitted to the client and is not stored in the database. The authentication tag and initialization vector are stored alongside the ciphertext, and the decryption key exists only in the server environment. Form inputs you enter are never written to a database — they exist only in memory for the duration of a single API request.
Third parties
- Anthropic— your biometric summary and calendar are sent to Anthropic’s Claude API to generate the protocol. Per Anthropic’s commercial API terms, customer inputs and outputs are not used to train Anthropic’s models. Anthropic’s data handling is governed by their privacy policy.
- Google— we use Google’s OAuth 2.0 flow for three independent integrations: Google Health API (primary wearable data — unifies Fitbit, Wear OS, Pixel Watch, and Health Connect sources), Google Fit (legacy wearable integration), and Google Calendar. Each requires a separate authorization and can be disconnected independently without affecting the others. Google’s data handling is governed by their privacy policy.
- Fitbit / Wear OS / Health Connect — when you connect Google Health, data from your Fitbit device, Wear OS watch, or any Android app syncing through Health Connect may be retrieved via the Google Health API. We do not communicate directly with Fitbit or Wear OS servers; Google Health acts as the intermediary. The data we receive carries source attribution (device and platform) which is displayed in the dashboard but is not stored beyond the current request.
- Vercel— Aspire OS is hosted on Vercel. Vercel processes request metadata (IP address, user agent, request timing) as part of normal web hosting. Vercel does not have access to your form inputs, OAuth tokens, or Google Fit data — those live in encrypted Supabase storage or in-memory only. Vercel’s data handling is governed by their privacy policy.
- Notion— if you connect Notion, we use Notion’s public OAuth 2.0 flow to obtain a workspace-scoped access token. This token is used only to create and write to the “Cadence Protocol” database in your chosen parent page. We do not read other pages in your workspace. Notion’s data handling is governed by their privacy policy.
- Supabase— OAuth tokens are stored in a Supabase-hosted PostgreSQL instance in the US East region. Supabase’s data handling is governed by their privacy policy.
Data deletion
You can disconnect Google Fit at any time using the Disconnect button in the Cadence form. This immediately deletes your OAuth tokens from our database and clears your session cookie. Because form inputs and fetched health data are never persisted, disconnecting removes all data we hold about you. If you would like us to verify deletion or have other requests, email us at the address below.
Changes to this policy
We may update this policy as the product evolves. The “Last updated” date at the top reflects the most recent change. Material changes — new data types collected, new third parties, or changes to deletion practices — will be announced via email to any user who has connected Google Fit or submitted a form.
Age
Aspire OS is not intended for use by anyone under 18. If you believe a minor has used Aspire OS, email noah@aspireos.co and we will delete their data.
Contact
Questions or deletion requests: noah@aspireos.co