Cadence Agents

This is the public-facing summary of how Cadence Agents, Inc. ("Cadence", "we") handles personal information. The full Data Processing Agreement and Business Associate Agreement (BAA) govern any processing on behalf of customers; this page is a plain-English overview for end users and prospective customers.

What we collect

Account info: name, email, business name, role.
Practice operational data: providers, hours, services, calendar events.
Patient data on behalf of our customers: names, contact info, appointment history. We are a processor, not the data controller.
Voice & SMS conversations routed through Cadence agents (transcripts and recordings).
Standard product telemetry (page views, feature usage, error logs) with PII redacted.

How we use it

To operate the service: book appointments, send reminders, generate invoices.
To maintain the audit log required by HIPAA.
To improve the product (aggregate, de-identified analytics).

We do not sell personal information. We do not use Protected Health Information to train models. We do not share data with advertisers.

Sub-processors

We rely on a small set of HIPAA-eligible vendors: Supabase (database), Vercel (hosting), Retell (voice), Twilio (SMS), Resend (email), Anthropic (LLM), Stripe (payments), Inngest (workflows), Google (calendar). The current list with BAA status is available on request from security@cadenceagents.ai.

Retention

Conversation transcripts: 90 days.
Voice recordings: 30 days unless flagged for QA or compliance.
Audit log: 7 years.
Account data: until you delete your account, then 30-day soft-delete window.

Your rights

You can access, export, correct, or delete your data at any time through Coach (just ask) or by emailing privacy@cadenceagents.ai. We respond within 30 days. Patients of our customers should reach out to their practice; we'll support the practice in fulfilling those requests.

Contact