Privacy Policy — Cadence

Last updated: July 14, 2026

Cadence is a minimalist podcast player for Android, and cadenceplayer.com is its public product website. This policy explains, in plain language, what data the app and website handle and what they do not. The short version: the Cadence app has no account system, no first-party backend server, behavioral analytics, or advertising. App state is stored locally on your device. Cadence sends crash reports and sanitized diagnostic logs to Sentry for debugging when "Share diagnostics" is enabled. This is on by default and can be turned off in Settings. The website uses page analytics and sampled session recordings as described below.

Who we are

Cadence (com.cadenceplayer.cadence) is an independent, non-commercial app. There is no company, app backend, or user database behind it. The app runs on your device, with Sentry used only for crash reporting and diagnostics as described below. The public product website is hosted separately and does not provide accounts, sync, or app data storage.

What we collect

No app account or personal profile. The Cadence app has no user accounts, sign-in, advertising, or profiling. We do not build or sell personal profiles, and there is no Cadence account identity to attach app activity to.

The one exception is crash reporting and sanitized diagnostics (see below): if the app crashes, hits an unexpected error, or performs a refresh/backup/DB recovery step that helps diagnose bugs, a technical report or structured log may be sent to Sentry. These reports contain no account or identity data and are not used to track, advertise to, or profile you. You can turn this off with "Share diagnostics" in Settings; local crash handling still remains on-device.

The product website separately uses the limited website analytics described in the Website analytics and session recording section below.

Crash reporting and diagnostics

To keep the app stable, Cadence uses Sentry (sentry.io) to capture crashes, unexpected errors, and sanitized diagnostic logs. When "Share diagnostics" is on, Cadence may send technical context such as:

This diagnostic data is used solely to diagnose and fix bugs. It may include technical app/device information, sanitized error messages, feed hosts, hashed feed/podcast identifiers, counts, and recovery-step names. It does not include:

Personal-data collection is explicitly disabled (sendDefaultPii is off), and the app scrubs diagnostic fields before sending them.

Sentry processes these reports on our behalf as a data processor; the data is not sold or shared with third parties for their own purposes. Sentry's own handling of the diagnostic data is governed by its privacy policy.

Website analytics and session recording

When you visit cadenceplayer.com, the website sends usage events to analytics.garrod.house so we can understand which pages are useful and improve the site. The standard analytics event can include:

On a random sample of 15% of visits, the website also records a replay of page structure, visible text, navigation, scrolling, clicks, and other interactions. Recordings use the analytics service's moderate masking level, which masks all form inputs, and stop after a maximum of five minutes. The website does not have account, search, comment, payment, or other visitor-submitted text fields.

Website analytics and recordings are used only to understand and improve the Cadence website. They are not used for advertising, cross-site tracking, or personal profiling. The website does not send app-library data, subscriptions, playback history, backups, or diagnostic reports to the analytics service.

The website is hosted through OpenAI Sites on Cloudflare infrastructure. Like other web hosting services, that infrastructure may process routine request metadata needed to deliver the site, maintain security, and diagnose service problems.

Data stored on your device

Everything Cadence remembers is stored locally on your device in a private app database (SQLite via the app's Kotlin/Room persistence layer) and never leaves the phone except when you explicitly export it. This on-device data includes:

This data stays on the device. It is not backed up to any server we control. It is removed when you uninstall the app or clear the app's storage. The OPML and backup export features write files only when you choose to, and share them only through the destination you pick in the system share sheet. Backup file contents are never sent in diagnostic logs.

Network activity

Cadence needs an internet connection to do its job — finding and playing podcasts. When you use it, the app talks directly to third-party podcast infrastructure, never to a Cadence-operated server (there isn't one):

The only other network destination is Sentry, for crash reports and sanitized diagnostic logs when "Share diagnostics" is enabled. Cadence has no first-party content server of its own.

These requests carry only what is technically required to retrieve public content (for example, a standard HTTP request to a feed or media URL). Cadence does not attach any identifier, account, or tracking token to them. Any data handling by those third parties is governed by their own privacy policies, not this one.

Permissions and why they are needed

The Android release manifest declares the permissions below. The first group is what the app's features directly use; the remaining entries are added automatically by AndroidX/media-playback, notification, networking, and launcher-badge libraries Cadence is built on. None of them are used to collect, profile, or transmit personal information.

Permission Why it is present
INTERNET Fetch podcast search results, RSS feeds, and stream episode media.
FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PLAYBACK Keep playback running and show the media notification while the app is in the background.
VIBRATE Provide haptic feedback (e.g. subscribe/unsubscribe confirmation).
ACCESS_NETWORK_STATE / ACCESS_WIFI_STATE Check whether the device is online before attempting a fetch or stream (added by the networking/media libraries).
POST_NOTIFICATIONS Show playback/download notifications on Android 13+; the app asks before using notification surfaces.
RECEIVE_BOOT_COMPLETED Let the notification/background-task libraries restore scheduled work after device reboot; Cadence does not start playback on boot.
WAKE_LOCK Allow the audio service to keep playing while the screen is off (added by the media-playback library).
READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE (Android 12 and older only, maxSdkVersion="32") Legacy media-access permissions injected by the media library; unused on Android 13+, which uses scoped storage.
READ_APP_BADGE / com.anddoes.launcher.permission.UPDATE_COUNT / com.htc.launcher.permission.READ_SETTINGS / com.htc.launcher.permission.UPDATE_SHORTCUT / com.huawei.android.launcher.permission.CHANGE_BADGE / com.huawei.android.launcher.permission.READ_SETTINGS / com.huawei.android.launcher.permission.WRITE_SETTINGS / com.majeur.launcher.permission.UPDATE_BADGE / com.oppo.launcher.permission.READ_SETTINGS / com.oppo.launcher.permission.WRITE_SETTINGS / com.sec.android.provider.badge.permission.READ / com.sec.android.provider.badge.permission.WRITE / com.sonyericsson.home.permission.BROADCAST_BADGE / com.sonymobile.home.permission.PROVIDER_INSERT_BADGE / me.everything.badger.permission.BADGE_COUNT_READ / me.everything.badger.permission.BADGE_COUNT_WRITE Launcher badge-count compatibility permissions added by notification/badge libraries for OEM launchers.
com.google.android.c2dm.permission.RECEIVE Notification transport permission added by the notification stack; Cadence does not use it to collect personal information.
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE Play Store install-referrer binding added by Google Play services dependencies.
com.cadenceplayer.cadence.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION App-scoped AndroidX permission that protects non-exported dynamic broadcast receivers inside the app.

Cadence does not request location, contacts, microphone, camera, calendar, or any other sensitive permission. The permission set is generated at build time from the app's libraries. The permissions directly tied to the app's features — INTERNET, FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PLAYBACK, and VIBRATE — are the authoritative basis for the Google Play Data safety declaration; the remaining entries are infrastructure permissions that move no user data off the device.

Children's privacy

The Cadence app does not knowingly collect personal information from anyone, including children. It contains no advertising or in-app behavioral tracking. The website analytics are not intended to identify visitors. The crash reports and sanitized diagnostics described above contain no account identity and can be disabled in Settings.

Changes to this policy

If this policy changes, the updated version will be published at the same location with a revised "Last updated" date.

Contact

Questions about this policy can be raised via email at austin.r.garrod+cadence@gmail.com.