Privacy Policy — Cadence
Last updated: July 14, 2026
Cadence is a minimalist podcast player for Android, and cadenceplayer.com is
its public product website. This policy explains, in plain language, what data
the app and website handle and what they do not. The short version: the
Cadence app has no account system, no first-party backend server, behavioral
analytics, or advertising. App state is stored locally on your device.
Cadence sends crash reports and sanitized diagnostic logs to Sentry for
debugging when "Share diagnostics" is enabled. This is on by default and can be
turned off in Settings. The website uses page analytics and sampled session
recordings as described below.
Who we are
Cadence (com.cadenceplayer.cadence) is an independent, non-commercial app.
There is no company, app backend, or user database behind it. The app runs on
your device, with Sentry used only for crash reporting and diagnostics as
described below. The public product website is hosted separately and does not
provide accounts, sync, or app data storage.
What we collect
No app account or personal profile. The Cadence app has no user accounts, sign-in, advertising, or profiling. We do not build or sell personal profiles, and there is no Cadence account identity to attach app activity to.
The one exception is crash reporting and sanitized diagnostics (see below): if the app crashes, hits an unexpected error, or performs a refresh/backup/DB recovery step that helps diagnose bugs, a technical report or structured log may be sent to Sentry. These reports contain no account or identity data and are not used to track, advertise to, or profile you. You can turn this off with "Share diagnostics" in Settings; local crash handling still remains on-device.
The product website separately uses the limited website analytics described in the Website analytics and session recording section below.
Crash reporting and diagnostics
To keep the app stable, Cadence uses Sentry (sentry.io) to capture crashes, unexpected errors, and sanitized diagnostic logs. When "Share diagnostics" is on, Cadence may send technical context such as:
- the error message/category and stack trace,
- the app version/release and platform,
- basic device/OS information supplied by Sentry,
- feed hostnames (not full feed URLs),
- hashed feed-derived podcast identifiers,
- episode/cache counts, and
- recovery steps such as SQLite FTS rebuilds, episode-cache resets, feed refresh outcomes, and backup import/export status.
This diagnostic data is used solely to diagnose and fix bugs. It may include technical app/device information, sanitized error messages, feed hosts, hashed feed/podcast identifiers, counts, and recovery-step names. It does not include:
- raw backup file contents,
- full feed URLs or URL query strings,
- auth tokens, passwords, or API keys,
- file paths,
- playback history or playback positions,
- the full list of subscriptions,
- the shows or episodes you play, or
- app preferences except the fact that diagnostics are enabled or disabled.
Personal-data collection is explicitly disabled (sendDefaultPii is off), and
the app scrubs diagnostic fields before sending them.
Sentry processes these reports on our behalf as a data processor; the data is not sold or shared with third parties for their own purposes. Sentry's own handling of the diagnostic data is governed by its privacy policy.
Website analytics and session recording
When you visit cadenceplayer.com, the website sends usage events to
analytics.garrod.house so we can understand which pages are useful and improve
the site. The standard analytics event can include:
- the page URL, page title, and website hostname,
- the referring page,
- screen dimensions,
- browser language, and
- routine request metadata available to the analytics server, such as the user agent and IP address used to deliver the request.
On a random sample of 15% of visits, the website also records a replay of page
structure, visible text, navigation, scrolling, clicks, and other interactions.
Recordings use the analytics service's moderate masking level, which masks all
form inputs, and stop after a maximum of five minutes. The website does not have
account, search, comment, payment, or other visitor-submitted text fields.
Website analytics and recordings are used only to understand and improve the Cadence website. They are not used for advertising, cross-site tracking, or personal profiling. The website does not send app-library data, subscriptions, playback history, backups, or diagnostic reports to the analytics service.
The website is hosted through OpenAI Sites on Cloudflare infrastructure. Like other web hosting services, that infrastructure may process routine request metadata needed to deliver the site, maintain security, and diagnose service problems.
Data stored on your device
Everything Cadence remembers is stored locally on your device in a private app database (SQLite via the app's Kotlin/Room persistence layer) and never leaves the phone except when you explicitly export it. This on-device data includes:
- The podcasts you subscribe to (feed URLs and show metadata)
- Episode lists, playback positions, and listened/unlistened state
- Your per-podcast and global preferences (sort order, hide-listened, etc.)
This data stays on the device. It is not backed up to any server we control. It is removed when you uninstall the app or clear the app's storage. The OPML and backup export features write files only when you choose to, and share them only through the destination you pick in the system share sheet. Backup file contents are never sent in diagnostic logs.
Network activity
Cadence needs an internet connection to do its job — finding and playing podcasts. When you use it, the app talks directly to third-party podcast infrastructure, never to a Cadence-operated server (there isn't one):
- iTunes Search API (Apple, keyless) — to search for and discover podcasts.
- Public podcast RSS feeds — to fetch each show's episode list and metadata.
- Episode media hosts — to stream the audio or video of an episode you play, served from whatever host the podcast publisher uses.
The only other network destination is Sentry, for crash reports and sanitized diagnostic logs when "Share diagnostics" is enabled. Cadence has no first-party content server of its own.
These requests carry only what is technically required to retrieve public content (for example, a standard HTTP request to a feed or media URL). Cadence does not attach any identifier, account, or tracking token to them. Any data handling by those third parties is governed by their own privacy policies, not this one.
Permissions and why they are needed
The Android release manifest declares the permissions below. The first group is what the app's features directly use; the remaining entries are added automatically by AndroidX/media-playback, notification, networking, and launcher-badge libraries Cadence is built on. None of them are used to collect, profile, or transmit personal information.
| Permission | Why it is present |
|---|---|
INTERNET |
Fetch podcast search results, RSS feeds, and stream episode media. |
FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PLAYBACK |
Keep playback running and show the media notification while the app is in the background. |
VIBRATE |
Provide haptic feedback (e.g. subscribe/unsubscribe confirmation). |
ACCESS_NETWORK_STATE / ACCESS_WIFI_STATE |
Check whether the device is online before attempting a fetch or stream (added by the networking/media libraries). |
POST_NOTIFICATIONS |
Show playback/download notifications on Android 13+; the app asks before using notification surfaces. |
RECEIVE_BOOT_COMPLETED |
Let the notification/background-task libraries restore scheduled work after device reboot; Cadence does not start playback on boot. |
WAKE_LOCK |
Allow the audio service to keep playing while the screen is off (added by the media-playback library). |
READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE (Android 12 and older only, maxSdkVersion="32") |
Legacy media-access permissions injected by the media library; unused on Android 13+, which uses scoped storage. |
READ_APP_BADGE / com.anddoes.launcher.permission.UPDATE_COUNT / com.htc.launcher.permission.READ_SETTINGS / com.htc.launcher.permission.UPDATE_SHORTCUT / com.huawei.android.launcher.permission.CHANGE_BADGE / com.huawei.android.launcher.permission.READ_SETTINGS / com.huawei.android.launcher.permission.WRITE_SETTINGS / com.majeur.launcher.permission.UPDATE_BADGE / com.oppo.launcher.permission.READ_SETTINGS / com.oppo.launcher.permission.WRITE_SETTINGS / com.sec.android.provider.badge.permission.READ / com.sec.android.provider.badge.permission.WRITE / com.sonyericsson.home.permission.BROADCAST_BADGE / com.sonymobile.home.permission.PROVIDER_INSERT_BADGE / me.everything.badger.permission.BADGE_COUNT_READ / me.everything.badger.permission.BADGE_COUNT_WRITE |
Launcher badge-count compatibility permissions added by notification/badge libraries for OEM launchers. |
com.google.android.c2dm.permission.RECEIVE |
Notification transport permission added by the notification stack; Cadence does not use it to collect personal information. |
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE |
Play Store install-referrer binding added by Google Play services dependencies. |
com.cadenceplayer.cadence.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION |
App-scoped AndroidX permission that protects non-exported dynamic broadcast receivers inside the app. |
Cadence does not request location, contacts, microphone, camera, calendar,
or any other sensitive permission. The permission set is generated at build time
from the app's libraries. The permissions directly tied to the app's features —
INTERNET, FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PLAYBACK, and
VIBRATE — are the authoritative basis for the Google Play Data safety
declaration; the remaining entries are infrastructure permissions that move no
user data off the device.
Children's privacy
The Cadence app does not knowingly collect personal information from anyone, including children. It contains no advertising or in-app behavioral tracking. The website analytics are not intended to identify visitors. The crash reports and sanitized diagnostics described above contain no account identity and can be disabled in Settings.
Changes to this policy
If this policy changes, the updated version will be published at the same location with a revised "Last updated" date.
Contact
Questions about this policy can be raised via email at austin.r.garrod+cadence@gmail.com.