Privacy Policy

Effective date: February 16, 2026

CadenHQ is operated by Jeva Technologies OPC ("we", "our", "us"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use CadenHQ (the "Service").

Who This Policy Applies To

This policy applies to visitors, account holders, and individuals whose information is processed through the Service. If you use CadenHQ on behalf of an organization, your organization may act as the data controller for information submitted through the Service.

Business customers who require a Data Processing Agreement (DPA) for compliance purposes may request one by contacting support@cadenhq.com.

Information We Collect

  • Account Information: name, email address, organization or workspace details, and authentication credentials.
  • Service Usage Data: feature usage, timestamps, device/browser information, IP address, and diagnostic logs.
  • Billing Information: transaction records, invoices, and payment status. Payment processing is handled by third-party providers (e.g., PayPal). We do not store full payment card numbers.
  • Customer Content: contact data, campaign content, message templates, and other information you upload or send through the Service.
  • Tracking Data: email open and click tracking events generated when recipients interact with messages sent through the Service.

Email Provider & OAuth Data (e.g., Google/Gmail)

If you connect an email provider such as Google/Gmail, we access and process only the data necessary to provide CadenHQ's core functionality:

  • Send emails on your behalf with your explicit authorization (e.g., Gmail send access).
  • Detect replies to emails sent through CadenHQ in order to automatically stop follow-up sequences and update campaign status (e.g., Gmail read-only access).
  • Associate replies with campaign threads using message and thread identifiers.

We access and process only messages relevant to campaigns initiated through CadenHQ — specifically, replies within the same thread as an email sent by the Service, and operational messages such as delivery failures. We do not access or process unrelated mailbox content.

To classify replies to campaigns sent through CadenHQ, we process the content of reply emails using automated rule-based systems to determine reply intent — for example, whether a reply is a positive response, an objection, or an unsubscribe request — so that CadenHQ can automatically update campaign status on your behalf. We do not use email content for any other purpose.

In the future, we may enhance reply classification using third-party AI service providers. If and when this is implemented, any such providers will be contractually prohibited from using your data to train their models and will process data solely on our behalf under strict confidentiality obligations. This policy will be updated accordingly prior to any such change taking effect.

We do not use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models. We do not sell Google user data, use it for advertising purposes, or build user profiles unrelated to the Service.

Gmail Data Retention: We access Gmail data solely to detect and classify replies to emails sent through CadenHQ. Reply email content is processed in real-time and is not stored after classification is complete. Only the derived output — such as reply status and classification label (e.g., "interested", "not interested", "unsubscribe") — is retained alongside the thread identifier for display within your CadenHQ dashboard. OAuth tokens are deleted immediately upon mailbox disconnection.

Users may revoke Gmail access at any time via their Google Account settings or by disconnecting their mailbox within CadenHQ. When a mailbox is disconnected, we immediately stop accessing the mailbox and delete all associated OAuth tokens.

Compliance Statement: CadenHQ's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How We Use Information

  • Provide and operate the Service.
  • Authenticate users and secure accounts.
  • Process payments and prevent fraud.
  • Enforce acceptable use policies.
  • Improve reliability, performance, and user experience.
  • Respond to support requests.

How We Share Information

We do not sell personal information. We may share data with:

  • Service Providers: hosting providers, infrastructure providers, analytics and monitoring tools, AI processing providers, and payment processors strictly to operate the Service.
  • Legal Compliance: when required by law or to protect rights, prevent abuse, or respond to lawful requests.
  • Business Transfers: in connection with mergers, acquisitions, or asset transfers.

Key Subprocessors

We work with the following third-party subprocessors to operate the Service:

  • Google Cloud Platform (GCP): cloud infrastructure, hosting, and data storage. Data may be stored in GCP regions including the United States and Asia-Pacific.
  • PayPal: payment processing and billing. We do not store full payment card numbers. PayPal's privacy policy governs data collected during payment transactions.

A more detailed subprocessor list is available upon request at support@cadenhq.com.

Data Retention

We retain account and service data for as long as your account remains active or as needed for legitimate business purposes such as security, auditing, dispute resolution, and legal compliance. You may request deletion of your personal information, subject to these obligations.

Gmail reply content accessed via the Gmail API is processed in real-time for classification purposes only and is not retained after processing is complete. Only the classification output (e.g., reply label and status) and thread identifier are stored for the duration of your account or campaign lifecycle and deleted upon account termination.

Security

We implement reasonable administrative, technical, and organizational safeguards to protect information, including encryption in transit (TLS) and at rest where applicable. Access to user data is restricted to authorized personnel on a need-to-know basis. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

International Transfers

Information may be processed and stored outside your country of residence, including in the United States, where our cloud infrastructure (Google Cloud Platform) operates. Where required by applicable law, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to protect data during international transfers. For questions about transfer mechanisms, contact support@cadenhq.com.

Your Rights

Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal information. To exercise these rights, contact support@cadenhq.com. We will respond to verified requests within 30 days or as required by applicable law.

Children's Privacy

The Service is not intended for individuals under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal information, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the effective date at the top of this page. Continued use of the Service after updates constitutes acceptance of the revised Policy.

Contact

For privacy-related questions or to submit a data request, contact Jeva Technologies OPC at support@cadenhq.com.