Cadence Security & Data Practices — What We Encrypt, Store, and Never Share

Payments

PCI compliance handled by Stripe

Card numbers never touch our servers. They go directly from your client's browser to Stripe (PCI-DSS Level 1 certified). We store only the Stripe Customer ID. If our database leaked tomorrow, no card data goes with it.

Storage

Database encrypted at rest

Neon Postgres with AES-256 encryption at rest. Point-in-time restore for disaster recovery. Daily automated backups retained 7 days. Your data lives in us-east-2 on AWS infrastructure.

Transit

HTTPS everywhere, no exceptions

TLS 1.3 on every endpoint. SSL certificates auto-renewed by Netlify. HSTS headers enforce HTTPS-only. No HTTP fallback, no mixed content. Verified via securityheaders.com A-grade.

Access

2FA on coach login (Q3 2026)

Currently password-only. Two-factor auth via TOTP (Google Authenticator / 1Password / Authy) ships in v0.2 (Q3 2026). We document this honestly on /capabilities rather than implying it already exists.

Isolation

Per-coach data scope

v0.1 uses a single-tenant pattern with per-coach user_id scoping. Multi-tenant Row Level Security (RLS) ships with v0.2 multi-trainer team accounts. Until then, every coach is a separately-deployed instance.

Claude API — no training on your data

AI plan generation runs on Anthropic's Claude API. Per Anthropic's policy, your inputs are not used to train models. We send the minimum context needed — never client names or PII unless the coach explicitly includes them. AI logs are deleted within 30 days on Anthropic's side.

Ownership

You own your data — period

Coach owns 100% of their roster, programs, training history, and brand assets. Full export anytime as CSV + JSON via the dashboard or by emailing us. No "data hostage" clauses. Cancel and walk with everything.

Sharing

We never sell or share data

Coach data and client data are never sold, shared with advertisers, used for cross-product marketing, or licensed to third parties. Subprocessors (Stripe, Neon, Anthropic, Netlify, Brevo) are listed below. No data goes anywhere else.

Disclosure

Breach notification within 72 hours

If we ever detect unauthorized access affecting your data, we notify you within 72 hours with: what happened, what data was exposed, what we're doing about it, what you should do. Honest disclosure, not legal-team-laundered notice.

Subprocessors — every place your data touches

The complete list. If we ever add or remove one, this page updates and we send a notice email to all coaches.

Stripe (Payments)

PCI-DSS Level 1SOC 1, SOC 2 Type IIUSA

Handles all card data, recurring billing, payouts. We never see card numbers. Stripe privacy policy →

Neon (Postgres database)

SOC 2 Type IIAES-256 at restAWS us-east-2

All coach + client data lives here, encrypted at rest. Point-in-time restore available for last 7 days. Neon privacy policy →

Anthropic (Claude API for AI plan generation)

SOC 2 Type IINo training on your dataUSA

Powers AI plan generation, AI meal scan, AI rest-day messaging. We send minimum context. Anthropic privacy policy →

Netlify (Hosting + Edge functions)

SOC 2 Type IIDDoS protectionGlobal CDN

Hosts the static site + Netlify Functions for our API endpoints. Netlify privacy policy →

Brevo (Transactional + lifecycle email)

GDPR-compliantEU + USA

Sends welcome emails, billing notifications, lifecycle messages. Recipient email addresses only — no client training data ever sent. Brevo privacy policy →

What we do NOT collect

Client cards or bank details — those go directly to Stripe, never to us.
Browsing behavior or fingerprinting — we run Google Analytics for aggregate traffic only.
Cross-site tracking — no third-party trackers for advertising on the coach dashboard.
Biometric or facial data — progress photos are stored as files, not analyzed for identity.
Health information beyond what coaches log — we don't pull from Apple Health, Whoop, etc. unless the coach explicitly turns on those integrations (v0.3 roadmap).

The honest gaps

Things we don't have yet, by category, with timeline:

2FA on coach login — currently password-only with bcrypt hashing. TOTP-based 2FA ships v0.2 (Q3 2026).
SOC 2 audit — not pursuing for v0.1. Cost is $30-100K and only relevant for enterprise sales. Will pursue in v0.4 if/when we go upmarket.
HIPAA compliance — not pursuing yet. Most coaches don't need it. Required only for clinical PT/RD use cases — those land in v0.3 with a separate compliance audit.
Single-tenant isolation — v0.1 isolates per coach by application logic, not Postgres RLS. Multi-trainer Studio tier introduces RLS in v0.2.
Independent penetration test — internal security review only on v0.1. External pentest scheduled for v0.2 launch.

Reporting a vulnerability

If you find a security issue, email security@vantagedigital.dev directly. We respond within 24 hours, ship fixes for critical issues within 48 hours, and credit the reporter publicly (or anonymously, your call) on a vulnerability disclosure page once the fix ships.

We don't run a paid bounty program at v0.1, but we send a thank-you box of nice merch for verified valid reports. The bounty program lands in v0.3.

This page is the contract

Anything stated here is binding. If we change a practice, this page updates within 7 days and active coaches get an email. The version history of this page is visible in our public Git repo at github.com/GildtheLily85/vantage-digital — you can see every revision.

What we encrypt, what we never share, what we'd tell you in a breach.