Security & trust

Cadence handles customer records, schedules, and payment data for service businesses. The architecture below is what we’ve actually built — not a roadmap. If you have a security questionnaire to fill out, email us and we’ll respond.

Hosting & infrastructure

Cadence runs on Vercel (application) and Neon (managed PostgreSQL, AWS US regions). Both providers maintain SOC 2 Type II certification and operate the underlying compute, storage, and network.

Tenant isolation

Every customer’s workspace is isolated at the database layer using PostgreSQL row-level security (RLS). Every query is automatically scoped to the requesting tenant; there is no application code path that can return data from another customer’s workspace, even in the event of an application bug. The isolation is enforced by the database, not by careful coding.

Payment data

Card and ACH payment details are submitted directly to Stripe. Cadence never sees or stores full card numbers, expiry dates, or CVV codes. This keeps the platform in the lowest PCI scope tier (SAQ A) — the same compliance shape Shopify, Patreon, and most modern SaaS billing systems use. Card data is handled by Stripe end-to-end.

Encryption

• In transit: TLS 1.3 for all client connections, database connections, and outbound API calls.
• At rest: AES-256 encryption at the storage layer (Neon’s default), plus encryption of database backups.

Authentication

Built on Better Auth, an open-source authentication library with its own audit history. Passwords use modern hashing (Better Auth defaults), with a 12-character minimum and standard NIST-aligned policy. Sessions are token-based with rotation. Layered defenses against credential stuffing:

• Per-account lockout: 5 failed sign-in attempts triggers a 30-minute lockout window.
• Per-IP rate limiting: 5 sign-in attempts per minute per IP across all auth realms.

Audit trail

Every sensitive write — sign-ins, billing changes, customer record edits, refunds, role changes, data scrubs — is recorded in an append-only audit log scoped to your tenant. The log captures who did what, when, with the before-and-after values for the changed row. On request we’ll generate exports for your compliance reviews.

Backups & disaster recovery

Neon provides point-in-time recovery (up to 30 days of retention on paid plans), continuously replicated. Cadence maintains a documented disaster-recovery runbook with quarterly dry-runs of the restore procedure, including audit-stamping of any data recovered through point-in-time restoration.

Data export & erasure

Cadence is built for GDPR and CCPA right-to-erasure compliance.

• Export: request a full data export at any time by emailing support; self-serve export from Settings is on the roadmap.
• Customer-level scrub: anonymize an individual customer record (and optionally their associated invoices, visits, and account) on request.
• Tenant-level scrub: on cancellation, your full tenant’s data is permanently anonymized within 30 days using deterministic redaction. Data is replaced with placeholders, not just soft-deleted.

Sub-processors

Cadence uses a small set of vendors to deliver the Services. Each handles a narrow, well-defined slice:

• Vercel — web application hosting and CDN
• Neon — managed PostgreSQL on AWS
• Stripe — subscription billing (platform) and payment processing for your customers (Stripe Connect)
• Resend — transactional email delivery
• Twilio — SMS delivery (Pro tier)
• Intuit — QuickBooks Online sync (Pro tier)
• Inngest — background job orchestration

Incident response

If we discover a security incident affecting your data, we’ll notify you in line with the timelines required by GDPR (within 72 hours) and applicable US state breach-notification laws. Our response runbook covers detection, containment, eradication, recovery, and post-incident review.

Compliance roadmap