Cadence is built to handle church volunteer and team data with care.
We know churches are trusting us with real people’s details, real serving patterns, and information that needs to be handled responsibly. Our approach is simple: keep access tight, use carefully chosen providers, and make it clear how data is protected.
How Cadence protects data
Encrypted in transit
Data sent between your browser and Cadence is protected using modern encryption in transit. Secure transport protections such as TLS help ensure information is not transmitted openly across the internet.
Controlled access
Access to Cadence systems and customer data is limited to what is needed to operate, support, and improve the service. We apply least-privilege access principles and keep administrative access tightly restricted.
Carefully chosen providers
Cadence relies on a small number of carefully selected third-party providers for core services such as hosting, payments, email delivery, support, and analytics. Where those providers process customer data, we list them publicly on our Subprocessors page and review their privacy and security posture before using them.
Security-minded operations
We use providers that publish clear security and privacy measures. For example:
• Stripe provides a built-in DPA and describes international transfer safeguards.
• Resend states that customer data is encrypted in transit and at rest, stores customer data in the US, and publishes a DPA.
• Loops publishes both a Privacy Policy and DPA, and states that it uses SCCs and DPF-based safeguards for international transfers.
Data access and permissions
Cadence is designed so the right people see the right things.
Church admins can manage organisation-level settings and data. Team admins only see what they need for their team responsibilities.
Volunteers access their schedules through secure links and only see information relevant to their own serving and team context. They do not have access to wider organisation data.
This approach helps ensure personal data is only visible to those who need it, in line with least-privilege principles.
International transfers
Some of the providers used to run Cadence are based outside the UK. Where personal data is transferred internationally, we rely on the safeguards made available by those providers and reflected in our legal documents, such as standard contractual clauses and, where relevant, Data Privacy Framework participation. Stripe, Loops, and Resend all publish international transfer positions of this kind.
Data rights and support
Churches remain the data controllers of the member and volunteer data they place into Cadence. Cadence acts as a processor for that service data. We are building admin tools to support export and deletion requests, and churches can also contact us directly if they need help handling a data request.
If something goes wrong
If we become aware of a security incident affecting customer data, we will act promptly, investigate, and communicate with affected customers as required.
Security is not a badge line for us. It is part of making Cadence trustworthy enough for real churches, real teams, and real pastoral responsibility.