Privacy Policy

1. Introduction

Cadura (“we,” “us,” “our”) is a digital wellness coaching platform developed by SUMOSMASH UG, based in Berlin, Germany. Our AI voice coach helps users build lasting habits across movement, sleep, nutrition, stress, and connection — the 80% of longevity that depends on lifestyle, not genetics.

Cadura is not a medical service. We do not diagnose, treat, or prescribe. Our role is to support healthy routines through motivation and structure.

We are committed to protecting your privacy and comply with the EU General Data Protection Regulation (GDPR), UK GDPR, PIPEDA (Canada), and other relevant privacy laws.

2. What Data We Collect

a. Account Data

When you create an account, we collect:

• Name or nickname
• Email address (via Clerk)
• Subscription and billing data (via Stripe)
• Country and language preferences

b. Coaching & Voice Data

During AI sessions, we process:

• Audio input from your microphone
• Transcripts of your voice interactions
• Session summaries and AI “memory” (to personalize feedback and maintain progress over time)

Transcripts are stored securely within the EU and may include voluntarily shared wellness information (e.g. sleep patterns, mood, or goals). You can view, delete, or reset this data anytime in your app settings.

c. Health Data (Optional)

If you connect Apple HealthKit, we may access:

• Steps
• Activity
• Sleep duration and quality

We use this data only to adapt your coaching experience — never for analytics, marketing, or advertising. Cadura will not write data to HealthKit or share it with third parties. Access can be revoked at any time in iOS → Health → Cadura.

d. Analytics Data

We use PostHog (EU Cloud) to understand general app usage and improve functionality. PostHog collects:

• Device type, browser, and performance metrics
• Non-identifiable usage events (e.g., session start, button clicks)
• An anonymized user ID

PostHog stores and processes all data within the European Union. We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

3. How We Use Your Data

We use your data to:

• Deliver and personalize your AI coaching experience
• Measure engagement and app performance
• Track wellness progress over time
• Improve Cadura's functionality and recommendations
• Communicate updates, account notices, or billing reminders

We never sell your personal data or use it for behavioral advertising.

4. Legal Basis for Processing (GDPR)

We process your data under the following lawful bases:

• Contract performance: to provide the Cadura service you subscribed to.
• Explicit consent: for processing HealthKit data, storing transcripts, and enabling analytics.
• Legitimate interest: to maintain platform security and service quality.

You can withdraw consent anytime through your app settings or by contacting privacy@cadura.ai.

5. Data Retention

• Account data: kept while your account is active or as required by law.
• Voice transcripts & AI memory: deleted automatically after 12 months of inactivity or when you reset memory.
• Health data: deleted immediately after disconnecting Apple HealthKit.
• Analytics: anonymized and retained for up to 12 months.

You can request deletion or export of your data at any time.

6. Data Sharing

We share personal data only with trusted service providers essential to operating Cadura:

All third parties are bound by data processing agreements (DPAs) and comply with GDPR or equivalent safeguards.

7. Data Security

We apply modern security practices to protect your information:

• Encrypted data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access control for staff and systems.
• Regular audits and monitoring of security posture.
• EU-based hosting infrastructure with high-availability and redundancy.

8. Your Rights

Under GDPR and other privacy laws, you have the right to:

• Access your personal data
• Request correction or deletion
• Withdraw consent at any time
• Export your data (portable JSON format)
• Object to certain processing activities

You can exercise these rights in your app settings or by emailing privacy@cadura.ai. We respond within 30 days.

9. International Data Transfers

Some processors (e.g., OpenAI, Stripe) may process limited data outside the EU. In such cases, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards approved by the European Commission to ensure data protection.

10. Cookies & Tracking

Cadura uses essential cookies for authentication and session management. PostHog may use anonymous analytics cookies to measure performance. No marketing or advertising cookies are used.

You can manage or disable cookies in your browser settings.

11. Children's Privacy

Cadura is intended for adults (18+). We do not knowingly collect personal data from children under 16. If you believe a child has provided information, contact us immediately at privacy@cadura.ai for deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal or technical changes. The latest version will always be available at https://cadura.ai/privacy. Significant updates will be announced via email or in-app notification.

13. Contact Us

SUMOSMASH UG
Seydelstr. 12
10117 Berlin, Germany
Email: privacy@cadura.ai