This policy explains how we handle personal data when you use CECadence (the
"Service") at cadence.compoundingenergy.com. We are the controller for the
account and usage data below. Where we process personal data contained in a customer's own
inputs on their behalf, we act as processor under our Data Processing Addendum
(available on request).
ce_token) is stored in your browser's localStorage to keep
you signed in. We use no advertising or cross-site tracking cookies.Hosted data is processed in the United Kingdom (Fly.io, London region). We share personal data only with sub-processors that help us run the Service, each under contract: Fly.io (hosting, UK region), Stripe (payments), and the Compounding Energy fleet identity provider (single sign-on). We do not sell personal data, and we do not transfer it outside the UK except where a sub-processor requires it, with UK IDTA or equivalent safeguards.
We keep account and run data for the duration of your subscription and a reasonable period after (renewals, disputes, legal records), then delete or anonymise it. You can request export or deletion of your runs at any time (§6).
Data is encrypted in transit (HTTPS/TLS). Access is controlled by per-tenant isolation, role-based access and authenticated API keys; actions are recorded in the audit log. We keep backups of the hosted store. On-prem / air-gapped customers hold their own data entirely.
You may request access to, correction of, deletion of, or a copy of your personal data, and may object to or restrict certain processing — email privacy@compoundingenergy.com. You may also complain to the UK Information Commissioner's Office (ico.org.uk).
We will post changes here and update the date above; material changes will be notified to account holders.