Privacy Policy
Last updated: June 12, 2026
This Privacy Policy explains how Cadre HR ("Cadre," "we," "us") collects, uses, and protects information when you use cadrehr.org and agency subdomains (the "Service").
1. Two roles: agencies and their people
Cadre is business software used by human-services agencies. Agencies are our customers and control the data in their account. Applicants and employees submit information to an agency through the Service; for that information, the agency is the data controller and Cadre processes it on the agency's behalf. If you applied for a job or were onboarded through a Cadre-powered page, contact the agency you applied to for questions about your information.
2. What we collect
Account information — agency name, your name, email, phone, and password (stored as a salted hash). Agency Data — applications, hiring records, onboarding forms (which may include sensitive information such as government ID numbers, tax withholding, banking details for direct deposit, and clearance documents), policy signatures, and uploaded documents. Usage data — log data such as IP address, browser type, and actions taken in the product (recorded in audit logs to satisfy our customers' compliance needs).
3. How we use information
We use information solely to provide and secure the Service: operating the hiring pipeline, sending transactional emails (reminders, notifications, receipts), maintaining audit trails, preventing abuse, and providing support. We do not sell personal information and we do not use Agency Data for advertising.
4. Where data lives
Agency Data is stored with our infrastructure providers — Supabase (database, authentication, and file storage; hosted in the United States) and Netlify (web hosting). Transactional email is delivered through Resend, and payments are processed by Stripe; Stripe handles card details directly and we never store card numbers.
5. Security
Data is encrypted in transit (TLS) and at rest. Each agency's records are isolated with database row-level security. Access to administrative records requires authenticated accounts scoped to the agency. Audit logs record verification and access actions. No system is perfectly secure; if we learn of a breach affecting your data we will notify affected agencies promptly.
6. Retention
Agency Data is retained while the agency's account is active. Employment records often carry legal retention requirements; agencies control what they keep. After account termination, agencies may export their data for 60 days, after which we may delete it unless law requires otherwise.
7. Your rights
Agency account holders can access and correct account information in the product. Applicants and employees should direct access, correction, or deletion requests to their agency; we support our customers in fulfilling them. Where privacy law grants you rights directly against us, contact us using the address below.
8. Cookies
The Service uses only the cookies and local storage needed to keep you signed in and remember preferences. We do not use third-party advertising trackers.
9. Children
The Service is for workplace use and is not directed to children under 16.
10. Changes
We will post updates here and notify agencies by email of material changes.
11. Contact
Privacy questions: Muadth11@gmail.com.