Cadre← Back to site

Privacy Policy

Last updated: June 12, 2026

This Privacy Policy explains how Cadre HR ("Cadre," "we," "us") collects, uses, and protects information when you use cadrehr.org and agency subdomains (the "Service").

1. Two roles: agencies and their people

Cadre is business software used by human-services agencies. Agencies are our customers and control the data in their account. Applicants and employees submit information to an agency through the Service; for that information, the agency is the data controller and Cadre processes it on the agency's behalf. If you applied for a job or were onboarded through a Cadre-powered page, contact the agency you applied to for questions about your information.

2. What we collect

Account information — agency name, your name, email, phone, and password (stored as a salted hash). Agency Data — applications, hiring records, onboarding forms (which may include sensitive information such as government ID numbers, tax withholding, banking details for direct deposit, and clearance documents), policy signatures, and uploaded documents. Usage data — log data such as IP address, browser type, and actions taken in the product (recorded in audit logs to satisfy our customers' compliance needs).

3. How we use information

We use information solely to provide and secure the Service: operating the hiring pipeline, sending transactional emails (reminders, notifications, receipts), maintaining audit trails, preventing abuse, and providing support. We do not sell personal information and we do not use Agency Data for advertising.

4. Where data lives

Agency Data is stored with our infrastructure providers — Supabase (database, authentication, and file storage; hosted in the United States) and Netlify (web hosting). Transactional email is delivered through Resend, and payments are processed by Stripe; Stripe handles card details directly and we never store card numbers.

5. Security

Data is encrypted in transit (TLS) and at rest. Each agency's records are isolated with database row-level security. Access to administrative records requires authenticated accounts scoped to the agency. Audit logs record verification and access actions. No system is perfectly secure; if we learn of a breach affecting your data we will notify affected agencies promptly.

6. Retention

Agency Data is retained while the agency's account is active. Employment records often carry legal retention requirements; agencies control what they keep. After account termination, agencies may export their data for 60 days, after which we may delete it unless law requires otherwise.

7. Your rights

Agency account holders can access and correct account information in the product. Applicants and employees should direct access, correction, or deletion requests to their agency; we support our customers in fulfilling them. Where privacy law grants you rights directly against us, contact us using the address below.

8. Cookies

The Service uses only the cookies and local storage needed to keep you signed in and remember preferences. We do not use third-party advertising trackers.

9. Children

The Service is for workplace use and is not directed to children under 16.

10. Changes

We will post updates here and notify agencies by email of material changes.

11. Contact

Privacy questions: Muadth11@gmail.com.