Privacy Policy

What Cascadence Does

Cascadence is an outcome monitoring platform. It watches important flows in your web application (like checkout, signup, or payment) and checks whether they produce the correct result. It is not an error tracker or uptime monitor — it catches silent failures where everything looks fine technically but the outcome is wrong.

Cascadence consists of a Chrome browser extension (used to record flows) and a web dashboard (used to review results and manage alerts).

What the Chrome Extension Collects

When you click "Start Recording", the extension captures the accessibility tree of elements you interact with. This includes:

• ARIA roles and accessible names (e.g. "button: Submit Order")
• Element states (checked, expanded, disabled)
• The current page URL (with query parameters and fragments stripped)
• Timestamps of each interaction
• Your answers to the recording agent's questions about the flow

What We Do NOT Collect

• Raw HTML, CSS, or page layout
• Screenshots or visual content
• Cookies, localStorage, or session data from the sites you visit
• Browsing history or activity outside of active recordings
• Network requests or API calls made by the site
• Any data when recording is not active — the extension is completely inert

Sensitive Data Masking

Form input values are automatically masked for passwords, payment card numbers, phone numbers, addresses, and government IDs. These values are replaced with [MASKED] before leaving your browser. You can also add a data-cascadence-mask attribute to any HTML element to force masking.

What the Dashboard Collects

When you use the Cascadence web dashboard, we collect standard account information:

• Email address and name (via Clerk authentication)
• Organisation name
• Flow configurations and business rules you define
• Replay results and anomaly detection outputs

We also use PostHog for product analytics (page views, feature usage) and Sentry for error monitoring. Both are configured to respect Do Not Track headers.

Where Your Data Goes

All data captured by the extension is sent to our backend over an encrypted WebSocket connection (WSS). Data at rest is stored in:

• PostgreSQL (Railway, US region) — flow definitions, replay results, anomaly data
• Redis (Railway, US region) — temporary session data, cleared automatically
• Cloudflare R2 — replay screenshots (if enabled), encrypted at rest

We use OpenAI and Anthropic APIs to power anomaly detection. When your flow data is sent to these providers for analysis, it is covered by their enterprise data processing agreements — your data is not used to train their models.

How Long We Keep Your Data

• Flow definitions and business rules — kept until you delete them
• Replay results — kept until you delete the flow or your account
• Replay screenshots — subject to our retention policy (default: 90 days)
• Redis session data — automatically expires within minutes
• Authentication tokens — short-lived JWTs, never stored persistently

Extension Permissions Explained

The Chrome extension requests these permissions:

• activeTab — access the tab you're recording (not all tabs)
• scripting — inject the recording script when you click "Start Recording"
• storage — remember recording state during a session (cleared on browser close)
• tabs — detect which tab is active during recording
• sidePanel — show the recording panel

The extension does not request access to your browsing history, bookmarks, downloads, or any other browser data.

Local Storage

The extension stores only one piece of data locally: whether a recording is currently active and which tab it's on. This uses Chrome's session storage, which is automatically cleared when you close your browser. No persistent data is stored on your device.

How to Delete Your Data

• Delete a flow — removes the flow, all its replays, and all associated anomaly data
• Delete your account — removes all your data from our systems. Email privacy@cascadence.io
• Uninstall the extension — removes all local session data immediately

Third-Party Services

• Clerk — authentication (email, OAuth). Clerk Privacy Policy
• OpenAI — AI analysis of flow data. OpenAI Enterprise Privacy
• Anthropic — AI analysis (fallback). Anthropic Privacy Policy
• PostHog — product analytics. PostHog Privacy Policy
• Sentry — error monitoring. Sentry Privacy Policy
• Railway — infrastructure hosting. Railway Privacy Policy
• Cloudflare — screenshot storage. Cloudflare Privacy Policy

Children

Cascadence is not intended for use by anyone under 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you via the email address associated with your account. The "Last updated" date at the top of this page always reflects the latest version.

Contact

Questions about this policy or your data? Email privacy@cascadence.io.