DanceFlow legal

Data Processing Addendum

Effective: July 17, 2026

This Data Processing Addendum forms part of the DanceFlow SaaS Terms or another agreement between DanceFlow and the customer that references it. It applies when DanceFlow processes Customer Personal Data on the customer's behalf.

1. Definitions and roles

“Customer Personal Data” means personal data submitted to DanceFlow by or for the customer and processed to provide the services. “Data Protection Laws” means privacy and data-protection laws applicable to that processing.

The customer is the controller or business responsible for Customer Personal Data. DanceFlow is the processor or service provider acting on the customer's documented instructions, except where DanceFlow independently determines a purpose and means of processing.

2. Processing instructions

DanceFlow will process Customer Personal Data to provide, secure, maintain, support, and improve the contracted services; comply with the customer's documented use and configuration of the services; and comply with law.

The SaaS Terms, this DPA, the customer's feature selections, support requests, and lawful written instructions constitute the customer's documented instructions.

3. Customer obligations

The customer is responsible for the lawfulness, accuracy, and quality of Customer Personal Data; providing required notices; obtaining required consents; responding to individuals; and ensuring that its instructions comply with Data Protection Laws.

4. Confidentiality

DanceFlow will ensure that personnel authorized to process Customer Personal Data are subject to confidentiality obligations and receive access only as reasonably necessary for their responsibilities.

5. Security

DanceFlow will maintain reasonable administrative, technical, and organizational safeguards appropriate to the nature of Customer Personal Data and the risks of processing. Controls may include role-based access, server-side authorization, database policies, encryption in transit, protected credentials, validation, rate limiting, logging, monitoring, backup practices, and incident-response procedures.

Additional current information is available on the Security page.

6. Subprocessors

The customer authorizes DanceFlow to use subprocessors to provide the services. Subprocessors may support hosting, databases, authentication, storage, payments, communications, monitoring, analytics, support, integrations, and AI-assisted features.

DanceFlow will require subprocessors that process Customer Personal Data to protect it through written obligations appropriate to their services. DanceFlow remains responsible for its obligations under this DPA.

A current subprocessor list may be requested from support@idanceflow.com. Customers may raise a reasonable data-protection objection to a new subprocessor by contacting DanceFlow promptly after notice.

7. Individual rights requests

Taking into account the nature of processing, DanceFlow will provide reasonable assistance through available product controls or support so the customer can respond to valid requests to access, correct, delete, restrict, object to, or export Customer Personal Data.

If DanceFlow receives a request relating primarily to customer-controlled data, DanceFlow may direct the requester to the customer unless legally prohibited.

8. Security incidents

DanceFlow will notify the customer without undue delay after confirming unauthorized access to, acquisition of, or disclosure of Customer Personal Data for which notification is required under applicable law.

Notice will include information reasonably available to DanceFlow about the nature of the incident, affected data, likely consequences, and remediation. Notification is not an admission of fault or liability.

9. Assessments and consultations

DanceFlow will provide reasonable information needed for the customer to conduct legally required data-protection impact assessments or prior consultations relating to the services, considering the nature of processing and information available to DanceFlow.

10. International transfers

Customer Personal Data may be processed in the United States and other countries where DanceFlow or its subprocessors operate. Where a lawful transfer mechanism is required, the parties will cooperate to implement applicable standard contractual clauses or another valid safeguard.

11. Return and deletion

During the subscription, the customer may use available features to access or export Customer Personal Data. Following termination or a valid deletion instruction, DanceFlow will delete or return Customer Personal Data within a reasonable period unless retention is required by law, necessary for security, disputes, payment and accounting records, or maintained temporarily in protected backups.

12. Audit information

DanceFlow will make information reasonably necessary to demonstrate compliance with this DPA available to the customer. Where legally required and after review of available documentation, the parties may agree to a narrowly scoped audit subject to confidentiality, security, reasonable advance notice, minimal disruption, and allocation of costs.

13. Required-law processing

If law requires DanceFlow to process Customer Personal Data beyond the customer's instructions, DanceFlow will notify the customer before processing unless legally prohibited.

14. Processing details

  • Subject matter: operation of DanceFlow services selected by the customer.
  • Duration: the subscription and any lawful retention or deletion period.
  • Nature and purpose: hosting, organizing, transmitting, securing, supporting, analyzing, and presenting customer-selected workflows.
  • Data subjects: customers, staff, instructors, contractors, leads, clients, students, dancers, guardians, attendees, registrants, vendors, and contacts.
  • Data categories: identifiers, contact details, account and role data, schedules, attendance, transactions, memberships, documents, signatures, communications, uploaded content, event records, and technical logs.
  • Sensitive data: customers should avoid submitting sensitive data unless necessary, lawful, and supported by the selected feature.

15. Priority and updates

If this DPA conflicts with the SaaS Terms regarding processing of Customer Personal Data, this DPA controls. DanceFlow may update this DPA to reflect service or legal changes, provided updates do not materially reduce required data-protection commitments during a current paid term without a lawful basis or customer agreement.

Customers with regulatory, international-transfer, or negotiated-contract requirements should contact support before relying on this public DPA for a specialized compliance program.
← Return to SaaS Terms