Customer trust
Security at DanceFlow
Last reviewed: July 17, 2026
DanceFlow uses layered safeguards designed to protect studio operations, customer records, schedules, payments, documents, and connected integrations. No online service can promise perfect security, but security is built into how DanceFlow authorizes access and handles sensitive workflows.
How DanceFlow protects customer data
Role-based workspace access
Limits staff and instructor access to the functions their assigned role is allowed to use.
Server-side authorization
Checks permissions on the server rather than trusting buttons, links, or browser state.
Workspace data isolation
Uses database security policies and studio context to reduce the risk of one workspace accessing another workspace's records.
Protected authentication
Uses managed authentication, secure sessions, and account recovery controls to protect user access.
Encrypted connections
Protects information while it travels between a user's device, DanceFlow, and supported service providers.
Protected integration credentials
Stores supported OAuth credentials encrypted and limits their use to the integration the customer enabled.
Stripe payment handling
Keeps full card numbers and card security codes out of DanceFlow application storage by using Stripe payment experiences.
Upload validation
Checks supported file type, extension, size, and content expectations before accepting sensitive uploads.
Rate limiting and abuse controls
Reduces automated guessing, repeated signing attempts, high-volume abuse, and excessive public requests.
Private signing links
Uses high-entropy signing tokens stored as hashes rather than storing the usable public token directly.
Signed-document integrity records
Preserves document hashes, timestamps, consent text, signature method, and audit events to help detect change and support attribution.
Restricted document delivery
Uses private storage, short-lived access where applicable, no-store caching, and browser security headers for signing documents.
Security logging and monitoring
Records important workflow and error information needed to investigate suspicious activity and service failures.
Data minimization in public pages
Limits public discovery and signing pages to the information intentionally needed for that experience.
Customer security responsibilities
- Use unique passwords and protect email accounts used for authentication.
- Assign the least access needed and remove former staff promptly.
- Review integrations and disconnect accounts that are no longer used.
- Do not place unnecessary sensitive information in notes, uploads, or AI prompts.
- Report suspicious access, unexpected messages, or exposed links promptly.
- Export and retain records your business must preserve independently.
Payments
DanceFlow uses Stripe for supported card-processing workflows. Depending on the transaction, the studio or organizer's connected Stripe account may be the merchant responsible for fulfillment, refunds, and disputes. DanceFlow does not intentionally store full card numbers or card security codes.
Privacy and data processing
Security and privacy work together. Review the Privacy Policy and Data Processing Addendum for information about processing roles, providers, retention, requests, and customer responsibilities.
Responsible disclosure
Send suspected vulnerabilities to support@idanceflow.com with the affected URL, steps to reproduce, expected and observed behavior, and relevant screenshots or logs.
Do not access, modify, download, delete, or disclose data that does not belong to you. Do not disrupt service, test against other customers, use automated high-volume scanning, or publicly disclose an issue before DanceFlow has had a reasonable opportunity to investigate and remediate it.
Security questions
Customers evaluating DanceFlow may contact support for reasonable security and data-processing questions. Information may be limited where disclosure could weaken security or expose confidential architecture.
