Customer trust

Security at DanceFlow

Last reviewed: July 17, 2026

DanceFlow uses layered safeguards designed to protect studio operations, customer records, schedules, payments, documents, and connected integrations. No online service can promise perfect security, but security is built into how DanceFlow authorizes access and handles sensitive workflows.

How DanceFlow protects customer data

Role-based workspace access

Limits staff and instructor access to the functions their assigned role is allowed to use.

Server-side authorization

Checks permissions on the server rather than trusting buttons, links, or browser state.

Workspace data isolation

Uses database security policies and studio context to reduce the risk of one workspace accessing another workspace's records.

Protected authentication

Uses managed authentication, secure sessions, and account recovery controls to protect user access.

Encrypted connections

Protects information while it travels between a user's device, DanceFlow, and supported service providers.

Protected integration credentials

Stores supported OAuth credentials encrypted and limits their use to the integration the customer enabled.

Stripe payment handling

Keeps full card numbers and card security codes out of DanceFlow application storage by using Stripe payment experiences.

Upload validation

Checks supported file type, extension, size, and content expectations before accepting sensitive uploads.

Rate limiting and abuse controls

Reduces automated guessing, repeated signing attempts, high-volume abuse, and excessive public requests.

Private signing links

Uses high-entropy signing tokens stored as hashes rather than storing the usable public token directly.

Signed-document integrity records

Preserves document hashes, timestamps, consent text, signature method, and audit events to help detect change and support attribution.

Restricted document delivery

Uses private storage, short-lived access where applicable, no-store caching, and browser security headers for signing documents.

Security logging and monitoring

Records important workflow and error information needed to investigate suspicious activity and service failures.

Data minimization in public pages

Limits public discovery and signing pages to the information intentionally needed for that experience.

Customer security responsibilities

  • Use unique passwords and protect email accounts used for authentication.
  • Assign the least access needed and remove former staff promptly.
  • Review integrations and disconnect accounts that are no longer used.
  • Do not place unnecessary sensitive information in notes, uploads, or AI prompts.
  • Report suspicious access, unexpected messages, or exposed links promptly.
  • Export and retain records your business must preserve independently.

Payments

DanceFlow uses Stripe for supported card-processing workflows. Depending on the transaction, the studio or organizer's connected Stripe account may be the merchant responsible for fulfillment, refunds, and disputes. DanceFlow does not intentionally store full card numbers or card security codes.

Privacy and data processing

Security and privacy work together. Review the Privacy Policy and Data Processing Addendum for information about processing roles, providers, retention, requests, and customer responsibilities.

Responsible disclosure

Send suspected vulnerabilities to support@idanceflow.com with the affected URL, steps to reproduce, expected and observed behavior, and relevant screenshots or logs.

Do not access, modify, download, delete, or disclose data that does not belong to you. Do not disrupt service, test against other customers, use automated high-volume scanning, or publicly disclose an issue before DanceFlow has had a reasonable opportunity to investigate and remediate it.

Security questions

Customers evaluating DanceFlow may contact support for reasonable security and data-processing questions. Information may be limited where disclosure could weaken security or expose confidential architecture.