DanceFlow policy
Security
Last updated: May 15, 2026
Security overview
DanceFlow is built with role-based workspace access, server-side authorization checks, Supabase row-level security where applicable, and Stripe-hosted payment processing.
Card numbers and card security codes should be entered through Stripe-hosted payment experiences, not stored directly by DanceFlow.
Access controls
Workspace access is scoped by role and account context. Platform-admin and sensitive operational workflows should use multi-factor authentication and follow least-privilege access practices.
Data isolation
Studio, client, payment, event, and portal data should be protected by server-side checks and database policies. Public discovery pages should only expose content intentionally published by an eligible active/trialing workspace.
Vulnerability reporting
If you believe you found a security issue, email support@idanceflow.com with a description, affected URL, steps to reproduce, and any relevant screenshots or logs. Do not access, modify, delete, or disclose data that does not belong to you.
Roadmap controls
DanceFlow is building toward stronger security maturity, including audit logs for sensitive role/billing changes, platform admin MFA enforcement, alerting for server errors and billing risks, data export/deletion procedures, accessibility improvements, and future SOC 2 readiness.