DANZ

Privacy Policy

Effective Date: August 20, 2025Last Updated: August 20, 2025

At DANZ, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our dance community platform. DANZ is operated from the Netherlands and complies with European data protection laws.

Our Privacy Commitment: We do not sell, rent, or share your personal data with third parties for their marketing purposes. All information collected is used solely to provide and improve the DANZ platform experience for our dance community.

Data Location: All data is processed and stored within the European Union, ensuring the highest standards of data protection under GDPR regulations.

Information We Collect

Account Information

  • Username and email address (required for account creation)
  • Password (securely hashed using industry-standard encryption)
  • OAuth provider information (if you sign up with Google, GitHub, or Discord)
  • Email verification status and timestamps

Profile Information

  • Bio and personal titles (optional)
  • Profile picture (optional)
  • Social media links (optional)
  • Location information (optional - city, coordinates for event discovery)
  • Favorite dance styles and tags
  • Forum and video engagement scores

Content You Create

  • Forum posts, topics, and comments
  • Videos (YouTube URLs) and descriptions
  • Dance style tags and wiki contributions
  • Community information and news posts
  • Event details and RSVPs
  • Reports and moderation feedback

Activity Information

  • Login timestamps and activity patterns
  • Content interactions (respects, follows)
  • Community memberships and join requests
  • Event attendance and interests
  • Notification preferences
  • Search queries within the platform

Technical Information

  • IP addresses (for security and audit purposes)
  • Browser user agent strings
  • Session identifiers
  • Failed login attempts (for account security)

How We Use Your Information

Core Platform Functions

  • Create and manage your DANZ account
  • Display your profile to other users
  • Enable you to create and share dance content
  • Connect you with dance communities and events
  • Facilitate communication between community members
  • Provide personalized content recommendations based on your dance interests

Safety and Security

  • Protect against unauthorized access and account takeovers
  • Monitor for spam, abuse, and policy violations
  • Enforce community guidelines and terms of service
  • Investigate reports and resolve disputes
  • Maintain audit logs for security purposes
  • Implement account lockouts after failed login attempts

Platform Improvement

  • Analyze usage patterns to improve features
  • Track popular dance styles and content trends
  • Optimize performance and user experience
  • Debug technical issues and errors
  • Develop new features based on community needs

Communications

  • Send account-related notifications (password resets, email verification)
  • Deliver in-app notifications based on your preferences
  • Send optional email notifications for community activity
  • Provide important platform updates and announcements

How We Protect Your Information

Security Measures

  • Industry-standard password hashing (bcrypt)
  • Encrypted connections (HTTPS/TLS)
  • Secure session management with JWT tokens
  • Input validation and sanitization to prevent attacks
  • SQL injection prevention through parameterized queries
  • XSS (Cross-Site Scripting) protection
  • Rate limiting to prevent abuse
  • Regular security audits and updates

Access Controls

  • Role-based access control (User, Moderator, Admin)
  • Principle of least privilege for data access
  • Audit logging for administrative actions
  • Secure password reset mechanisms
  • Account lockout after multiple failed attempts
  • Email verification for account changes

Data Integrity

  • Regular automated backups
  • Soft delete with restoration capabilities
  • Version tracking for dance wiki edits
  • Content moderation and approval workflows
  • Comprehensive audit trails for all changes

Information Sharing

We DO NOT Share Your Data

  • We do not sell, rent, or trade your personal information
  • We do not share data with third-party advertisers
  • We do not use your data for marketing outside DANZ
  • We do not provide user data to data brokers
  • All data remains within the DANZ platform ecosystem

Limited Disclosure Scenarios

  • When required by law or legal process
  • To protect the rights and safety of DANZ users
  • To prevent fraud or security threats
  • With your explicit consent
  • To service providers essential for platform operation (e.g., email delivery)

Public Information

  • Your username and profile information are visible to other users
  • Content you post (forums, videos, comments) is publicly visible
  • Community memberships and event attendance may be visible
  • Dance style contributions are publicly attributed
  • You control privacy settings for certain profile elements

Your Rights and Controls

Account Management

  • Access and download your personal data
  • Update or correct your information
  • Delete your account and associated data
  • Change your password and security settings
  • Manage OAuth connections
  • Control email and notification preferences

Content Control

  • Edit or delete your posts and comments
  • Remove videos from your profile
  • Update dance style wiki contributions
  • Leave communities and cancel event RSVPs
  • Report inappropriate content
  • Block or unfollow other users

Privacy Settings

  • Control profile visibility settings
  • Manage location sharing preferences
  • Choose notification delivery methods
  • Opt out of non-essential communications
  • Control who can follow you or join your communities

Data Storage and Retention

Storage Location

  • All data is stored on servers located in the European Union
  • Primary databases hosted in the Netherlands/EU region
  • Profile pictures stored in EU-based cloud storage
  • No data transfers outside the European Economic Area
  • Compliant with EU data residency requirements
  • Regular backups stored within EU data centers

Retention Periods

  • Active account data: Retained while account is active
  • Deleted content: Soft-deleted and retained for 30 days
  • Audit logs: Retained for security and compliance
  • Session data: Expires based on security settings
  • Password reset tokens: Expire after 1 hour
  • Failed login attempts: Reset after successful login

Communications

Types of Communications

  • Transactional emails (password resets, email verification)
  • Activity notifications (based on your preferences)
  • Security alerts (unusual login activity)
  • Platform updates and announcements
  • Community news and event notifications

Managing Communications

  • Configure notification preferences in Settings
  • Unsubscribe from optional emails
  • Choose between email and in-app notifications
  • Set digest frequency for activity summaries
  • Mute specific communities or users

Cookies and Tracking

Essential DANZ Cookies

  • NextAuth.js session tokens (next-auth.session-token) for authentication
  • CSRF protection tokens (next-auth.csrf-token) for security
  • HTTP-only cookies for enhanced security
  • Session duration: 30 days maximum
  • Automatically deleted when you sign out
  • Essential for basic platform functionality
  • No consent banner needed (legally required cookies under GDPR Article 6)

YouTube & Google Click-to-Load Cookies

  • YouTube video cookies: VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, YSC, ROLLOUT_TOKEN
  • Google authentication cookies: Various __Secure-* cookies (1PAPISID, 3PAPISID, etc.)
  • Google service cookies: APISID, HSID, NID, SAPISID, SID, SIDCC, SOCS, SSID
  • Advertising cookies: IDE (from doubleclick.net) for ad personalization
  • Set ONLY when you explicitly click to load/watch YouTube videos
  • No cookies are set by browsing DANZ or viewing video thumbnails
  • Legal basis: Implied consent through click-to-load action (GDPR Article 6(1)(a))

Privacy-by-Design Video Implementation

  • Video thumbnails load without setting any third-party cookies
  • YouTube content only loads after explicit user consent per video or session
  • Clear consent messages explain what clicking will enable
  • You can browse DANZ's entire platform without YouTube/Google cookies
  • DANZ does not control or access these third-party cookies once set
  • Google's privacy policy applies to their cookies and data collection

GDPR Compliance & European Data Rights

Your Rights Under GDPR

  • Right to Access - Request a copy of your personal data
  • Right to Rectification - Correct inaccurate personal data
  • Right to Erasure ('Right to be Forgotten') - Request deletion of your data
  • Right to Restrict Processing - Limit how we use your data
  • Right to Data Portability - Receive your data in a portable format
  • Right to Object - Object to certain types of processing
  • Right to Withdraw Consent - Withdraw consent at any time
  • Right to Lodge a Complaint - File a complaint with supervisory authorities

Legal Basis for Processing

  • Contract - Processing necessary to provide DANZ services
  • Consent - For optional features and communications
  • Legitimate Interests - Platform security and improvements
  • Legal Obligations - Compliance with applicable laws
  • Vital Interests - Protecting user safety

Data Protection

  • Privacy by Design principles implemented
  • Data minimization - We only collect necessary data
  • Purpose limitation - Data used only for stated purposes
  • Storage limitation - Data retained only as long as necessary
  • Regular privacy impact assessments conducted

Children's Privacy

Age Requirements

  • DANZ is intended for users 13 years and older
  • We do not knowingly collect data from children under 13
  • Parents or guardians may contact us to remove underage accounts
  • Users are required to confirm they meet the minimum age during registration
  • We reserve the right to terminate accounts of users under 13

Changes to This Policy

Policy Updates

  • We may update this policy to reflect platform changes
  • Significant changes will be announced to users
  • Continued use constitutes acceptance of updates
  • Previous versions available upon request
  • Last updated date shown at top of policy

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@danz.app

Data Controller: Dennis Backus (Trozay)

Location: Netherlands, European Union

Response Time: We aim to respond within 48 hours

Data Protection Rights: To exercise your GDPR rights or for privacy-related inquiries, contact us at privacy@danz.app

Supervisory Authority: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl

This privacy policy is governed by the laws of the Netherlands and the European Union, including the General Data Protection Regulation (GDPR).

By using DANZ, you consent to the collection and use of information as described in this policy. All data processing occurs within the European Economic Area.

Privacy Policy | DANZ