Latin Dance Club← Back to home

Legal

Trust & Security

This page is maintained by Cosmo Labs to answer common security and privacy questions about Latin Dance Club. It describes the controls we operate today — it is not a third-party certification.

Last updated: January 15, 2026

Overview

We built Latin Dance Club so dancers, instructors, and teams can train, share, and book with confidence. This page summarizes the security and privacy controls in effect today.

Account safety

Email + password sign-in, optional Google sign-in, password breach checks, and admin-protected master controls.

Encrypted in transit

All traffic to thelatindanceclub.com is served over HTTPS/TLS.

Least-privileged access

Row-Level Security on user data tables — your records are scoped to your account by default.

Backed by managed cloud

Hosted on managed platforms with continuous monitoring and automated backups of the application database.

Account & Access

  • Sign-in methods: email + password and Google OAuth.
  • Password protection: passwords are stored as hashes by our auth provider; we never see them in plaintext. New and updated passwords are checked against the Have I Been Pwned breached-password list when that control is enabled on the project.
  • Password reset: self-service from the sign-in screen, with a time-limited recovery link sent to your email.
  • Change password: available in your account settings.
  • Admin separation: master admin and admin roles are stored separately from profile data and protected by a session-bound MFA gate with idle auto sign-out.

Hosting & Platform

  • Application: deployed via Lovable on the Cloudflare edge network.
  • Database, auth, and storage: managed Postgres with Row-Level Security, managed auth, and object storage provided through Lovable Cloud (Supabase).
  • Transport: HTTPS/TLS for browser traffic and for service-to-service calls.
  • Backups: the managed database provider performs continuous automated backups of the application database.

Data We Handle

For the full list of categories, purposes, and lawful bases, see our Privacy Policy. In short, we process:

  • Account identifiers (email, auth IDs).
  • Profile content you publish (display name, bio, photo, city, styles, levels, links).
  • Content you upload (videos, reels, lessons, posts, covers).
  • Messaging content (direct messages, group chats, team chats).
  • Bookings, RSVPs, ticket purchases, and event check-ins.
  • Limited operational metadata used to keep the service running.

Subprocessors

We use a small set of vetted vendors to deliver the service:

  • Cloudflare — edge hosting and CDN.
  • Lovable Cloud (Supabase) — managed Postgres, authentication, file storage, and queues.
  • Stripe — payment processing for tickets, team dues, and instructor payouts.
  • Mailgun (via Lovable Emails) — delivery of authentication and app emails from notify.thelatindanceclub.com.
  • Google — optional OAuth sign-in for users who choose it.
  • Lovable AI Gateway — model routing for in-app AI features (captions, help assistant).

We update this list when subprocessors change.

Cookies & Analytics

We use cookies and similar storage primarily to keep you signed in, remember basic preferences, and operate features such as onboarding nudges. See the Cookie Policy for details.

Retention & Deletion

  • Profile, content, and message data are retained for as long as your account is active.
  • You can delete posts, reels, and lessons at any time from the app.
  • Account deletion requests are processed by contacting us at privacy@thelatindanceclub.com. Some records (financial, audit, abuse, legal-hold) may be retained as required by law.

Your Privacy Rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. Submit requests to privacy@thelatindanceclub.com from the email on file for your account. We respond within the time frame required by applicable law.

Shared Responsibility

Security is a partnership.

  • Cosmo Labs operates the application, applies framework-level access controls, and responds to incidents and abuse reports.
  • Platform providers (Cloudflare, Lovable Cloud / Supabase, Stripe, Mailgun) operate the underlying infrastructure and their own security programs.
  • You protect your account by using a strong, unique password, keeping recovery email access secure, signing out on shared devices, and reporting anything suspicious.

Incident & Security Contact

security@thelatindanceclub.com

For account compromise, suspected data exposure, or any urgent security concern. Please include the affected account email and a description of what you observed.

For general support, use the in-app Help Center or Contact page.

Vulnerability Reporting

Responsible disclosure

If you believe you've found a security vulnerability, please report it privately to security@thelatindanceclub.com. Give us a reasonable window to investigate and remediate before any public disclosure. We do not pursue researchers who act in good faith and follow this process.

  • In scope: thelatindanceclub.com, *.thelatindanceclub.com, and the Latin Dance Club web application.
  • Out of scope: social-engineering of staff or users, denial-of-service, physical attacks, and findings on third-party services we do not operate.

Compliance

Latin Dance Club has not been independently audited against frameworks such as SOC 2 or ISO 27001. We rely on the certifications and controls operated by our underlying platform providers. If your organization needs a specific attestation or a Data Processing Addendum, reach out to legal@thelatindanceclub.com.

This page is app-owned editable content and is not a third-party certification of Latin Dance Club or Cosmo Labs.