HomeHow It WorksAboutDance UniverseGo SocialFAQStart Exploring

Legal

Privacy Policy

Last updated: April 23, 2026 · Terms of Service →

1. Overview

World Dance Group ("we", "us", "our") operates Concierge Inteligente under the SalZOOM360 brand. This Privacy Policy explains what personal data we collect, why we collect it, and your rights regarding that data. We are committed to protecting your privacy and processing your data only as described herein.

2. Data We Collect

We collect data in two ways:

2a. Data you provide

  • Email address — required to create an account.
  • Password — hashed and stored securely by Supabase Auth; we never see plaintext passwords.
  • Search queries — the natural-language intentions you submit to the concierge (stored for Free/Premium users to power search history).
  • Favorites — places and events you save (Premium tier only).
  • Feedback ratings — optional thumbs-up/down ratings on AI responses.

2b. Data collected automatically

  • Session cookies — JWT tokens to maintain your login state.
  • Anonymous session ID — a UUID stored in a cookie to enforce rate limits for unauthenticated users (no personal data linked).
  • Ecosystem click events — which partner platform links you click (e.g., Dance-Mart, Travel Hotel Save), stored without PII.
  • Locale preference — language cookie (EN/ES) stored locally in your browser.

3. How We Use Your Data

  • Service delivery: To authenticate you, respond to your queries, and display personalized results.
  • Rate limiting: To enforce daily query limits per access tier and prevent abuse.
  • Search history: To display your past queries in the History panel (Free/Premium users).
  • Analytics: Aggregated, anonymized usage stats to improve the Service (no individual profiling).
  • Payment processing: Your billing details are passed directly to Stripe; we store only the subscription status in our database.
  • Legal compliance: To comply with applicable laws and respond to lawful requests from authorities.

4. Third-Party Data Processors

We share data with the following processors, each governed by their own privacy policies:

Supabase

Privacy policy →

Database, authentication, and file storage.

Data shared: Email, hashed password, search history, favorites.

Stripe

Privacy policy →

Payment processing for Premium subscriptions.

Data shared: Billing email, payment card details (handled by Stripe directly — we receive only subscription status).

Google (Places API)

Privacy policy →

Place search results and venue data.

Data shared: Your search query text and approximate location (if provided).

Eventbrite

Privacy policy →

Event search results.

Data shared: Your search query text and approximate location (if provided).

Microsoft Azure OpenAI

Privacy policy →

AI query synthesis via GPT-4o.

Data shared: Anonymized query text and API response data; not used to train Azure OpenAI models.

Vercel

Privacy policy →

Hosting and CDN.

Data shared: Server request logs (IP addresses, user agents) retained briefly for security and debugging.

5. Data Retention

  • Search history: Retained while your account is active. Deleted upon account deletion.
  • API cache: Cached API responses are auto-purged after 1–6 hours depending on source.
  • Anonymous sessions: Rate-limit counters reset daily; session IDs are not stored beyond 30 days.
  • Stripe events: Stripe webhook audit logs are retained for 7 years for financial compliance.
  • Account data: Deleted within 30 days of an account deletion request.

6. Cookies

We use only functional/strictly-necessary cookies. No advertising or cross-site tracking cookies are set.

CookiePurposeDuration
sb-*Supabase auth session (JWT)Session / 1 week
NEXT_LOCALELanguage preference (EN/ES)1 year
anon_session_idAnonymous rate-limit tracking30 days

7. Your Rights

Depending on your jurisdiction you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your account and associated data.
  • Portability: Receive your search history in a machine-readable format.
  • Objection: Object to processing where we rely on legitimate interests.
  • Withdraw consent: Delete your account at any time via account settings.

To exercise any right, contact us at legal@salzoom360.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including TLS encryption in transit, Supabase Row Level Security (RLS) policies to isolate user data, and service-role key restrictions (the Supabase service role key is never exposed to the browser). Stripe PCI-DSS compliance handles all payment card data. No system is 100% secure; if you discover a vulnerability, please disclose it responsibly to legal@salzoom360.com.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us at legal@salzoom360.com and we will delete the account promptly.

10. Changes to this Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top of this page reflects the latest revision. Continued use of the Service after changes constitutes acceptance. For material changes we will send an email notification to registered users.

11. Contact Us

Privacy questions or requests: legal@salzoom360.com
World Dance Group — SalZOOM360

© 2026 World Dance Group · SalZOOM360
Terms of ServiceHome