Kizomba Foundations

Privacy Policy

Last updated: February 16th, 2026

Kizomba Foundations ("we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, and disclose your personal information when you use our website and the Kizomba Dance Competition System, including Private Lesson Booking Services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

For the purposes of applicable data protection law (including the EU General Data Protection Regulation), Kizomba Foundations is the data controller responsible for your personal data. You can contact us at contact@kizombafoundations.com.

1. Information We Collect

1.1 Personal Information

When you register for an account, we may collect the following personal information:

  • Full name
  • Email address
  • Username
  • Profile picture
  • Phone number (optional)
  • Location (city, state, country)
  • Biography
  • Social media links (Facebook, Instagram, TikTok)
  • Dance role (lead or follow)
  • Dance skill levels (Kizomba, Urban Kiz)
  • Competition ranking points
  • Member/Competition ID
  • Personal interests

1.2 Event & Competition Data

When you register for or participate in events, we collect:

  • Event registration records
  • Competition participation history
  • Winner and finalist placements
  • Waitlist records
  • Event attendance history
  • Coupon and discount code usage records

1.3 Payment Information

When you make payments or receive payouts through our platform, we collect:

  • Payment transaction history and receipts
  • Stripe Customer ID (for participants)
  • Stripe Connect account data (for event organizers)
  • Currency of transaction (USD, EUR, or CAD)

Note: We do not store your credit card numbers directly. All payment information is securely processed and stored by our payment processor, Stripe.

1.4 User-Generated Content

When you submit content to our platform, we collect:

  • Event reviews and ratings
  • Instructor reviews and ratings
  • Review replies from instructors
  • Review flags and moderation reports
  • Comments and feedback

For event reviews, you have the option to submit reviews anonymously, in which case your name will not be publicly displayed. However, we still retain your identity internally for moderation and abuse prevention purposes.

Instructor reviews are not anonymous. Your name and profile picture are always displayed alongside instructor reviews. We track the user ID of each reviewer to enforce a limit of one review per instructor per user and to enable moderation of flagged content.

1.5 Usage Data

We may also collect information about how you use and interact with our Services, including:

  • IP address
  • Browser type and version
  • Pages visited and time spent on our website
  • Date and time of your visit

1.6 Private Lesson Booking Data

When you use the Private Lesson Booking Services, we collect different information depending on your role:

As a Student:

  • Phone number and timezone
  • Booking requests, including requested service, date, time, and location type
  • Messages sent to Instructors as part of booking requests
  • Booking status history (pending, approved, declined, cancelled, completed)
  • Cancellation reasons

As an Instructor:

  • Teaching biography and dance genres
  • Services offered, including name, description, duration, price, and supported location types
  • Availability schedule and blocked dates
  • Cancellation policy and booking requirements
  • Timezone and payment method preferences
  • Booking approval and decline actions, including decline reasons

Booking Records:

  • Booking IDs and status transitions
  • Scheduled date, time, and timezone
  • Service details associated with each booking
  • Approval deadlines and grace period timestamps
  • Calendar event IDs
  • Audit timestamps (created, updated, approved, cancelled)

1.7 Calendar Integration Data

When you connect your Google Calendar to Kizomba Foundations, we collect and store:

  • Google OAuth 2.0 access and refresh tokens (encrypted using AES-256-GCM)
  • Calendar email address
  • Calendar event data, including event summaries, start/end times, and busy/free status
  • Calendar sync tokens and webhook channel IDs

OAuth tokens are encrypted at rest and are used solely for the purpose of synchronizing your calendar availability and creating/updating lesson calendar events. You may disconnect your Google Calendar at any time through your account settings, which will delete stored tokens and cached calendar data.

1.8 Location Data

We collect and process location-related data in the following ways:

  • Address Autocomplete: When you enter an address for an event venue or instructor studio, we use the Google Places API to provide autocomplete suggestions. Keystrokes you type in address fields are sent to Google to generate suggestions.
  • Stored Location Data: When you select an address, we store the latitude, longitude, and Google Place ID associated with that location in our database.
  • Public Addresses: Event venue addresses and instructor studio addresses are publicly visible on the platform to help users find events and lessons.

1.9 Contract Generator Data

When you use the contract generator tool, the following data may be processed to generate your document:

  • Names of contracting parties
  • Email addresses and phone numbers
  • Compensation and payment terms
  • Event or lesson details

PDF contracts are generated client-side in your browser and are not transmitted to or stored on our servers. DOCX contracts are generated via a server endpoint but the data is processed transiently and is not retained after the document is delivered to you.

2. How We Use Your Information

We use your personal information to:

  • Provide, maintain, and improve our Services
  • Communicate with you about updates, promotions, and events
  • Monitor and analyze usage and trends to improve your experience
  • Detect, prevent, and address technical issues
  • Facilitate private lesson booking requests between Students and Instructors
  • Send booking notifications, confirmations, and calendar invitations related to private lessons
  • Synchronize lesson schedules with connected Google Calendars
  • Display Instructor availability and prevent scheduling conflicts

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we are required under the General Data Protection Regulation (GDPR) to identify a lawful basis for processing your personal data. The table below describes the legal basis we rely on for each category of processing:

Legal BasisProcessing Activity
Contract Performance
(Art. 6(1)(b))
  • Account creation and management
  • Event registration and ticket purchases
  • Payment processing via Stripe
  • Private lesson booking facilitation
  • Google Calendar synchronization for lessons
  • Transactional emails (booking confirmations, event updates)
Legitimate Interest
(Art. 6(1)(f))
  • Platform analytics and usage monitoring (PostHog, Firebase Analytics / GA4)
  • Fraud prevention and payment security (Stripe)
  • Search indexing and functionality (Algolia)
  • Competition ranking calculations and leaderboard
  • Platform improvement and debugging
  • Review moderation and abuse prevention
Consent
(Art. 6(1)(a))
  • Marketing communications and promotional emails
  • Non-essential cookies (Facebook SDK, PostHog analytics cookies and session recording, GA4 cookies)
  • Google Calendar integration (OAuth consent)
Legal Obligation
(Art. 6(1)(c))
  • Retaining records for tax, accounting, and financial reporting
  • Responding to lawful requests from regulatory authorities

Where we rely on consent, you may withdraw your consent at any time by contacting us at contact@kizombafoundations.com or by adjusting your cookie preferences. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Where we rely on legitimate interest, you have the right to object to such processing. If you object, we will stop processing your data for that purpose unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

4. Disclosure of Your Information

We may share your personal information with third parties in limited circumstances, such as:

  • To comply with a legal obligation or protect our rights
  • To provide certain services, such as payment processing
  • With your consent, such as when you choose to share your information with Facebook

4.1 Data Sharing with Event Organizers

When you register for an event through Kizomba Foundations, certain personal information is shared with the event organizer to facilitate event management. This includes:

  • Your name and email address
  • Your dance role (lead/follow) and skill level
  • Your registration status and any preferences you provided

Event organizers may use this information to communicate with you about the event, including sending updates, schedule changes, and important announcements. For more details on organizer communications, please see our Terms of Use.

4.2 Data Sharing in Private Lesson Bookings

When you use the Private Lesson Booking Services, certain personal information is shared between Students and Instructors to facilitate the booking process:

Information Shared with Instructors:

  • Student's full name
  • Email address
  • Phone number
  • Timezone
  • Message included with the booking request
  • Booking details (requested service, date, time, location type)

Information Shared with Students:

  • Instructor's name and profile photo
  • Teaching biography and dance genres
  • Email address (included in booking confirmation emails)
  • Services offered, including pricing and duration
  • General availability schedule
  • Cancellation policy
  • Accepted payment methods

Calendar Data Sharing:

  • Calendar invitations (ICS files) sent via email contain both parties' names, email addresses, and lesson details
  • Google Calendar events created through the platform include attendee information for both the Instructor and Student

For rules governing acceptable use of shared data, please see the "Data Sharing in Private Lesson Bookings" section of our Terms of Use.

4.3 Public Profile Visibility

Certain information on your profile is publicly visible to other users of the platform:

  • Your name, username, and profile picture
  • Your biography and location
  • Your dance role and skill levels
  • Your competition ranking points and leaderboard position
  • Competition placements (winners and finalists are publicly displayed)

Your email address and phone number are not publicly displayed. Reviews you submit for events may display your name and profile picture unless you choose to submit them anonymously. Instructor reviews always display your name and profile picture.

All images you upload to the platform (including profile photos, event cover images, and instructor photos) are stored in Firebase Storage with public read access. This means uploaded images are accessible via their URL to anyone on the internet, even if the associated profile or event is not directly linked.

4.4 Data Processing Addendum

Event organizers who collect personal data from attendees located in the European Economic Area may act as data controllers in their own right. For details on how Kizomba Foundations processes personal data on behalf of event organizers, please review our Data Processing Addendum.

5. Third-Party Services

We use the following third-party services to operate our platform. Each service has its own privacy policy governing how they handle your data:

  • Firebase/Google Cloud — We use Google's Firebase platform for hosting, database storage, and user authentication. See Firebase Privacy Policy.
  • Firebase Analytics (GA4) — We use Firebase Analytics (powered by Google Analytics 4) to track usage events such as sign-ups, logins, page views, purchases, and event interactions. We associate analytics data with your user ID and user properties (such as role and account type) to understand how our Services are used. See Firebase Privacy Policy and Google Privacy Policy.
  • Stripe — We use Stripe for payment processing and Stripe Connect for event organizer payouts. Stripe may set cookies on your browser for fraud prevention during checkout. See Stripe Privacy Policy.
  • Algolia — We use Algolia for search functionality. Data indexed in Algolia includes user names, usernames, email addresses, locations, biographies, dance skill levels, roles, social media URLs, and event details. See Algolia Privacy Policy.
  • Brevo (Transactional Email) — We use Brevo (formerly Sendinblue) for transactional email delivery, including booking confirmations, event notifications, and account communications. See Brevo Privacy Policy.
  • Brevo Conversations — We use the Brevo Conversations live chat widget on our website to provide customer support. This widget is loaded on all pages and may set cookies to maintain your chat session. See Brevo Privacy Policy.
  • PostHog — We use PostHog for analytics, usage tracking, session recording, and feature flag management. PostHog receives your user ID, email address, and display name when you are logged in. When analytics cookies are enabled, PostHog may record your browsing session, including page views, clicks, scrolls, and form interactions (sensitive input fields such as passwords are automatically masked). PostHog also uses feature flags to control which features are available to users. See PostHog Privacy Policy.
  • Google Sign-In — If you sign in using Google, we receive your name, email address, and profile picture from Google. See Google Privacy Policy.
  • Facebook SDK — The Facebook SDK is loaded on all pages of our website (with cookie: true enabled). If you sign in using Facebook, we receive your name, email address, and profile picture. Even without signing in, the Facebook SDK may set cookies and collect browsing data. See Meta Privacy Policy.
  • Google Maps Platform — We use the Google Places API for address autocomplete when entering event venue or instructor studio addresses. Keystrokes typed in address fields are transmitted to Google to generate autocomplete suggestions. See Google Privacy Policy.
  • Google Calendar API — We use the Google Calendar API to synchronize Instructor availability and create lesson calendar events. Our use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. See also Google API Terms of Service and Google Privacy Policy.
  • Cloudflare — We use Cloudflare for email routing, including processing calendar reply webhooks for booking-related email communications. See Cloudflare Privacy Policy.
  • FontAwesome — We use FontAwesome for icons, loaded via CDN. The CDN provider may log your IP address. See FontAwesome Privacy Policy.

Our Services may also contain links to other third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.

6. Security

We are committed to protecting the security of your personal information. While no method of transmission over the Internet or electronic storage is 100% secure, we use commercially acceptable means to protect your information.

7. Children's Privacy

Our Services are not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

If you are located in the European Economic Area, please note that under the General Data Protection Regulation (GDPR), the age at which individuals can consent to data processing varies by member state (between 13 and 16 years). If you are under the applicable age of consent in your country, you must have your parent or guardian's consent to use our Services.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

9. Data Deletion

You have the right to request that we delete your personal data, subject to certain exceptions. If you wish to request the deletion of your personal data, please contact us at contact@kizombafoundations.com. We will respond to your request in accordance with applicable laws and ensure that your data is deleted in a secure manner.

You may edit your profile information at any time through your account settings page. You may also disconnect your Google Calendar at any time through your account settings. Disconnecting will delete your stored OAuth tokens and cached calendar data.

Please note that certain data may be retained even after a deletion request, including:

  • Records required for tax, accounting, or financial reporting purposes
  • Competition results and ranking history (which may be anonymized rather than deleted)
  • Data related to pending disputes, chargebacks, or legal proceedings
  • Data we are required to retain by applicable law or regulatory obligations
  • Anonymized booking records retained for audit or dispute resolution purposes

10. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at contact@kizombafoundations.com.

11. Your Data Rights

Depending on your location, you may have certain rights regarding your personal data. If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with the following rights:

  • Right of Access (Art. 15): You have the right to obtain confirmation of whether we are processing your personal data and to request a copy of the data we hold about you.
  • Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to Erasure (Art. 17): You have the right to request deletion of your personal data, subject to certain legal exceptions (see Section 9).
  • Right to Restrict Processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interest.
  • Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object (Art. 21): You have the right to object to processing of your personal data based on legitimate interest (Art. 6(1)(f)). Upon objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

To exercise any of these rights, please contact us at contact@kizombafoundations.com. We will respond to your request within 30 days as required by GDPR Article 12(3). If we need additional time due to the complexity or volume of requests, we will notify you of an extension within the initial 30-day period.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA data protection authorities is available on the European Data Protection Board website.

12. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need to use your information, we will either securely delete it or anonymize it.

Private lesson booking records are retained for the duration of your account plus any additional period required for legal compliance or dispute resolution. Google Calendar OAuth tokens are deleted immediately upon disconnection of your calendar. Cached calendar availability data is regularly refreshed and not retained beyond its operational purpose.

13. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there.

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland: when we transfer your personal data outside of these regions, we rely on appropriate safeguards recognized under applicable data protection law, which may include the EU-U.S. Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms. If you have questions about the specific safeguards applied to your data transfer, please contact us at contact@kizombafoundations.com.

14. Cookie Policy

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Below is a detailed list of the cookies and similar technologies used on our platform:

Cookie / TechnologyCategoryPurposeDetails
__sessionEssentialAuthentication Stores your authentication token for server-side rendering. Secure, HttpOnly, SameSite=Strict. Session duration.
cookie_consentEssentialCookie preferences Stores your cookie consent preferences (analytics and marketing choices). SameSite=Strict. Expires after 1 year.
cart_{eventId}FunctionalShopping Cart Stores your shopping cart contents for event registration. Expires after 1 hour.
PostHog cookiesAnalytics (Third-party)Usage tracking & session recording Used to track page views, user interactions, and feature usage for product analytics. When enabled, PostHog also records browsing sessions (clicks, scrolls, and page navigation) to help us understand how users interact with the platform. Sensitive fields are automatically masked.
Facebook SDK cookiesThird-partySocial login / tracking Set by the Facebook SDK which is loaded on all pages. Used for authentication and may be used by Meta for advertising purposes.
Stripe cookiesThird-partyFraud prevention Set by Stripe during checkout to prevent fraud and ensure secure payment processing.
Brevo Conversations cookiesThird-partyLive chat Set by the Brevo Conversations live chat widget to maintain your chat session.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our Services may not function properly.

15. Analytics and Tracking Controls

We use the following analytics and tracking services when you are logged in or browsing our platform:

PostHog Analytics & Session Recording

When you are logged in, we send your user ID, email address, and display name to PostHog via the identify() method. This associates your browsing activity with your account for analytics purposes. PostHog also manages feature flags that control which features are available to you.

When analytics cookies are enabled, PostHog records your browsing sessions to help us improve the user experience. Session recordings capture page views, clicks, scrolls, mouse movements, and form interactions. Sensitive input fields (such as passwords and payment details) are automatically masked and never recorded. You can disable session recording and all PostHog tracking by opting out of analytics cookies via the cookie preferences on our website.

Firebase Analytics (Google Analytics 4)

We track the following types of events through Firebase Analytics: account sign-ups, logins, page/item views, purchases, add-to-cart actions, and event creation. Your user ID and account properties are associated with these events. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Algolia Search

To power our search functionality, the following user data is indexed in Algolia's servers: your name, username, email address, location, biography, dance skill levels, role, and social media URLs. Event data including titles, descriptions, dates, and locations is also indexed. Algolia processes search queries to return relevant results.

16. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (such as data needed for legal compliance or completing transactions).
  • Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. However, some third-party services we use (such as the Facebook SDK and analytics tools) may constitute "sharing" under the CCPA. You have the right to opt out of such sharing.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information we collect include: identifiers (name, email, username), commercial information (purchase and registration history), internet activity (browsing, analytics data), geolocation data (city, state, stored coordinates), and professional information (dance role, skill levels, instructor credentials).

To exercise any of these rights, please contact us at contact@kizombafoundations.com. We will verify your identity before processing your request and respond within 45 days.

17. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, Kizomba Foundations commits to the following:

  • Timely Notification: We will notify affected users via email within 72 hours of confirming a breach that is likely to result in a risk to your rights and freedoms.
  • Regulatory Notification: We will notify relevant regulatory authorities as required by applicable law, including state data breach notification laws.
  • Breach Details: Notifications will include a description of the nature of the breach, the types of data affected, the likely consequences, and the measures we are taking to address and mitigate the breach.
  • Remediation: We will take immediate steps to contain the breach, investigate its cause, and implement measures to prevent recurrence.

18. Automated Decision-Making

We use automated processes in the following areas of our Services:

  • Competition Rankings: Competition points and leaderboard positions are calculated automatically based on event participation, placements, and the scoring algorithm. These rankings are publicly displayed and may affect eligibility for certain competition categories.
  • Feature Availability: We use PostHog feature flags to control which features are available to users. Feature flags may be targeted based on user attributes or rolled out to a percentage of users.
  • Search Rankings: Algolia's search algorithms automatically determine the ordering of search results for users, events, and instructors based on relevance scoring.

None of these automated processes make decisions that produce legal effects or similarly significantly affect you. If you have questions about how automated decisions affect your account, please contact us.

Contact UsPrivacy PolicyTerms of UseCookie Preferences