Privacy Policy

Effective April 10, 2026

This Privacy Policy describes how Desic Design LLC (“we,” “us,” or “our”) collects, uses, shares, and protects information when you use Cue Designer (the “Service”). By using the Service, you agree to the practices described here.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, password (hashed), profile photo, display preferences.
• Authentication data: when you sign in via Google OAuth, we receive your email address, name, and profile picture from Google.
• Organization and show data: organization names, show titles, dance lists, cues, attribute labels, notes, member assignments, and any other content you create.
• Communications: messages you send to us (such as support requests) and email invitations you send to other users.
• Payment information: when you subscribe to a paid plan, payment details are collected directly by our payment processor, Stripe. We do not store full card numbers; we receive only a token, the last four digits, the card brand, and billing metadata.

1.2 Information Collected Automatically

• Usage data: pages visited, features used, actions taken (such as creating a cue or inviting a member), and timestamps of activity.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, language settings, and referring URLs.
• Cookies and similar technologies: see Section 6.

1.3 Information from Third Parties

We may receive information about you from third-party services we use to provide the Service, such as authentication providers (Google), payment processors (Stripe), and email delivery providers (Resend).

2. How We Use Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service;
• Authenticate users and manage accounts;
• Process payments and manage subscriptions;
• Send transactional emails (account verification, invitations, billing notices, security alerts);
• Respond to support requests and communicate with you about the Service;
• Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity;
• Enforce our Terms of Service and comply with legal obligations;
• Analyze usage patterns to improve features and performance.

We do not sell your personal information. We do not use your content to train machine-learning models.

3. Legal Bases for Processing (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

• Contract: to provide the Service you have requested;
• Legitimate interests: to operate, secure, and improve the Service, prevent fraud, and communicate about the Service;
• Consent: where required by law (such as for certain cookies or marketing communications);
• Legal obligation: to comply with applicable laws and regulations.

4. How We Share Information

We share information only as described below:

4.1 Within Your Organization or Show

Content you create within an organization or show — including cues, dance lists, notes, attribute values, and your profile information — is visible to other members of that organization or show in accordance with their assigned roles and permissions.

4.2 Service Providers (Subprocessors)

We share information with trusted third-party service providers who help us operate the Service. These providers are contractually obligated to protect your data and use it only for the purposes we specify:

• Supabase, Inc. — database hosting, authentication, and storage (US/EU data centers).
• Stripe, Inc. — payment processing and subscription management.
• Resend, Inc. — transactional email delivery.
• Google LLC — OAuth authentication (when you choose to sign in with Google).
• Vercel Inc. — application hosting and content delivery.

4.3 Legal Requirements

We may disclose information if required to do so by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to (a) comply with a legal obligation, (b) protect our rights or the safety of our users or others, (c) investigate fraud or security incidents, or (d) enforce our Terms.

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After you delete your account, we will delete or anonymize your personal information within a reasonable period, except where we are required to retain it for legitimate business or legal purposes (such as tax, audit, fraud prevention, or dispute resolution).

Content within an organization or show may be retained by the organization owner even after you leave or your account is deleted; in that case, your specific authorship attributions may be anonymized.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. The cookies we set fall into the following categories:

• Strictly necessary: required for authentication, session management, and security. These cannot be disabled.
• Functional: remember your settings and preferences (such as theme or sidebar state).

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning correctly.

7. Your Rights and Choices

Depending on where you live, you may have the following rights with respect to your personal information:

• Access: request a copy of the personal information we hold about you;
• Correction: request that we correct inaccurate or incomplete information;
• Deletion: request that we delete your personal information, subject to legal exceptions;
• Portability: request a copy of your data in a portable format;
• Objection / restriction: object to or request that we restrict certain processing;
• Withdraw consent: where processing is based on consent, you may withdraw it at any time;
• Lodge a complaint: residents of the EEA/UK may lodge a complaint with their local data protection authority.

You can exercise most of these rights directly from the account settings page. For other requests, contact us at support@desic.design. We will respond within the timeframes required by applicable law.

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption at rest, hashed passwords, role-based access controls, and row-level security policies on our database. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

9. International Data Transfers

Your information may be processed in countries other than the country in which you reside, including the United States. By using the Service, you consent to the transfer of your information to these countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers of personal data from the EEA/UK.

10. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected personal information from a child under 16, please contact us at support@desic.design and we will take steps to delete it.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA. To exercise your rights, contact us at support@desic.design.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Service. The “Effective” date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Desic Design LLC
California, United States
Email: support@desic.design