Privacy

Last updated 30 June 2026.

Active Scene is a free discovery platform for social-dance events. We try to collect the least information we can get away with, and to be plain about what we do with it. We do not sell data, we do not show ads or run behavioural advertising trackers, and we do not share information with third parties for marketing. This page explains, in everyday language, what we collect, why, the lawful basis we rely on, who processes data on our behalf, how long we keep it, and the rights you have.

Two things in this notice are kept deliberately separate, because the law treats them differently. The first is data we collect from you as a visitor or as an organiser using our portal. The second is event information we gather from third-party public sources — organisers' own public websites and social pages. Where it matters, we say which of the two we mean.

1. What Active Scene is & who runs it

Active Scene (activescene.org) is a discovery platform for social-dance events — classes, socials, workshops, festivals and retreats. It is currently live in 14 countries: the United Kingdom, France, Germany, Hungary, Ireland, Italy, Japan, the Netherlands, Poland, Portugal, Spain, Switzerland, the United Arab Emirates and the United States. It is free for dancers, and free for organisers at the basic tier.

Listings reach the site two ways: (a) through an automated extraction pipeline that gathers event details from organisers' own public websites, Facebook pages and Instagram; and (b) from organisers who claim and self-manage their listing through the portal. We explain how each of these affects data later on.

The site is operated by Troc Studio Ltd(a company registered in England & Wales, company number 17244336), the "data controller" for the purposes of UK and EU data protection law. Our registered office is 45 Albemarle Street, 3rd Floor, Mayfair, London W1S 4JL, United Kingdom. We are registered with the UK Information Commissioner's Office (ICO) as a data controller under registration number ZC157512.

We are the data controller for the personal data described in this notice. We have not appointed a Data Protection Officer, as we are not required to at our size. For any privacy or legal question, email support@activescene.org.

2. What data we collect, why, and our lawful basis

Below is everything we collect from you, the purpose, and the lawful basis we rely on under UK GDPR (and EU GDPR for visitors in the EU). Cookies are summarised here; the full table is in our Cookie Policy.

Cookies and similar storage

  • as_did — an anonymous device ID used for first-party analytics (1 year). Lawful basis: legitimate interests (understanding how the site is used), set after you have acknowledged the cookie notice.
  • as_loc — your saved location preference, so we can show events near you without asking again (1 year). Lawful basis: legitimate interests / functional.
  • as_country — your saved country filter (1 year). Lawful basis: legitimate interests / functional.
  • as_cookie_consent — records your consent / acknowledgement state (1 year). Lawful basis: strictly necessary.
  • as_sid / as_sid_ts — a short-lived analytics session identifier and its timestamp. Lawful basis: legitimate interests.
  • as_geo — a cached approximategeo result so we don't recompute it on every request. Lawful basis: legitimate interests / functional.
  • Supabase sb-* cookies — set only if you sign in to a dancer account (/account) or the organiser portal (/portal); they keep you logged in (session, up to 7 days). Lawful basis: strictly necessary for the authentication you asked for.

You can delete any of these in your browser at any time; the site will keep working, though saved preferences will reset.

Account sign-in (dancers and organisers)

Active Scene has two kinds of account: a dancer account (at /account) for saving events, following organisers and receiving a weekly digest, and an organiser account (the portal at /portal) for organisers who claim and self-manage their listing. Both use the same sign-in options:

  • Continue with Google— you authenticate with Google and Google passes us your email address and a stable identifier. Google's own data handling is governed by its privacy policy.
  • Continue with Apple — you authenticate with Apple and Apple passes us either your real email address or, if you choose, a private relay address (e.g. xyz@privaterelay.appleid.com) that forwards mail to your real inbox while you keep forwarding enabled. We treat the relay address as your email and do not ask for or store a "real" one separately. Apple only shares your email on the firstsign-in; on subsequent sign-ins we identify you by a stable Apple identifier and never overwrite the email we already have. Apple's own data handling is governed by its privacy policy.
  • Continue with email— you give us an email address and we send a one-time sign-in link rather than asking for a password (sometimes called a "magic link"). We store the email address tied to your account.

In every case we store the email address (or Apple relay address) and a stable identifier issued by the sign-in provider, so we can recognise you on subsequent visits. Lawful basis: performance of a contract (providing the account you signed up for) and, where relevant, legitimate interests in keeping the account secure. We use that address only to operate your account and to send transactional and (if you opt in) digest emails — never for third-party marketing.

We do not currently link accounts across providers. If you sign in with Google and later sign in with Apple under what is effectively the same email, our system treats those as two separate accounts. To keep your saved events and follows in one place, sign in with the same provider you used originally. We may add account-linking later and will update this notice if we do.

Suggestion-form submissions

If you use the Suggest a source form, we store the text you submit so we can review it. If you choose to include your email so we can follow up, we store that too. Lawful basis for storing your email: consent (you only give it if you want a reply). Providing an email is optional.

Account data: saved events, follows and engagement

If you have a dancer account, we store the events you save, the organisers / venues / styles / cities you follow, and your dance-profile preferences (role, styles you dance and are curious about, home country and city, travel radius, event-type preferences, weekday-or-weekend availability). These are visible only to you and are stored against your account in our database. Lawful basis: performance of a contract (the personalisation you signed up for).

We also log lightweight engagement events tied to your account — sign-ups, sign-ins, follows / unfollows, saves / unsaves and digest opens — so we can understand how the personalisation features are working and improve them. Lawful basis: legitimate interests (measuring and improving the service you use). The email address in these engagement logs is stored as a one-way hash, not in clear text.

If you also generate a personal calendar feed (so your saved events appear in Apple Calendar, Google Calendar, etc.), we store a random token tied to your account so the feed URL can identify you without requiring a password. The feed itself contains only events you have saved or events from organisers you follow. You can rotate or revoke that token from your account settings at any time.

Weekly digest and follow notifications

If you opt in, we send a weekly digest email of upcoming events near you and from organisers you follow, and (in some cases) a notification when an organiser you follow adds new events. You can opt in or out at any time from your account settings, and every digest carries a one-click unsubscribe link. Lawful basis: consent, which you can withdraw at any time. We do not send any other marketing. We do not sell, rent or share the digest list with anyone.

Page-view and search-log analytics

For each page you view we log aggregated, first-party analytics: the path you visited, the page that referred you (for example Instagram or Google), your device type (mobile / tablet / desktop), browser and operating system, your approximate location (see below) and the search terms used on the site. Lawful basis: legitimate interests — understanding how the site is used and which areas need better coverage. This data is not linked to your name, email or account.

Google Analytics

In addition to our first-party analytics, we use Google Analytics 4 to understand site usage — pages visited, referring source, device type and approximate (coarse, city-level) location. It is privacy-tuned: we have turned off Google Signals (no cross-device tracking or advertising audiences), it is not used for ad personalisation or remarketing, and GA4 does not store your IP address (it uses it only in the moment to estimate coarse location, then discards it). Lawful basis: consent — it runs only after you accept our cookie banner, and sets its cookies only then. Before consent, and if you decline, it operates in cookielessmode via Google Consent Mode, sending only anonymous aggregate measurement with no cookies stored. We set Google's retention for this analytics data to a maximum of 14 months, after which Google deletes the user-level and event-level records. See the Cookie Policy for the specific cookies.

Approximate location from IP

We derive an approximate location (country, region and city) from your IP address to default the right country and show nearby events. We do not determine precise location, and we do not store the IP address itself — it is used in the moment and discarded. Lawful basis: legitimate interests.

Teacher profiles — your teaching address

If you list yourself as a dance teacher, we ask for your full teaching address (including postcode). We use this for one purpose only: to calculate the distancebetween you and dancers searching nearby, so you appear in their “near me” results. Your full address and full postcode are never shown publicly, never shared with other users, and never sent to a visitor’s browser. The public only ever sees your town/area, region, the outward part of your postcode(e.g. “SW1A”), and an approximate map point (~1 km) — and a distance rounded to the nearest mile. Lawful basis: consent(you choose to list); purpose limited to proximity matching (UK/EU GDPR data minimisation & purpose limitation).

Crash and error logs

When something breaks, our systems record technical error and crash information so we can diagnose and fix it. These logs may incidentally include technical request details. Lawful basis: legitimate interests (keeping the service working and secure).

Advertising measurement

We use Google Ads' tag to measure our own ads — which ads bring dancers to Active Scene. It runs only if you accept our cookie banner, for measurement only (no personalised ads or remarketing), and we never show ads on the site.

3. Data we do NOT collect

This is the part most sites bury. We want it up front:

  • No Meta / Facebook Pixel.
  • No ad targeting or behavioural profiling. We do use consent-gated Google Analytics and a Google Ads tag, but both are measurement only — Google Signals is off, with no remarketing and no personalised ads. Alongside them we run our own first-party analytics.
  • No selling of data. We do not sell, rent or trade personal data to anyone, ever.
  • No data-broker enrichment and no cross-site behavioural profiling.

4. Sharing & processors (sub-processors)

We do not sell or share your data for marketing. We do use a small number of trusted service providers ("processors") to run the platform. Each only processes data on our instructions and for the purpose stated:

  • Vercel — hosting and content-delivery (CDN). US-based with EU serving regions. Transfer mechanism: EU–US / UK Data Privacy Framework (DPF-certified).
  • Supabase — database and authentication. Our database is hosted in the UK (London region, eu-west-2), so the data we store is held in the United Kingdom. Supabase Inc. is a US company and is DPF-certified for any support access from the US.
  • Anthropic (Claude) — large-language-model extraction of event details from public organiser content only. No user personal data is sent to the LLM. US-based, relying on the EU–US Data Privacy Framework and Standard Contractual Clauses.
  • Resend — transactional email (organiser and claim notifications) and the weekly digest. US/EU. DPF-certified.
  • Google LLC— "Continue with Google" sign-in. When you choose to sign in with Google, Google authenticates you and shares your email address and a stable identifier with us. Google is US-based and DPF-certified. We receive no other Google profile data unless you grant it.
  • Google LLC (Google Analytics & Google Ads) — consent-gated, measurement-only analytics and ad measurement. These run only after you accept our cookie banner; Google Signals is off and the data is not used for ad personalisation or remarketing. Google is US-based and DPF-certified.
  • Apple Inc.— "Continue with Apple" sign-in. When you choose to sign in with Apple, Apple authenticates you and shares either your real email address or a private relay address with us, plus a stable identifier. Apple is US-based and DPF-certified. Email is shared only on the first sign-in.

We may also disclose information if we are legally required to (for example a valid court order), or to protect the safety and security of the service and its users.

5. Cross-border transfers

Some of our processors are based in, or may process data in, the United States. Where that happens we rely on a recognised safeguard rather than treating the transfer as routine:

  • Our database is in the UK. The Supabase database where we store account, organiser and analytics data is hosted in the London region (eu-west-2), so the personal data we hold is stored in the United Kingdom — not transferred abroad to be kept.
  • Our application functions run in the United States. The Vercel serverless functions that power the site execute in Vercel's US East region, so personal data is processed in the US while we handle your requests, even though it is stored in the UK. Vercel is certified under the EU–US Data Privacy Framework and its UK extension (the "UK Data Bridge"), backed by Standard Contractual Clauses.
  • Email and AI providers. Resend (transactional email) is DPF-certified. Supabase Inc., as a US company, is also DPF-certified for any support access to our UK-hosted database. Anthropic (Claude) processes only public, non-personal organiser content for event extraction, relying on the EU–US Data Privacy Framework and Standard Contractual Clauses.
  • Google (Analytics, Ads and sign-in). Google LLC is US-based and certified under the EU–US Data Privacy Framework and its UK extension. The consent-gated, measurement-only Google Analytics and Google Ads tags send anonymous usage measurement to Google in the US once you accept the cookie banner.

In day-to-day use, the data we store — including visitor analytics — lives in our UK-based Supabase database, while the site itself is served and processed through Vercel's US East functions and global edge network.

6. How long we keep data (retention)

  • Cookies — no longer than their stated lifetime, which is at most 1 year (session cookies are shorter).
  • Search and page-view logs — currently kept for roughly 90 days (this period is under review and may be shortened).
  • Dancer and organiser accounts — kept while the account is active. If you ask us to delete it, we remove the account (along with your saved events, follows, dance-profile preferences and any calendar feed token) and retain only the minimum needed for legal/record purposes for up to 12 months after the deletion request, then erase it.
  • Engagement events tied to your account (sign-ups, sign-ins, follows, saves, digest opens) — retained for up to 24 months so we can measure trends, then either deleted or aggregated into non-identifying counts.
  • Weekly digest opt-in— kept until you unsubscribe; the unsubscribe is recorded so we don't email you again. The opt-out record itself is retained indefinitely as evidence of compliance with your withdrawal of consent.
  • Suggestion-form submissions — kept until reviewed, then for around 12 months, after which they are deleted.

7. Your rights

Under UK GDPR (and EU GDPR if you are in the EU) you have the following rights over your personal data:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct data that is wrong or incomplete.
  • Erasure— ask us to delete your data ("right to be forgotten"), subject to any legal retention.
  • Restriction — ask us to limit how we use your data.
  • Portability — ask for your data in a portable format where applicable.
  • Objection — object to processing we carry out on the basis of legitimate interests.
  • Withdraw consent — where we rely on consent (for example a future newsletter, or the email on a suggestion), withdraw it at any time. Withdrawing consent does not affect processing already carried out.

Because most visitor data is not tied to your name, email or account, there is often nothing personally identifiable to you for us to find or delete. Where there is — for example a portal account — email support@activescene.org and we will respond within the statutory time limit (one month).

If you are an organiser and want a listing about your organisation corrected or removed, please see our content & copyright page as well.

You also have the right to complain to a supervisory authority. In the UK that is the Information Commissioner's Office (ICO), where we are registered as a data controller under registration number ZC157512. You can contact the ICO at ico.org.uk/make-a-complaint. If you are in the EU, you may instead complain to the data protection authority in your own country. We would, of course, prefer you raise it with us first so we can put things right.

8. Children

Active Scene is intended for an adult audience and is not directed at children under 16. In the UK, 16 is the age at which a person can consent to their data being processed by an online service. Some events are family-friendly (we tag them) and some are 18+; that tagging describes the event, not our data practices. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

9. AI & automated processing

We use Anthropic's Claude model as part of an automated pipeline that extracts event details— dates, venues, prices, dance styles and so on — from organisers' own public websites and social pages. This is the "data collected from third parties" described at the top of this notice, and it is what populates much of the directory.

No user personal data is sent to the LLM. The model only ever sees public organiser content, never visitor analytics, account details, IP addresses or suggestion submissions.

We do not use this processing to make automated decisions that produce legal or similarly significant effects about you. If you are an organiser and want event information about you corrected or removed from the directory, contact us and we will act on it.

10. Changes to this policy

We'll update the "Last updated" date at the top of this page whenever this notice changes. Material changes will also be noted in the cookie banner the next time you visit.

11. Contact & complaints

For any privacy question, request or complaint, email support@activescene.org. You can also write to us at: Troc Studio Ltd, 45 Albemarle Street, 3rd Floor, Mayfair, London W1S 4JL, United Kingdom.

If we cannot resolve your concern, you have the right to complain to the ICO (UK) at ico.org.uk/make-a-complaint or, if you are in the EU, to your national data protection authority.

This policy is governed by the laws of England & Wales.

See also our Cookie Policy, our Terms of use and our content & copyright page.