🎟 Tickets now on sale!See all β†’
Rapid's End ImprovRapid's End
Improv

Trust & Privacy

This page is maintained by the Rapid's End Improv team to answer common questions about how this website handles your data and account. It describes the controls currently enabled on the site β€” it is not an independent certification or audit.

What this site collects

Public pages (shows, cast, troupes, partners) do not require an account. We collect personal data only when you choose to give it to us:

  • Newsletter sign-up β€” your email address.
  • Get Involved contact form β€” the name, email, and message you submit.
  • Members area β€” the email and password (or Google account) you use to sign in.

Accounts and authentication

Sign-in is handled by our backend provider. Passwords are stored as salted hashes by that provider β€” the Rapid's End team never sees your password. Google sign-in uses standard OAuth; we only receive the basic profile information Google returns.

Access to the members-only area, including announcements, gallery, and admin tools, is gated behind sign-in and role checks enforced on the server.

How your data is protected

Data is stored in a managed Postgres database with row-level security enabled. Sensitive fields on the team roster β€” such as member email addresses and account identifiers β€” are not exposed to public visitors; only display fields (name, role, photo, public links) are readable without signing in.

Connections to the site and to the backend use HTTPS. Uploaded images for shows, the gallery, and team photos are served from private storage buckets via short-lived signed URLs.

Third-party services

We rely on a small number of third parties to run the site:

  • Hosting, database, authentication, and file storage (Lovable Cloud).
  • Outbound email for newsletters and contact-form replies (Google Mail API).
  • Instagram Graph API to display our latest posts on the About page.
  • YouTube for embedded troupe videos.

These providers process data on our behalf according to their own terms. We do not sell your information.

Cookies and analytics

The site uses cookies and local storage that are strictly necessary for sign-in sessions to work. We do not run third-party advertising trackers on this site.

Retention and deletion

Newsletter subscribers can unsubscribe at any time using the link in any newsletter email, which removes their address from future sends. If you'd like your account, contact-form message, or any other personal data removed, email us using the contact details on the Get Involved page and we'll handle it.

Reporting a security issue

If you believe you've found a security vulnerability on this website, please contact us through the Get Involved page and include "Security" in your message so we can route it quickly. Please give us a reasonable chance to investigate and fix the issue before sharing it publicly.

Updates to this page

We update this page as the site changes. It reflects current practices and should not be read as a legal contract or a formal certification.