Privacy Policy

Effective date: March 4, 2026

Related policies:Terms of Service·Acceptable Use Policy

chessanalyses.com is a web-based chess analysis platform. This Privacy Policy explains what data we collect, how we use it, the legal basis for processing, and your rights regarding that data.

1. Data We Collect

Information you provide

  • Email address — used to create your account and send authentication magic links.
  • Chess platform usernames — your Lichess and/or Chess.com usernames, which you connect voluntarily to import games.

Information from third parties

  • Chess game data — games, moves, results, time controls, and ratings fetched from the Lichess and Chess.com APIs based on the usernames you provide.
  • Payment information — billing is handled entirely by Paddle (our Merchant of Record). We do not store your credit card number, billing address, or other payment details. We receive and store only your Paddle customer ID and subscription ID to manage your subscription status.

Information generated by the Service

  • Analysis data — Stockfish evaluations, centipawn loss metrics, blunder/mistake counts, phase-by-phase breakdowns, and coaching insights generated from your games.
  • Puzzle progress — your puzzle rating (Glicko-2), solve history, and spaced repetition schedules.
  • AI interactions — your conversations with the AI Chess Coach and AI Coach review outputs, stored to provide continuity and improve the Service.
  • Achievement & progress data — milestones, streaks, and performance trends.

2. Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Iceland, we process your personal data under the following lawful bases as defined by the GDPR:

  • Contract performance (Art. 6(1)(b)) — processing your email for account creation, managing your subscription, fetching game data you requested, and delivering the analysis service.
  • Legitimate interests (Art. 6(1)(f)) — improving the Service based on aggregate usage patterns, enforcing rate limits, detecting abuse, and maintaining platform security. We balance these interests against your rights and only process what is necessary.
  • Consent (Art. 6(1)(a)) — where you voluntarily connect your Lichess or Chess.com account, or where you choose to use AI features that send chess data to third-party AI providers. You may withdraw consent at any time by disconnecting your accounts or ceasing use of those features.
  • Legal obligation (Art. 6(1)(c)) — where we are required to retain or disclose data to comply with applicable law.

3. How We Use Your Data

  • Provide the Service — analyze your games, generate coaching insights, serve puzzles, power the AI Coach, and track your improvement over time.
  • Account management — authenticate you, manage your subscription, and communicate service-related updates.
  • Improve the Service — aggregate, anonymized usage patterns help us understand how features are used and where to invest development effort.
  • Security — detect and prevent abuse, enforce rate limits, and protect the platform.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Paddle — receives your email and payment information to process subscriptions and handle billing/taxes. Paddle acts as an independent data controller for payment data. See Paddle's Privacy Policy.
  • Lichess & Chess.com APIs — we send your chess platform usernames to fetch your game data. No other personal information is shared with these services.
  • AI/LLM providers — when you use the AI Coach or AI Coach, chess positions, move sequences, and evaluations are sent to our AI provider to generate responses. No personally identifiable information (email, name) is included in these requests.
  • Legal requirements — we may disclose data if required by law, court order, or governmental authority.

5. Cookies & Sessions

We use essential cookies only. Specifically:

  • Authentication session cookie — a JWT-based session token managed by NextAuth.js. This is strictly necessary to keep you signed in and does not require consent under the ePrivacy Directive.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. There are no third-party trackers embedded on the Service.

6. Data Retention

  • Your account data, game analyses, and puzzle progress are retained as long as your account is active.
  • If you downgrade from Pro to Free, all your data is preserved — you only lose access to Pro-only features.
  • If you request account deletion, we will delete your account and associated personal data within 30 days. Some anonymized, aggregated data may be retained for service improvement purposes.

7. Data Security

  • All data is transmitted over HTTPS(TLS encryption in transit).
  • Passwords, where applicable, are cryptographically hashed — never stored in plain text.
  • Production infrastructure is access-controlled and regularly maintained.
  • While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us at support@chessanalyses.com and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction (including under the GDPR, UK GDPR, and other applicable data protection laws), you may have the following rights:

  • Access (Art. 15) — request a copy of the personal data we hold about you.
  • Rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion of your account and personal data ("right to be forgotten").
  • Restriction (Art. 18) — request that we limit how we process your data in certain circumstances.
  • Data portability (Art. 20) — request an export of your data in a machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@chessanalyses.com. We will respond within 30 days (or as required by applicable law).

10. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a data protection supervisory authority. If you are in Iceland, you may contact the Icelandic Data Protection Authority (Persónuvernd). If you are in the EEA or UK, you may contact your local supervisory authority.

11. International Data Transfers

Your data may be processed in countries outside your country of residence, including countries where data protection laws may differ. Where we transfer data outside the EEA/UK, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions. By using the Service, you acknowledge these transfers. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service. The "Effective date" at the top of this page indicates when the policy was last revised.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

support@chessanalyses.com

Terms of Service·Acceptable Use Policy