Privacy Policy + Cookie & Analytics Disclosure

This policy applies to visitors and users of chesterchess.com, including free and paid users.

We try to collect the minimum needed to run the site.

A. Information you provide

• Account info (e.g., email address, login credentials or auth tokens depending on login method).
• Support messages you send to us (content of your message and contact details you include).

B. Information collected automatically

• Basic usage and device data: pages/screens visited, approximate location (inferred from IP), device/browser type, timestamps, and performance data.
• Log and security data: IP address, login events, and actions used to detect abuse, prevent fraud, and keep accounts secure.
• Game/app data: gameplay-related data you generate in the app (for example, preferences, settings, and features you use). (We do not intentionally collect sensitive personal data.)

C. Payments

Payments are handled by Stripe. We do not store your full payment card number. Stripe may process:

• Payment details (card/bank info)
• Billing contact info
• Transaction identifiers and receipts

We may receive limited information from Stripe such as your customer ID, subscription status, payment status, and the last four digits of a payment method (depending on Stripe settings).

We use information to:

• Provide the service (create accounts, log you in, deliver paid features, and run the chess app).
• Process payments and manage subscriptions (via Stripe).
• Keep the site safe (fraud prevention, account security, abuse detection, rate limiting, and debugging).
• Understand and improve performance (analytics and performance monitoring, ideally in an aggregated way).
• Provide support (respond to messages and troubleshoot issues).

We do not sell your personal information.

chesterchess.com relies on a few third-party providers to operate:

Supabase

Used for authentication, user accounts, emails, and application logs/database storage.

Stripe

Used for payments, billing, and subscription management.

Analytics / performance tools

We may use Google Analytics and/or other privacy-respecting analytics providers to understand traffic and improve reliability and performance.

These providers process data under their own privacy policies and terms. We choose reputable vendors and try to keep data shared with them limited to what's necessary.

We use cookies and/or local storage for three main reasons:

A. Essential (required)

These help the site function and stay secure:

• Login/session management
• Account security features
• Preventing fraud and abuse

Without these, the site may not work correctly.

B. Preferences

These remember settings like UI preferences (where applicable).

C. Analytics & performance

Analytics cookies (or similar technologies) may be used to measure traffic and understand how the site is used (e.g., which pages/features are popular, load times, error rates).

Your choices

• Most browsers let you block or delete cookies in settings. If you disable essential cookies/storage, login and paid features may break.
• If we use Google Analytics, you can opt out using the Google Analytics Opt-out Browser Add-on, and/or browser controls (block third-party cookies, clear cookies, use tracking protection).
• You can also reduce tracking by using privacy-focused browsers/extensions and enabling “Do Not Track” (note: not all services honor it consistently).

If you're in the EU/EEA/UK, we generally rely on:

• Contract / performance of a service: to provide your account and paid features.
• Legitimate interests: to keep the site secure, prevent fraud, debug issues, and improve the product.
• Consent: where required for non-essential cookies/analytics (depending on your location and configuration).

We share data only as needed:

• With Supabase (hosting/auth/database/logs)
• With Stripe (payments/subscriptions)
• With analytics/performance providers (site usage and performance data)
• If required by law, legal process, or to protect rights/safety (e.g., fraud or abuse investigations)

We do not sell your personal information.

We keep data only as long as necessary:

• Account data: retained while your account is active. If you delete your account, we delete or de-identify account data within a reasonable period, unless we must keep some data for legal, security, or accounting reasons.
• Logs and security events: retained for a limited period for security and troubleshooting, then deleted or anonymized.
• Payment records: Stripe and/or we may retain transaction records as required for tax/accounting and chargeback handling.

If you want deletion sooner, contact us (see “Contact” below) and we'll do what's feasible while keeping required records.

We use reasonable safeguards appropriate for a small web app (encryption in transit, access controls, and reputable vendors). But no system is perfect: we can't guarantee absolute security. You're responsible for keeping your password and devices secure, and for using strong, unique passwords.

Our vendors may process data on servers outside your country (including the United States). Where applicable (e.g., EU/UK), vendors generally use recognized transfer mechanisms such as standard contractual clauses or similar safeguards.

Depending on where you live, you may have some or all of the following rights:

• Access: request a copy of the personal data we have about you.
• Correction: request fixes to inaccurate data.
• Deletion: request deletion of your account and associated personal data (subject to retention limits above).
• Objection / restriction: object to or request limits on certain processing in some cases.
• Portability: request export of certain data in a portable format (where applicable).
• Withdraw consent: if we rely on consent (e.g., certain analytics), you can withdraw it by changing settings or blocking cookies.

To exercise rights, contact us (below). We may need to verify your identity to protect your account.

If you are a California resident, you may have rights to:

• Know what personal information is collected, used, and shared.
• Request deletion of personal information (with legal exceptions).
• Opt out of the “sale” or “sharing” of personal information.

We do not sell your personal information and do not knowingly “share” it for cross-context behavioral advertising in the typical sense. If we ever change that, we will update this policy and provide required opt-outs.

chesterchess.com is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us and we'll take appropriate action.

We may update this policy as the app evolves (for example, if we add new analytics tools or features). When we make changes, we'll update the “Effective date” at the top. Significant changes may also be communicated in-app or via email for account holders when reasonable.

For privacy requests or questions, contact: