Chessie Opening Trainer ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.
1. Information We Collect
1.1 Information You Provide
Account Data: When you create an account, we collect your email address and a unique user identifier (UID) via Firebase Authentication. You may also provide a display name.
User Content: We store chess opening repertoires, move trees, annotations, study notes, and training data that you create or import into the Service.
1.2 Information Collected Automatically
Usage Data: We collect information about how you interact with the Service, including training session counts, feature usage, AI token consumption, and performance metrics. This data is used to maintain system stability and improve the Service.
Device Data: We may collect device type, operating system version, and anonymized crash reports to diagnose technical issues.
1.3 Information from Third Parties
If you choose to synchronize your repertoire with Lichess or Chess.com, we access your game data through their public APIs solely for the purpose of importing your opening history. We do not store your credentials for these platforms.
2. How We Use Your Information
We use the collected information for the following purposes:
- Providing, maintaining, and improving the Service.
- Synchronizing your opening studies and training progress across your devices.
- Calculating training accuracy, progress statistics, and performance analytics.
- Delivering AI-powered opening suggestions, explanations, and coaching features.
- Communicating with you regarding account matters, support requests, and service updates.
- Detecting, preventing, and addressing technical issues, fraud, and abuse.
- Complying with legal obligations and enforcing our Terms of Service.
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:
- Contractual Necessity: Processing is necessary to perform our contract with you and provide the Service.
- Consent: We rely on your consent for certain processing activities, such as optional data sharing. You may withdraw your consent at any time.
- Legitimate Interests: We process certain data for our legitimate interests in improving the Service, ensuring security, and preventing abuse, provided such interests are not overridden by your rights.
- Legal Obligation: Processing may be necessary to comply with applicable laws and regulations.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data in the following circumstances:
- Service Providers: We engage trusted third-party service providers to assist in operating the Service, including Google Firebase for authentication and cloud data storage, and Google AdMob for non-personalized advertising in the free tier. These providers are contractually bound to protect your data.
- Legal Requirements: We may disclose information if required to do so by law or in response to valid legal requests by public authorities.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with notice provided to you.
- With Your Consent: We may share your information for any other purpose with your explicit consent.
4.1 Third-Party Services
- Google Firebase (Authentication & Firestore): Secure user authentication and encrypted cloud data persistence. Firebase Privacy Policy
- Google AdMob: Non-personalized advertisements are served to free-tier users. AdMob Privacy Policy
- Lichess & Chess.com APIs: Secure, read-only access to your public game data when you authorize account synchronization.
5. Data Retention
We retain your personal data for as long as your account remains active or as needed to provide you the Service. Specifically:
- Account Data: Retained until you delete your account or request removal.
- Usage Metrics and Training Data: Retained for the duration of account activity. Anonymized, aggregated data may be retained longer for analytical purposes.
- Backup Copies: Cloud backups are retained in accordance with Firebase's standard backup retention policies and are purged within 30 days of account deletion.
6. Your Rights and Choices
6.1 Access and Portability
You may access your personal data stored in the Service at any time through the application settings. You have the right to receive a copy of your data in a structured, commonly used, and machine-readable format.
6.2 Correction and Deletion
You may update or correct your account information through the app settings. You may delete your account and all associated data at any time via Settings > Account Management > Delete Account. For manual deletion requests, contact us at support@chessieapp.com.
6.3 Right to Object and Restrict Processing
You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also request restriction of processing in certain circumstances.
6.4 Withdrawing Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.5 Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we may address your concerns.
7. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption of data in transit using TLS 1.3 protocols.
- Encryption of data at rest using AES-256 encryption.
- Secure token-based authentication via Firebase Authentication.
- Regular security assessments and compliance with Google Play security best practices.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Children's Privacy
The Service is not directed to individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our cloud service providers operate. We ensure appropriate safeguards are in place through standard contractual clauses or other recognized transfer mechanisms to protect your data in accordance with applicable data protection laws.
10. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out: We do not sell your personal information, and we have no actual knowledge of selling personal information of minors under 16 years of age.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your CCPA rights, please contact us at support@chessieapp.com. We will verify your request using the information associated with your account.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, through in-app notifications or email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@chessieapp.com
Data Protection Officer: dpo@chessieapp.com
We will respond to your inquiry within 30 days.