Privacy Policy

1. Information We Collect

Account Information

• Email address (required for registration)
• Password (stored as a BCrypt hash, never in plain text)
• Chess platform usernames you voluntarily link (Chess.com, Lichess, FIDE ID)

Usage Data

• Hunting analyses performed (player pairs, timestamps)
• Subscription tier and billing history (managed by Stripe)
• IP addresses for security and rate limiting purposes

Chess Data

We fetch publicly available game histories and ratings from Chess.com, Lichess, and FIDE. This data is publicly accessible on those platforms and is not considered private information.

2. How We Use Your Information

• To provide and improve the hunting analysis service
• To manage your account and subscription
• To enforce usage quotas and rate limits
• To send transactional emails (verification, password reset, billing)
• To detect and prevent abuse, fraud, and security threats
• To generate aggregated, anonymized usage analytics

3. Cookies & Local Storage

We use the following cookies:

• accessToken: JWT authentication token. Essential for maintaining your login session. Expires after 15 minutes.
• refreshToken: Used to renew your session without re-entering credentials. Expires after 7 days.
• cookieConsent: Stores your cookie preference. Persists for 1 year.

We do not use third-party tracking cookies. No data is shared with advertising networks.

4. Data Sharing

We share your information only with:

• Stripe: Payment processing. Stripe handles all payment card information directly; we never see or store your card details. See Stripe's Privacy Policy.
• SendGrid: Transactional email delivery (verification, password reset).
• OpenAI: Analysis enrichment. We send anonymized chess game data (no personal identifiers) for strategic recommendations.

We do not sell your personal data to third parties.

5. Data Retention

• Account data is retained while your account is active.
• Hunting analysis results are cached for 24 hours, then automatically deleted.
• Webhook event logs are retained for 90 days for audit purposes.
• Upon account deletion, your personal data is permanently removed within 30 days.

6. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), BCrypt password hashing, JWT token authentication with short expiry, rate limiting, and brute-force protection. Our infrastructure runs on isolated Docker networks with database access restricted to internal services only.

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information via your profile settings.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.

To exercise these rights, contact us at chesshunterapp@outlook.com. We will respond within 30 days.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will promptly delete the data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice on the Service. Your continued use after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at chesshunterapp@outlook.com.