Privacy Policy

Last updated: June 13, 2026

ChessCoach is built privacy-first: the analysis engine runs on your own device, we use only privacy-respecting analytics — on the website with your consent, and inside the extension as minimal first-party product telemetry — and we never sell your data or use ad trackers. This page explains exactly what we collect, why, and your rights.

1. Who we are

ChessCoach (“we”, “us”) is a Chrome extension and website that analyses your chess games and coaches you in plain words. The service is operated from Argentina. Contact: iefym@getchesscoach.com. This policy is publicly accessible without an account.

2. What data we collect

• Email address — only if you sign in. We use a one-time code (“magic code”) instead of passwords.
• Authentication & licence data — a sign-in token, your licence/subscription status, and a random device identifier not linked to your identity.
• Activity sent for AI answers — when you ask the coach a question, the current board position (FEN), the relevant moves and your question pass through our backend to the AI provider to generate a reply. This content is processed in transit and not stored.
• Anonymous usage counters — e.g. number of requests, to enforce fair-use limits. No content, no games.
• Website analytics (consent only) — if you accept the cookie banner, we record anonymous page views and product events (e.g. which call-to-action you clicked) tied to a random identifier, not to your name. Decline and we record nothing. See §7.
• Extension product telemetry — first-party events about how the product is used (e.g. the panel was opened, a diagnosis was shown, a training action was taken, a review was opened, the trial was used, a paywall was shown, a purchase happened). These are tied to the anonymous device identifier and never include your games, positions, questions, email or chess nicknames. Once you sign in, we associate these usage events with your account so we can measure aggregate product analytics — feature usage, retention and cohorts (how groups of users return over time), and engagement depth — to understand what helps players improve and to improve the product. See §7.

We do not collect your browsing history, and we do not read any web page other than the chess board on chess.com / lichess.org.

3. How we use the data

• Email & auth token — to sign you in and keep you signed in.
• Licence status & device id — to unlock paid features for your purchase.
• FEN / moves / question — to generate the AI coaching answer you requested (transit only).
• Usage counters — to apply free-tier and fair-use limits and prevent abuse.

4. Limited use

Our use of data received through the extension complies with the Chrome Web Store Limited Use policy. We use the data only to provide and improve the user-facing features described above. We do not sell it, transfer it to data brokers, use it for advertising, ad personalisation, credit scoring, or any purpose unrelated to ChessCoach.

5. Browser permissions

• sidePanel — to show the coach panel beside the board.
• storage — to keep your settings, profile, training progress and licence locally in the browser.
• scripting & tabs, and host access to chess.com / lichess.org — to read the position from the board on the page you are actively viewing. We do not read other sites.
• Network access to api.getchesscoach.com (our backend) and the Lichess opening database — for AI answers, sign-in/licence checks and opening statistics.

6. Third-party services

We share the minimum necessary with the following processors:

• Anthropic and/or OpenAI — generate AI coaching answers (receive the FEN, moves and question; no identity).
• Dodo Payments — our payment processor and Merchant of Record; they handle billing and card data (we never see your card). See their privacy policy at dodopayments.com.
• Resend — sends our email: sign-in codes (transactional) and, separately, re-engagement/lifecycle emails to registered users (marketing). See §8.
• Cloudflare — runs our backend and hosts this site.
• Lichess / chess.com — public APIs queried by your nickname; this is the same data anyone can see on your public profile, fetched straight to your browser.

7. Analytics & cookies

We run our own lightweight, privacy-respecting analytics on Cloudflare — no Google Analytics, no advertising or cross-site tracking, and we never sell or share analytics data.

• What we track — anonymous page views and product events (which page was viewed, which call-to-action was clicked) on the website; and first-party product events in the extension (e.g. panel opened, diagnosis shown, email entered, training action, review opened, trial used, paywall shown, purchase, in-app message shown/clicked).
• What we never put in analytics — your name, chess nicknames, games, board positions or coaching questions.
• Per-account product analytics — for signed-in users we link extension usage events to your account in order to compute aggregate metrics: feature usage, retention and cohort analysis (whether groups of users come back over days and weeks), and engagement depth (how much someone uses the product before subscribing). We use this to operate, measure and improve ChessCoach — not for advertising, profiling for ads, or sale.
• Identifiers — website events are tied to a random local-storage value, not your identity. Extension events are tied to a random device id; after you sign in they are also associated with your account so the metrics above can be calculated.
• IP addresses — truncated/anonymised before storage and never used to identify you.
• Consent — on the website, analytics load and send nothing until you opt in via the cookie banner; if you decline, we do not track you. Extension telemetry is minimal first-party product data necessary to operate and improve the product.
• Retention — analytics events are kept for no more than 12 months, then deleted or aggregated.
• Right to deletion — you can ask us to delete analytics data associated with your identifiers at any time (see §12 and §14).

8. Email & marketing communications

We send two distinct kinds of email, from two separate senders so they never affect each other:

• Transactional email — your sign-in code, sent from login@getchesscoach.com. This is required to operate your account and contains no marketing. It is not something you can unsubscribe from while you have an account, because it is how you sign in.
• Marketing email (re-engagement & lifecycle) — occasional emails to registered users that help you get back into the extension and get more out of ChessCoach (e.g. tips, reminders if you have been away, new-feature notes). These are sent from a separate marketing subdomain, news.getchesscoach.com.

Legal basis. We send marketing email on the basis of the consent you give when you register and/or our legitimate interest in re-engaging existing users of our own similar product, as permitted by applicable law (for some EU/UK users this is the “soft opt-in” for existing customers). You can object or withdraw consent at any time, with no effect on transactional email.

Unsubscribe. Every marketing email contains a visible one-click unsubscribe link, and we honour standard list-unsubscribe headers, so your email client’s “unsubscribe” button works too. You can also unsubscribe at any time via our unsubscribe page or by emailing iefym@getchesscoach.com. Unsubscribing stops marketing email only; you still receive sign-in codes.

Suppression. When an address unsubscribes, hard-bounces, or reports a message as spam, we add it to a suppression list and stop sending marketing email to it. We store only a one-way hash of suppressed addresses for this purpose, so we can avoid emailing you again without keeping your address in a marketing list.

9. Data retention

FEN/move/question content is not stored (transit only). Analytics events are kept for at most 12 months (see §7). Your email, licence status and usage counters are kept while your account is active and deleted within 30 days of an account-deletion request. Email-suppression entries (a hashed address) are kept for as long as needed to keep honouring your unsubscribe/bounce. Standard infrastructure logs follow Cloudflare’s default retention.

10. Security

All traffic uses HTTPS. Our backend does not persist the content of AI requests. Local data lives in your browser’s extension storage and is removed when you uninstall.

11. Legal basis (GDPR)

• Providing the service, sign-in and subscription — performance of a contract (Art. 6(1)(b)).
• Website analytics cookies/events — your consent (Art. 6(1)(a)); you may withdraw it at any time.
• Marketing email — your consent (Art. 6(1)(a)) and/or legitimate interests in re-engaging existing users (Art. 6(1)(f)); you may opt out at any time (see §8).
• Abuse prevention, fair-use limits, security, per-account product analytics, suppression-list maintenance and other first-party product telemetry — legitimate interests (Art. 6(1)(f)).

Some processors (Anthropic, OpenAI, Resend, Cloudflare) are based in the United States. Where personal data is transferred there, we rely on the EU Standard Contractual Clauses.

12. Your rights

If you are in the EU/EEA or UK you have the right to access, rectify, erase, restrict or port your data, to object to processing (including a right to object to direct marketing at any time), and to lodge a complaint with your supervisory authority. To stop marketing email, use the unsubscribe link in any marketing message or our unsubscribe page. For anything else, email iefym@getchesscoach.com and we will respond within 30 days. California residents have equivalent rights under the CCPA, including the right to opt out of marketing; note that we do not sell personal information.

13. Children

ChessCoach is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect their data; if you believe a child has provided data, contact us and we will delete it.

14. Data deletion

Uninstalling the extension removes all local data. To delete licence/account records and any associated analytics events from our backend, email iefym@getchesscoach.com from your account email. You can also withdraw website-analytics consent at any time by declining the cookie banner or clearing site data, and unsubscribe from marketing email via any marketing message or our unsubscribe page.

15. Changes

We may update this policy; the “last updated” date will change and, for material changes, we will notify you by email or in the extension.

16. Contact

ChessCoach · Argentina · iefym@getchesscoach.com

This policy describes our actual practices in good faith. It is not legal advice.