Storage Options

Cloud, local folder, and encrypted storage providers

Chess.ceo offers three storage providers for your PGN files. Each has different strengths, and you can use any combination — for example, cloud storage for games you want to share, encrypted storage for private preparation, and a local folder for your existing PGN library.

Server Infrastructure

Before diving into storage options, a note on reliability and privacy: Chess.ceo runs on dedicated servers in Hetzner's German data centers. All data is backed up daily with automated snapshots, and backups are retained for rolling recovery. The servers are maintained and monitored around the clock. Your games are safe.

Chess.ceo staff does not access, read, or review your stored PGN files — whether cloud or encrypted. Your games are your private data. With encrypted storage, this is enforced cryptographically (we literally cannot read them), but even with regular cloud storage, your files are treated as private and are never accessed by anyone.

Cloud Storage

Cloud storage is the default option for registered users. Your PGN files are stored on the Chess.ceo server, accessible from any device where you log in.

Why use Cloud Storage?

Access anywhere — log in from any browser on any device and all your files are there.
Sharing — share PGN files with other users. This is the only storage option that supports sharing.
Server-side position search — search across all your cloud games by position, powered by the server's database. Fast and comprehensive.
Version history — the server tracks changes, so you can recover from accidental edits.
Automatic sync — if you also use a local folder, cloud storage syncs with it automatically. Games added locally appear in the cloud and vice versa.

Best for: Most users. If you want a simple, reliable setup where your games are always available and you can share files with others, cloud storage is the way to go.

Local Folder

Local storage keeps your PGN files on your disk instead of uploading them to any server. In the Electron app, Chess.ceo manages its own storage directories automatically. On Linux this lives under ~/.local/share/chess-ceo/. On Windows this lives under %LOCALAPPDATA%\chess-ceo\, with settings in %APPDATA%\chess-ceo\settings.json.

Why use Local Folder?

Full control — your files are regular .pgn files on your hard drive. Open them in any chess software, back them up however you like, organize them in folders.
No upload — nothing leaves your computer. Ideal for users who already have a PGN library and want to use Chess.ceo as their analysis tool without migrating files.
Instant position search — Chess.ceo builds a local hash index for your files, enabling lightning-fast position searches without any network round-trip.
Sync with cloud — optionally pair with cloud storage for the best of both worlds. Chess.ceo matches files automatically and merges changes in both directions.
Works offline — once your files are indexed, you can analyze and search entirely offline.

Chess.ceo creates cache and index files automatically for faster loading and position search. In the Electron app these live inside the managed app data directory.

Best for: Users who already have a PGN file collection, want to keep files on their own disk, or need offline access. Pairs well with cloud storage for cross-device sync.

Encrypted Storage

Encrypted storage is for users who want the convenience of cloud storage with the guarantee that nobody — not even Chess.ceo — can read their games. Every piece of data is encrypted in your browser before it ever leaves your device.

Why use Encrypted Storage?

True privacy — your games, file names, and metadata are encrypted client-side. The server stores only opaque ciphertext.
Opening preparation — if you're preparing against specific opponents and don't want anyone to see your analysis, encrypted storage ensures your preparation remains private.
Position search still works — even though everything is encrypted, you can still search by position. Chess.ceo uses a blind index system (explained below) that lets the server find matching games without ever seeing the positions.
Access from any device — like cloud storage, your encrypted vault is available wherever you log in. Just enter your encryption password to unlock.

How the Encryption Works

This isn't "trust us, it's encrypted" — the cryptography is fully client-side using standard Web Crypto APIs built into your browser. Here's exactly what happens:

You set a password at setup. This password never leaves your browser.
Your password is run through PBKDF2 with 600,000 iterations to derive a wrapping key. This makes brute-force attacks extremely slow.
A random master key (AES-256) is generated in your browser and wrapped (encrypted) with your password-derived key using AES-KW (Key Wrap). Only the wrapped version is stored on the server — the raw master key never leaves your browser.
From the master key, two sub-keys are derived using HKDF-SHA256 with distinct context labels:
- HKDF("pgn-encryption") → an encryption key (AES-256-GCM) for encrypting your games and metadata
- HKDF("position-search") → a search key (HMAC-SHA256) for generating blind index tokens for position search
Each game is individually encrypted with its own random 96-bit nonce (IV). AES-GCM provides both confidentiality and integrity — any tampering with the ciphertext is detected on decryption. No two games share cryptographic material.

How Encrypted Position Search Works

Position search on encrypted games uses a technique called blind indexing, and all of this happens entirely in your browser — no position data is ever sent to the server in any readable form.

When you save a game, your browser computes a hash for every position in the game, then runs each hash through HMAC-SHA256 using your search key (derived from your master key via HKDF) to produce a truncated 16-byte token. These tokens are uploaded alongside the encrypted game data. The server stores the tokens but has no way to reverse them back into positions — HMAC is a one-way function.

When you search for a position, the same process runs locally in your browser: hash the target position, HMAC it with your search key, send the resulting token to the server. The server compares tokens and returns matching game IDs. Your browser then fetches and decrypts those games client-side. At no point does the server learn what position you searched for or what the matching games contain.

What the Server Sees

To be explicit about what is and isn't visible to the server:

Data	Server sees?
Your encryption password	Never — it stays in your browser
Your master key	Only the wrapped (encrypted) version
Game moves and positions	No — encrypted ciphertext only
File names and descriptions	No — metadata is also encrypted
Position search tokens	Yes, but they're HMAC hashes — the server can match them without knowing the positions
Number of games and files	Yes — the server knows how many items you have
When you save or access files	Yes — timestamps are visible

Recovery Key

During setup, you're shown a 32-character recovery key. This is the only way to recover your data if you forget your encryption password. Save it somewhere safe — write it down, store it in a password manager, or keep it offline. It is shown exactly once and cannot be retrieved later.

Important: If you lose both your encryption password and your recovery key, your encrypted data is permanently unrecoverable. This is by design — it's the same property that guarantees nobody else can read your data either.

Limitations

No sharing — since the server can't read your data, it can't share it with other users. This is a deliberate trade-off for privacy.
Password required — you need to enter your encryption password once per session to unlock the vault. The unwrapped master key is cached in IndexedDB for the session (similar to how Proton Mail handles key persistence), so it survives page reloads. It's cleared on logout or session expiry.
Slower than cloud — encryption and decryption add a small overhead, though it's barely noticeable for typical use.

Best for: Competitive players who want their opening preparation kept private, or anyone who values the guarantee that their data is truly unreadable to third parties — including us.

Using Multiple Providers

You can enable any combination of storage providers at once. Your files in the sidebar are grouped by provider, so it's always clear where each file lives. A common setup:

Cloud for general game collections you might share or access from multiple devices
Encrypted for private opening preparation and sensitive analysis
Local folder for an existing PGN library you don't want to upload

Enable or disable providers in Settings under the Storage section.

Tip: If you're not sure which to pick, just stick with one. Cloud storage is the simplest choice for most users — enable it and forget about it. You can always add more providers later if your needs change.

← Files & Collections Keyboard Shortcuts →