← Back to Chess.ceo

Privacy Policy

Last updated: March 24, 2026

Your Files Are Private

When you store PGN games and collections on Chess.ceo, they belong to you. Access to stored file contents is restricted to authorized personnel and only occurs when strictly necessary for specific operational reasons: resolving technical issues, responding to user support requests, or investigating violations of our Terms of Service. Your files are never browsed, reviewed for content, or accessed out of curiosity.

Our systems automatically process file metadata (such as file size, timestamps, game headers, and position indexes) to provide features like search and organization. This processing is fully automated, and the resulting data is treated as your property. We do not analyze your data for profiling, advertising, or AI training purposes.

No Individual Tracking

Chess.ceo does not track individual users across sessions for profiling, advertising, or behavioral analysis. Specifically:

• We do not use analytics tools that track individual behavior.
• We do not employ browser fingerprinting.
• We do not embed third-party trackers, pixels, or beacons.
• We do not create advertising profiles or assign advertising identifiers.
• We do not share any data with ad networks or data brokers.

Client-Side Encrypted Storage

Chess.ceo offers an optional encrypted storage mode that uses AES-256-GCM client-side encryption. When you enable encrypted storage:

• Your files are encrypted in your browser before they leave your device.
• The encryption key is derived from your passphrase and never sent to our servers.
• Our servers store only encrypted data. In encrypted storage mode, we cannot decrypt or read your files.
• Position search uses blind index tokens, so the server can help you find games without ever seeing the actual positions.

Even as the operator, we cannot access encrypted files. Without encrypted storage, file contents are accessible on the server but are only accessed under the limited circumstances described above.

What We Collect

We collect only what is necessary to provide the service:

• Email address — Used for passwordless authentication and account recovery. This is your login credential.
• Username — Your chosen display name on the platform.
• Avatar — Your selected profile picture from our preset options.
• Chess content — PGN games and collections you upload or create, stored solely to provide the service back to you.
• User preferences — Settings like board theme and notation style, synced to provide a consistent experience across sessions.

Security Data

To protect your account and prevent abuse, we temporarily log:

• IP address — Used to detect suspicious login attempts and prevent brute-force attacks.
• Browser information — Helps identify unauthorized access to your account.
• Login timestamps — So you can see when your account was last accessed.

This security data is used solely for account protection and is automatically deleted after 30 days. It is never used for profiling, advertising, or any other purpose.

No AI Training

Your data is never used to train artificial intelligence models, machine learning systems, or any form of automated learning. Your games, annotations, and analysis remain yours and are not fed into any training pipeline.

Payment Information

If you subscribe to premium features:

• Payments are processed by Stripe or BTCPay. We share limited data with these processors solely to complete transactions.
• We never see, receive, or store your credit card numbers or payment details.
• We store only a reference ID to track your subscription status.

What We Don't Do

• We don't sell, rent, or trade your data to anyone.
• We don't share your information with advertisers or data brokers.
• We don't use tracking pixels, analytics cookies, or invasive analytics.
• We don't send marketing emails. You will only receive transactional emails such as login codes.
• We don't publish or share your chess games without your explicit consent.
• We don't analyze your content for profiling, advertising, or AI training.
• We don't create behavioral profiles or track individual user activity for advertising.

GDPR Compliance

Chess.ceo is operated from Germany and your data is stored on secure servers within the European Union. We process your data under GDPR Article 6(1)(b) (contractual necessity to provide the service) and Article 6(1)(f) (legitimate interest for security purposes). We comply with the General Data Protection Regulation (GDPR) and respect your rights as a data subject:

• Right of Access — You can view all data associated with your account in your settings.
• Right to Export — You can export all your PGN games and data at any time.
• Right to Erasure — You can delete your account, which permanently removes all your data within 30 days, subject to backup retention cycles.
• Right to Rectification — You can update your username, avatar, and other account information at any time.
• Right to Data Portability — Your chess data is stored in the open PGN format, making it fully portable to any other platform.

Data Storage & Security

All data is encrypted at rest on our servers and in transit via HTTPS. All access to user data is logged and restricted. We may share data with infrastructure providers solely to operate the service.

Cookies

We use essential cookies only:

• Authentication cookie — Keeps you logged in across sessions.
• CSRF token — Protects against cross-site request forgery attacks.

We do not use tracking cookies, analytics cookies, or third-party cookies. Only strictly necessary cookies are used; no consent is required under GDPR.

Data Retention

• Account data — Retained as long as your account is active.
• Security logs — Automatically deleted after 30 days.
• Deleted accounts — All data permanently removed within 30 days of deletion.

Changes to This Policy

If we make significant changes to this policy, we will notify you via email or a prominent notice on our website. The "Last updated" date at the top of this page will always reflect the most recent revision.