← Back to Home

Privacy Policy

Last updated: April 20, 2026

1. Introduction

Welcome to ChessVector (“we”, “our”, or “us”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains:

  • What personal data we collect
  • How we use it
  • Your rights
  • How we protect your information
  • How to contact us

By using ChessVector, you agree to the terms of this Policy.

2. What Data We Collect

2.1 Account Information

When you create an account using Supabase Authentication, we collect:

  • Email address
  • Password hash (never stored or seen by us)
  • Authentication tokens
  • Metadata you choose to provide (username, preferences)

2.2 Payment Information

Payments and subscriptions are processed by Stripe. We do not store your credit card information.

Stripe collects and processes:

  • Payment details
  • Billing address
  • Tax/VAT information
  • Subscription status and renewal dates

2.3 Usage Data

We may collect information related to your use of ChessVector, including:

  • Game PGNs you upload or analyze
  • Number of analyses performed
  • Opening explorer usage
  • Puzzle attempts
  • Device type and operating system
  • Browser information
  • IP address (for security and abuse prevention)
  • Timestamps of requests
  • Clickstream data related to navigation and feature use

2.4 AI Processing Data

When you request analysis, the following may be processed:

  • FEN and PGN game states
  • Move history
  • Evaluations
  • Commentary prompts

If an external LLM provider is used (e.g., OpenAI), this data may be temporarily transmitted to generate commentary or insights.

2.5 Error & Performance Data

Collected via Sentry, Grafana, and Prometheus:

  • Stack traces
  • Error logs
  • API performance metrics
  • System health data

No sensitive game content or passwords are included.

3. How We Use Your Data

We use your data to:

3.1 Provide and Improve the Service

  • Authenticate your account
  • Save and retrieve your analyses
  • Display personalized training insights
  • Process payments and manage subscriptions
  • Ensure the platform functions correctly
  • Improve performance, features, and reliability

3.2 Customer Support

We use account and usage information to:

  • Respond to questions
  • Investigate issues
  • Detect and prevent abuse

3.3 Security

We may process IP addresses and usage behavior to:

  • Detect malicious behavior
  • Prevent account abuse
  • Limit automated scraping
  • Enforce rate limits

3.4 Legal Compliance

We may process data to:

  • Comply with tax, accounting, and subscription regulations
  • Respond to lawful data requests

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contractual necessity: To provide ChessVector to you
  • Legitimate interest: Improve the service, maintain security
  • Consent: Cookies (where applicable)
  • Legal obligation: Tax, payment, or regulatory compliance

5. How We Share Your Data

We share data only with trusted third-party processors required to operate ChessVector:

5.1 Authentication & Database

  • Supabase (EU region recommended)

5.2 Payments

  • Stripe

5.3 Analytics, Monitoring & Logging

  • Sentry (error monitoring)
  • Grafana / Prometheus (performance metrics)
  • Cloudflare (security + CDN)

5.4 AI Providers (If Enabled)

If AI commentary is used, game data (FEN, PGN, move lists) may be transmitted to an external LLM API.

We DO NOT:

  • Sell your data
  • Share your email with advertisers
  • Allow third parties to use your data for marketing

6. Data Retention

We retain:

  • Account data until your account is deleted
  • Payment history as required by tax law
  • Game analyses and training data until deleted by you
  • Logs for security and debugging (30–180 days depending on type)

7. Your Rights (GDPR)

You have the following rights:

Right to Access

Request a copy of your personal data.

Right to Rectification

Fix incorrect or incomplete data.

Right to Erasure (“Right to be Forgotten”)

Delete your account and associated data.

Right to Data Portability

Export your data in a readable format.

Right to Withdraw Consent

For cookies or optional tracking.

Right to File a Complaint

Sweden's Data Protection Authority (IMY): https://www.imy.se

8. Data Security

We use:

  • HTTPS encryption
  • Prepared statements
  • Role-based access controls
  • Secure credential storage
  • Isolated server environments
  • Cloudflare DDoS protection
  • Monitoring and alerting tools

No system is 100% secure, but we take reasonable steps to protect your data.

9. International Transfers

If external AI providers or infrastructure are located outside the EU, data may be transferred internationally using:

  • Standard Contractual Clauses (SCC)
  • Equivalent safeguards

Where possible, EU-hosted services are used.

10. Children's Privacy

ChessVector is not intended for users under 13. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with a new “Last Updated” date.

12. Contact Us

If you have questions, requests, or concerns:

Email: support@chessvector.com

Business Name: ChessVector

Location: Stockholm, Sweden

← Back to Home
Terms of ServicePrivacy Policy