← Back to home

Privacy Policy

1. Who we are

Improve my Chess ("we", "us", "our") is operated by Alexander Sowter. If you have any questions about this Privacy Policy, please contact us at privacy@improvemychess.com.

2. Data we collect

We collect the following categories of data:

  • Account data: When you create an account, we store your email address and a hashed password via our authentication provider (Supabase). We never store plaintext passwords.
  • Profile data: Your chess.com username, subscription status (free or Pro), free analysis count, and Stripe customer ID.
  • Payment data: All payment processing is handled by Stripe. We do not store your credit card number, CVV, or full card details. We receive and store only your Stripe customer ID and subscription status. See Stripe's Privacy Policy for how they handle your payment data.
  • Chess game data: Your publicly available games fetched from the chess.com Public API. This data is processed in your browser session and is not permanently stored on our servers.
  • AI usage data: We log each AI analysis request, including the feature used, model called, token count, and estimated cost. This data is associated with your user ID for billing and abuse-prevention purposes.

3. How we use your data

  • To provide and operate the service (game analysis, scouting, training drills).
  • To manage your account and subscription.
  • To process payments through Stripe.
  • To monitor and prevent abuse of AI features (e.g. excessive usage).
  • To improve the service and fix bugs.
  • To communicate with you about your account or changes to the service (email only, no marketing unless you opt in).

4. Third-party services

We share data with the following third parties, solely to operate the service:

  • Supabase — authentication and database hosting. Your email, hashed password, and profile data are stored in Supabase. Supabase Privacy Policy.
  • Stripe — payment processing. Your payment details are handled entirely by Stripe. Stripe Privacy Policy.
  • Anthropic (Claude API) — AI analysis. Your chess game data (PGN moves) is sent to Anthropic for processing. Anthropic does not use API inputs to train their models. Anthropic Privacy Policy.
  • chess.com Public API — game data. We fetch your publicly visible games. No authentication credentials are sent to chess.com on your behalf.
  • Vercel — hosting. The application is deployed on Vercel. Vercel Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties for marketing or advertising purposes.

5. Cookies and local storage

We use essential cookies and browser local storage to maintain your login session and store your chess.com username and game data locally for performance. We do not use third-party tracking cookies, advertising cookies, or analytics services.

6. Data retention

Account data and AI usage logs are retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymised, aggregated usage statistics (e.g. total API calls) may be retained indefinitely for operational purposes.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to processing of your data.

To exercise any of these rights, email privacy@improvemychess.com. We will respond within 30 days.

8. Children

This service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and server-side API key storage. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the service. Your continued use of the service after such notification constitutes acceptance of the updated policy.