Privacy Policy

Account data: Name, email address, password (hashed), and role when you register.

Chess identity data: US Chess member ID, FIDE ID, Chess.com username, Lichess username — only what you provide.

Rating data: We fetch your ratings from US Chess, Chess.com, and Lichess APIs when you link those accounts. We cache the most recent values.

Tournament data: Registration history, section selections, game results, and any penalties issued during events you participate in.

Payment data: We do not store card numbers. Payment is handled by Stripe; we store only the Stripe customer ID and payment status.

Usage data: Server logs including IP address, browser type, and pages visited. We retain logs for 30 days.

To operate the Service — match you to tournaments, show pairings, record results.

To verify membership status for rated events and warn about expiring memberships.

To process entry fees and director payouts through Stripe.

To send transactional emails (registration confirmations, round notifications). We do not send marketing emails without explicit consent.

To display your public player profile — name, rating, and tournament history — to other logged-in users.

The following is visible to anyone (including unauthenticated visitors):

• Your display name and ratings on your player profile page
• Your presence in a tournament’s player list
• Game results once a round is published

Your email address, payment information, and USCF certification details are never public.

Supabase — database and authentication infrastructure. Data is stored in the US.

Stripe — payment processing. Stripe’s privacy policy governs data shared with them.

US Chess Federation API — we query their public member API to verify ratings. No personal data is sent.

Chess.com and Lichess APIs — we fetch public rating data when you provide your username.

We do not sell your data to any third party.

Your account data is retained as long as your account exists. Deleting your account removes your personal information within 30 days, except where retention is required by law or for financial record-keeping (7 years for transaction records).

Tournament results are retained indefinitely as part of the historical record of the event.

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, email privacy@chessmate.app.

California residents have additional rights under CCPA. EU/UK residents have rights under GDPR. We honor all valid requests within 30 days.

We use a single session cookie to keep you logged in. We do not use tracking or advertising cookies. We do not use third-party analytics.

All data is transmitted over TLS. Passwords are hashed with bcrypt. We conduct periodic security reviews. Despite these measures, no system is completely secure — use a strong, unique password.

ChessMate is not directed at children under 13. If we become aware that a child under 13 has provided personal data, we will delete it promptly.

We will notify registered users by email of material changes. Continued use after the effective date of changes constitutes acceptance.

Privacy questions: privacy@chessmate.app