Privacy Policy
Last updated: July 4, 2026
This Privacy Policy explains how MyChessBot (“we”, “our”) collects, uses, and shares information when you use our website at mychessbot.com. By using the service, you agree to the practices described here and to our Terms of Service.
1. What we collect
We collect the minimum information needed to operate the service:
- Account information (only if you create an account): your email address and any profile data you provide through Clerk, our authentication provider.
- Payment information (only if you purchase a plan or cosmetic): handled entirely by Stripe. We never see or store your card details — only a Stripe customer reference and subscription status.
- Game history: chess moves, opening selections, results, and the bots you have played. Chess moves are sent to our server engine to compute bot responses and are stored in our PostgreSQL database. Anonymous (guest) game history is retained for 30 days; registered user history is retained until you delete your account.
- Guest session identifiers: if you play without an account, we set a signed HttpOnly cookie (
mcb_guest) that identifies your session. It contains a random ID — no personal data. - Usage analytics (only after you accept cookies): page views, game events, and other usage data via Google Analytics 4, New Relic (real-user monitoring), and PostHog (product analytics). PostHog also records anonymized session replays of how the app is used to help us find and fix usability problems; text you type into form fields (such as usernames and email addresses) is masked and not recorded. Used to understand and improve the service.
- Error reports: we use New Relic to record crashes and unhandled errors so we can fix them. Client-side error reporting runs only after you accept cookies; server-side errors are always recorded. Personally identifiable information is scrubbed before reports are sent.
- Physical-board reliability(Premium board feature only): when you play a game using a connected physical board, we record the outcome of that session — board model, firmware version, browser/OS, and connection-stability counts — so we can measure which boards work reliably and warn you away from ones that don’t. This is operational data tied to a feature you opted into; it is collected regardless of analytics-cookie consent.
2. Where data is stored
- Database: Azure Database for PostgreSQL Flexible Server, hosted in the East US region.
- Application servers: Microsoft Azure App Service (East US).
- Payments: Stripe (PCI-DSS compliant; see Stripe’s privacy policy).
- Authentication: Clerk (see Clerk’s privacy policy).
- Email: Resend (only if you opt into the email list).
3. Cookies and similar technologies
We use the following categories of cookies and similar storage:
- Strictly necessary (always on): Clerk session cookies for authenticated users;
mcb_guestfor anonymous game history; Stripe checkout cookies during a payment flow. - Functional: theme preferences and cosmetic selections stored in your browser’s localStorage.
- Advertising and analytics(only after you accept the cookie banner): Google AdSense (shown to free-tier users), Google Analytics 4, New Relic (real-user monitoring), and PostHog (product analytics and masked session replay). These do not load until you click “Accept” on the cookie banner.
- Error tracking: New Relic records crashes and errors; client-side error reporting loads only after you accept the cookie banner (server-side errors are always recorded). Personally identifiable information is scrubbed before reports are sent.
4. Retention
- Guest games: deleted automatically 30 days after the last activity on that guest session.
- Registered user games: retained until you delete your account.
- Deleted accounts: account data is soft-deleted immediately and permanently removed 30 days later. Purchase records required for tax retention are kept for seven years in anonymized form (no link back to the deleted user).
5. Automated processing and profiling
To provide the coaching service, we process your games automatically to build a profile of your play. Specifically, we analyze your moves with a chess engine to produce move-quality metrics, estimate your playing strength, build a skill profile (how different parts of your game compare to players at your level), and generate a personalized coaching plan. This constitutes profiling under the GDPR.
These results are the finished figures shown to you in the app, and you can view them there at any time. This processing does not produce any legal or similarly significant effect — it only tailors your training. The underlying engine analysis and models are proprietary; for meaningful information about the logic involved, or to object to this processing, email privacy@mychessbot.com.
6. Sharing
We do not sell your personal data. We share information with the third-party processors listed above (Azure, Stripe, Clerk, Resend, Google, New Relic, PostHog) only as necessary to provide the service. We may disclose information if required by law or to protect the rights, property, or safety of our users.
7. Your data rights (GDPR & CCPA)
You have the right to access, export, correct, or delete your personal data. Under GDPR Articles 15 and 20 (access and portability) and Article 17 (erasure), and equivalent CCPA provisions, you can exercise these rights at any time:
- Export your data: visit your Account pageand click “Download my data” to download a machine-readable JSON copy of the data we hold on you — your account details, games, puzzle and training attempts, repertoires, and purchases. Detailed engine analysis and our coaching computations are proprietary and are shown to you in the app rather than included in the export.
- If you have an account: visit your Account pageand click “Delete my account”. Your data will be soft-deleted immediately and permanently removed after 30 days.
- If you played as a guest: clear your cookies or wait 30 days for the automatic cleanup to delete your game history.
- For any other request: email privacy@mychessbot.com. We will respond within 30 days.
8. Children
MyChessBot is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced on the site. The “Last updated” date at the top reflects the most recent revision.
10. Contact
Questions about this policy or a privacy request? Email privacy@mychessbot.com.