Chess Tracker

Privacy Policy

Protecting your personal data is important to us. Below we inform you in accordance with Art. 13 GDPR about the collection and processing of personal data when using chess-tracker.com.

1. Responsible Party

The party responsible for data processing on this website is: Dustin-Joel Eden c/o IP-Management #8443 Ludwig-Erhard-Straße 18 20459 Hamburg Email: contact@chess-tracker.com

2. Data Collection on This Website

a) Hosting (24fire)

This website is hosted on a server provided by 24fire GmbH (Kaiserstraße 21, 55116 Mainz, Germany). The hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These include: • IP address of the requesting device • Date and time of the request • Page visited / name of the requested file • Amount of data transferred • Browser type and version • Operating system used • Referrer URL Processing is based on our legitimate interest in providing and securing the website (Art. 6(1)(f) GDPR). Data is automatically deleted after 14 days. Data processing agreement: A data processing agreement (DPA) is in place with 24fire. Servers are located in Germany.

b) Cloudflare CDN & Workers

We use the Content Delivery Network (CDN) and Workers from Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare accelerates and secures our website. Requests are routed through Cloudflare servers, processing technically necessary connection data (IP address, pages visited, date and time, browser type). Additionally, we use Cloudflare Workers as an API proxy for Chess.com requests. No personal data is stored by the Workers — they merely forward requests to the public Chess.com API. Legal basis is our legitimate interest in secure and performant delivery (Art. 6(1)(f) GDPR). Data transfers to the USA are based on the EU-US Data Privacy Framework (Art. 45 GDPR — adequacy decision). Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

c) Cookies and Session Data

This website uses the following cookies: • Session cookie for authentication (login) — deleted at end of session • Language preference (locale) — stored in the browser • Cookie consent preference — stored in localStorage Additionally, if you consent, we use Google Analytics 4 and Google Ads Conversion Tracking cookies (see sections below). Using the website without logging in does not require cookies. Legal basis for technical cookies: Art. 6(1)(f) GDPR (legitimate interest in functionality). Legal basis for analytics/advertising cookies: Art. 6(1)(a) GDPR (consent).

d) User Accounts

When you register, we store: • Email address • Hashed password (bcrypt) • Optional: display name • Chess.com username (when linking a profile) This data is processed exclusively to provide account functionality (Art. 6(1)(b) GDPR — contract performance). Passwords are stored only in hashed form and cannot be read in plain text.

e) Chess.com API

This website retrieves publicly available data from the Chess.com Public API (player statistics, ratings, games). Retrieval happens server-side through our Cloudflare Worker. Technical connection data (e.g. our server's IP address) may be transmitted to Chess.com during retrieval. No personal data of users is shared with Chess.com. The displayed data is publicly available on Chess.com. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in displaying public chess data).

f) Data Storage

All user data is stored in a SQLite database on the server hosted by 24fire in Germany. No data is transmitted to external databases or cloud storage services.

g) Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. IP anonymization is active on this website, so your IP address is truncated beforehand within the EU/EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. We use Google Analytics to analyze and regularly improve the use of our website. No personally identifiable information (such as usernames, email addresses, or search queries) is sent to Google. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. For more information on data protection at Google, visit: https://policies.google.com/privacy

h) Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and Google Ads Conversion Tracking by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you arrive at our website through a Google ad, Google Ads places a cookie on your device. These cookies expire after 30 days and are not used for personal identification. Using this cookie, Google and we can recognize that a user clicked on an ad and was redirected to our website. This data is used to compile conversion statistics. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. For more information on data protection at Google, visit: https://policies.google.com/privacy

i) Google AdSense

This website uses Google AdSense, an advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense uses cookies and web beacons to display advertisements based on your previous visits to this and other websites. Google may use advertising cookies (including DoubleClick cookies) to serve ads based on your browsing behavior. The data collected includes your IP address, browser information, and browsing behavior. This data may be transmitted to and stored on servers in the USA. Google is certified under the EU-US Data Privacy Framework. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. You can opt out of personalized advertising by visiting Google's Ad Settings: https://adssettings.google.com For more information on data protection at Google, visit: https://policies.google.com/privacy

3. Data Retention

Personal data is deleted as soon as the purpose of storage no longer applies. For user accounts: upon account deletion. For server log files: after 14 days. Inactive accounts may be automatically deleted after 12 months without login. You may request immediate deletion of your account and all associated data at any time.

4. Your Rights

Under the GDPR, you have the following rights: • Right of access to your stored data (Art. 15) • Right to rectification of inaccurate data (Art. 16) • Right to erasure of your data (Art. 17) • Right to restriction of processing (Art. 18) • Right to data portability (Art. 20) • Right to object to processing (Art. 21) To exercise your rights, contact: contact@chess-tracker.com

5. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR). The competent authority is that of your place of residence or that of the responsible party's registered office.

6. Third-Party Services and Data Transfers

This website uses the following third-party services: • 24fire GmbH (Hosting) — server location: Germany • Cloudflare, Inc. (CDN, DNS, Workers) — certified under EU-US Data Privacy Framework • Chess.com (public API) — server-side retrieval of public data only • Google Ireland Limited (Google Analytics 4, Google Ads Conversion Tracking, Google AdSense) — only with consent, certified under EU-US Data Privacy Framework No personal data is shared with any other third parties without your consent.

Chess Tracker iOS App

The following notes apply additionally to our native iOS app (iPhone, iPad, Apple Watch) and describe who processes which data — and when, how and where it is transmitted.

Controller & account

The controller for data processing in the app is the same entity named above. The app requires no user account and no sign-in.

What data is processed

The app itself does not collect personal account or profile data about you. When you use it, the chess usernames you search for or open — together with a built-in API key — are sent to our API at chess-tracker.com. In return you only receive public player data (ratings, games, openings, leaderboards).

How and where it is communicated

All communication is encrypted via HTTPS/TLS to the API at chess-tracker.com. Our server in turn queries the public APIs of Chess.com and Lichess. Player avatars and country flags are loaded directly to your device from Chess.com's image servers (images.chesscomfiles.com) and flagcdn.com. On access, technically necessary connection data (e.g. IP address, timestamp) may be processed server-side.

When data is transmitted

Data is transmitted while you use the app — for example when opening the leaderboard, searching, or viewing a profile — and when the widgets and the Apple Watch app refresh periodically in the background.

Stored locally on your device

The following stays solely on your device and is not transmitted to us: your favorites list, an offline cache of the most recently loaded leaderboard and profiles, and the usernames of your favorites in your device's Spotlight index. You can remove these at any time by deleting favorites or uninstalling the app.

No tracking, no advertising

The app contains no analytics or tracking SDKs, no advertising and no advertising identifier (IDFA). No data is shared with third parties for advertising or analytics. Distribution is via Apple's App Store / TestFlight, where Apple's privacy policy additionally applies.

7. Search Engines and Indexing

Publicly accessible content on this website (e.g. player profiles, statistics) may be indexed by search engines. Indexing is controlled via a robots.txt file and meta tags. Non-public areas (dashboard, settings) are excluded from indexing.

8. Changes

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements. The current version applies upon your next visit.