ChessHarp

Privacy Policy

Last updated: April 26, 2026

This policy describes what information ChessHarp collects, how it is used, and the choices you have. ChessHarp is operated as a personal hobby project. Questions can be sent to support@chessharp.com.

1. Information We Collect

Account information

  • Email address (required for sign-in and account confirmation).
  • Hashed password.
  • Your Chess.com and/or Lichess username, if you provide one.
  • Account preferences (e.g., last visited page, ignore-bot-games flag).

Game and analysis data

  • Your public game history, fetched from Chess.com or Lichess using the username you provide.
  • Opening lines you define inside the Service.
  • Your drill attempts, results, and analysis history.
  • If you use engine analysis, the resulting evaluations and best moves.

Payment information

  • If you make a payment or donation, Stripe processes it on our behalf. We store a Stripe customer ID and subscription status. We do not store credit card numbers.

Technical information

  • Server logs containing IP address, request path, user agent, and timestamps. Used for debugging and abuse prevention.
  • Cloudflare analytics, which records aggregate, cookieless traffic data.
  • An authentication cookie required to keep you signed in.

2. How We Use Information

  • To provide the core features of the Service (importing games, analysis, drills).
  • To send transactional email (account confirmation, password reset, payment receipts).
  • To process payments via Stripe.
  • To debug errors, prevent abuse, and improve reliability.

We do not sell your data. We do not use your data for advertising. We do not share your game data with third parties beyond the sub-processors listed below.

3. Sub-Processors

The Service relies on the following third parties to operate. Each has its own privacy policy:

  • Hetzner — server hosting (your data is stored on a server we operate at Hetzner).
  • Stripe — payment processing.
  • Resend — outbound email delivery.
  • Cloudflare — DNS, TLS, and analytics.
  • Chess.com and Lichess — sources of your public game history (we read from their public APIs).

4. Cookies

ChessHarp uses one strictly-necessary cookie to keep you signed in. This cookie is HttpOnly, Secure, and SameSite=Strict. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Cloudflare's analytics is cookieless.

5. Retention

  • Account and game data is retained until you delete your account.
  • Server logs are retained for up to 30 days.
  • Stripe retains payment records per its own policy and applicable tax law.
  • Backups, where present, are rotated and overwritten over time.

6. Your Rights

Depending on where you live, you may have rights under laws such as the GDPR (EU/UK) or CCPA (California). Regardless of jurisdiction, you can:

  • Access your data — use the Backup feature inside the Service to export your games and openings, or contact us.
  • Correct your data — update your email or linked usernames from the Account page.
  • Delete your data — use the "Delete my account" button on the Account page, or contact us.
  • Object to processing or request a copy in machine-readable form — contact us.

We respond to requests within 30 days. If you live in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

7. Children

The Service is not directed at children under 13 (or under 16 in the EU/UK). If you believe a child has created an account, please contact us so we can delete it.

8. Security

Passwords are hashed using ASP.NET Core Identity defaults. Connections are encrypted with TLS. We follow standard security practices but cannot guarantee absolute security; if you discover a vulnerability, please report it to support@chessharp.com.

9. International Transfers

Servers are located in the European Union. If you access the Service from outside the EU, your information will be transferred to and processed there.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

Terms of Service

An unhandled error has occurred. Reload 🗙