ChessAI · Effective date: May 15, 2025 · Last updated: May 15, 2025
ChessAI ("Company," "we," "us," "our") operates the ChessAI mobile application (the "App"). Questions about this policy may be directed to privacy@projectchess.app.
| Data | How collected | Purpose | Stored where |
|---|---|---|---|
| Device UUID | Generated on first launch; stored in iOS Keychain | Identify your device for rate limiting and token issuance. Never linked to your identity. | Your device Keychain + Cloudflare KV (hashed key only) |
| Subscription tier | Derived from your Apple StoreKit 2 receipt at token mint time | Determine which features you have access to. Baked into a short-lived signed token; not stored by us separately. | Signed JWT on your device (7-day TTL) |
| API usage counters | Incremented server-side each time you make an AI request | Enforce daily rate limits per subscription tier. Keys are keyed to device UUID + date only. | Cloudflare KV (auto-expires after 25 hours) |
| AI conversation messages | Typed by you in the AI coach or analysis features | Sent to Anthropic's API to generate a response. We do not log or store message content. | Transmitted to Anthropic; not retained by us |
| Game history & statistics | Recorded locally as you play | Display your stats, rating history, and win/loss record in the app. | On your device only (UserDefaults / local storage) |
| Online game state | Created when you play online multiplayer | Synchronise board state between two players in real time. | Firebase Realtime Database (deleted when the game ends) |
| IP address | Provided by Cloudflare on every request | Prevent abuse of the token endpoint (max 10 token requests per IP per hour). Not logged or stored by us beyond the counter. | Cloudflare KV counter key (auto-expires after 2 hours) |
We do not collect your name, email address, phone number, location, contacts, camera or microphone data, device advertising ID, or any other personal identifiers beyond what is listed above.
We use the information described above solely to:
We do not use your data for advertising, profiling, or sale to third parties.
The Service relies on the following third-party processors. By using the Service you acknowledge that data described above is transmitted to these parties under their own privacy terms:
We take reasonable technical measures to protect the data we process:
No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of data transmitted to or from the App.
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, please contact us at privacy@projectchess.app and we will take steps to delete that information.
Because we do not collect personal information beyond an anonymous device UUID, most traditional data subject rights (access, correction, portability) are not applicable — we simply cannot link a UUID to your identity. However:
Our backend services (Cloudflare Workers, Firebase) may process data in data centers located outside your country, including the United States. By using the Service, you consent to the transfer of information to countries that may have different data protection laws than your country of residence.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any change constitutes your acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy, please contact us at: