Privacy Policy

Effective Date: January 1, 2026
Last Updated: December 19, 2025

Your privacy matters. This Privacy Policy explains how Metachess.org collects, uses, stores, and protects your personal information. We are committed to transparency and giving you control over your data.

1. Introduction

Metachess.org ("we," "us," "our," or "the Platform") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we handle information collected through our website and services.

We operate under the principle of data minimization: we collect only the information necessary to provide and improve our services. We do not sell your data to third parties, and we do not use invasive tracking technologies.

By using Metachess.org, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Information You Provide Directly

Data Type Purpose Required?
Username Account identification, public profile Yes
Email address Account recovery, essential notifications, authentication Yes
Password Account security (stored as encrypted hash) Yes
Profile information Optional bio, country, avatar (if provided) No
Payment information Processing premium subscriptions and donations Only for paid services

2.2 Information Collected Automatically

When you use Metachess.org, we automatically collect certain technical information:

  • Game data: Moves, match results, ratings, game history, time controls
  • Usage data: Features used, modes played, session duration, interaction patterns
  • Device information: Browser type and version, operating system, screen resolution
  • Connection data: IP address (anonymized after 90 days), approximate location (country/region level only)
  • Performance data: Page load times, errors, technical diagnostics

2.3 Information from Third Parties

  • Payment processors: Transaction confirmations from Stripe and PayPal (we do not store full payment card details)
  • OAuth providers: If you authenticate via third-party services (planned feature), we receive only basic profile information you authorize

2.4 User-Generated Content

  • Workshop creations, custom modes, and extensions you publish
  • Comments, forum posts, and community interactions (planned)
  • Game annotations and analysis notes

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Core Service Delivery

  • Creating and maintaining your account
  • Enabling online gameplay and matchmaking
  • Calculating and displaying ratings and statistics
  • Providing game analysis and chess engine evaluations
  • Saving your games, preferences, and settings

3.2 Platform Improvement

  • Analyzing usage patterns to improve user experience
  • Identifying and fixing bugs and technical issues
  • Developing new features based on user behavior
  • Optimizing platform performance and stability

3.3 Security and Fair Play

  • Detecting and preventing cheating, bots, and unfair assistance
  • Identifying fraudulent accounts and activities
  • Protecting against security threats and unauthorized access
  • Enforcing Terms of Service and community standards

3.4 Communication

  • Sending essential service notifications (account security, important updates)
  • Responding to your support requests and inquiries
  • Processing payment confirmations and receipts

Note: We do not currently send marketing emails or newsletters. If we introduce such communications in the future, they will be strictly opt-in.

3.5 Legal Compliance

  • Complying with legal obligations and valid legal requests
  • Protecting our rights and the rights of other users
  • Resolving disputes and enforcing our agreements

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, we process your personal data based on the following legal grounds:

  • Contractual necessity: Processing required to provide services you requested (account creation, gameplay)
  • Legitimate interests: Improving services, preventing fraud, ensuring security (balanced against your privacy rights)
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: For optional features requiring explicit consent (we will clearly request permission)

5. Cookies and Tracking Technologies

Metachess.org uses cookies and similar technologies to provide essential functionality and improve your experience.

5.1 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Authentication, session management, security features Session or up to 30 days
Functional Cookies Remember your preferences, settings, and customizations Up to 1 year
Analytics Cookies Understand usage patterns, performance metrics (first-party only) Up to 2 years

5.2 What We Don't Use

  • Third-party advertising cookies: We do not serve ads or use advertising tracking
  • Cross-site tracking: We do not track you across other websites
  • Social media pixels: No Facebook, Twitter, or similar tracking pixels

5.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent certain features from functioning properly. Most browsers allow you to:

  • View and delete existing cookies
  • Block third-party cookies
  • Block all cookies (not recommended for functionality)
  • Delete cookies when closing the browser

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:

6.1 Service Providers

We work with trusted third-party service providers who assist us in operating the Platform:

  • Hosting providers: Servers located in Cyprus (from February 2026) for data storage and platform hosting
  • Payment processors: Stripe and PayPal for processing payments (they have their own privacy policies)
  • Email services: For sending essential transactional emails

These providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Requests from law enforcement or government authorities
  • Situations involving potential threats to safety or security
  • Protection of our legal rights and enforcement of our policies

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.

6.4 Public Information

Certain information is publicly visible by design:

  • Username, profile information, and avatar (if set)
  • Game history, ratings, and statistics
  • Workshop content and community contributions

You can control the visibility of some information through privacy settings.

7. International Data Transfers

Metachess.org operates internationally with servers located in Cyprus. If you access our services from outside Cyprus, your data may be transferred to and processed in Cyprus.

We implement appropriate safeguards to ensure your data receives adequate protection regardless of where it is processed. For users in jurisdictions with strict data protection laws (such as the EU), we comply with applicable transfer requirements.

8. Data Retention

We retain your personal information for different periods depending on the type of data and purpose:

Data Type Retention Period
Account information Until account deletion + 30 days
Game history Until account deletion + 90 days (may be anonymized for platform statistics)
Payment records 7 years (legal requirement for financial records)
IP addresses 90 days (anonymized after), retained longer only for security incidents
Support communications 3 years after case closure
Deleted account data Fully purged after 30 days (except legally required records)

After these periods, data is either permanently deleted or anonymized so it can no longer identify you. Some anonymized data may be retained indefinitely for statistical and analytical purposes.

9. Your Privacy Rights

Depending on your location, you have various rights regarding your personal data. We honor these rights globally, not just where legally required.

Your Rights Include:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Delete your account and associated data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to certain types of processing
  • Right to restrict processing: Limit how we use your data
  • Right to withdraw consent: Withdraw consent for processing based on consent

9.1 How to Exercise Your Rights

To exercise any of these rights, you can:

  • Use account settings to manage preferences and data directly
  • Contact us at privacy@metachess.org
  • Submit a formal request through our contact form

We will respond to verified requests within 30 days. For complex requests, we may extend this period by an additional 30 days with notification.

9.2 Account Deletion

You can delete your account at any time through account settings. Upon deletion:

  • Your account will be immediately deactivated
  • Personal data will be deleted within 30 days
  • Some data may be retained in anonymized form for statistics
  • Legally required records (payment history) will be retained per requirements
  • Public game history may remain visible but will be disassociated from your identity

10. Children's Privacy

Metachess.org is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are between 13 and 18 years old (or the age of majority in your jurisdiction), you may only use the Platform with parental or guardian involvement, supervision, and consent.

If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete that information. If you believe we have information from a child under 13, please contact us at privacy@metachess.org.

11. Data Security

We implement industry-standard security measures to protect your personal information:

11.1 Technical Safeguards

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Password protection: Passwords are hashed using strong cryptographic algorithms (never stored in plain text)
  • Secure servers: Data stored on secured servers in Cyprus with restricted access
  • Regular backups: Encrypted backups to prevent data loss
  • Firewalls and monitoring: Active protection against unauthorized access attempts

11.2 Organizational Safeguards

  • Access controls: Limited employee access to personal data on a need-to-know basis
  • Regular security audits and penetration testing
  • Incident response procedures for potential data breaches
  • Staff training on data protection and privacy practices

11.3 Your Responsibility

Security is a shared responsibility. You should:

  • Use a strong, unique password for your account
  • Enable two-factor authentication when available
  • Keep your login credentials confidential
  • Log out when using shared or public devices
  • Report suspicious activity immediately

11.4 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law. We will provide information about the breach, affected data, and steps you can take to protect yourself.

12. Third-Party Links and Services

Metachess.org may contain links to third-party websites, services, or Workshop content created by users. We are not responsible for the privacy practices of these third parties.

When you click on third-party links or use third-party services (such as payment processors), you are subject to their privacy policies and terms. We encourage you to review the privacy policies of any third-party sites you visit.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request disclosure of categories and specific pieces of personal information collected
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt-out of the sale of personal information (note: we do not sell your data)
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at privacy@metachess.org with "CCPA Request" in the subject line.

14. European Economic Area (EEA) and UK Rights (GDPR)

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR), including all rights listed in Section 9.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.

For GDPR-specific inquiries, contact our data protection officer at dpo@metachess.org.

15. Analytics and Performance Monitoring

We use first-party analytics tools (self-hosted, not third-party services) to understand how users interact with Metachess.org. This helps us:

  • Identify popular features and areas for improvement
  • Detect and resolve technical issues
  • Optimize platform performance
  • Understand user preferences and behavior patterns

Our analytics are privacy-focused and do not include invasive tracking or cross-site surveillance. Data is aggregated and anonymized where possible.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you through the Platform or via email for material changes
  • Provide a reasonable period for you to review changes before they take effect

We encourage you to review this Privacy Policy periodically. Your continued use of Metachess.org after changes become effective constitutes acceptance of the updated policy.

Previous versions of this policy will be archived and available upon request.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 48-72 hours during business days, and within 30 days for formal data subject requests.

18. Governing Law and Jurisdiction

This Privacy Policy is governed by applicable international data protection laws and regulations, including but not limited to GDPR and CCPA where applicable.

For jurisdictional purposes, disputes arising from this Privacy Policy will be handled in accordance with the Terms of Service and applicable consumer protection laws in your country of residence.

Our Commitment to You: Metachess.org is built on the principle of respecting user privacy. We collect only what's necessary, protect what we collect, and give you full control over your data. Your trust is essential to us, and we work every day to earn and maintain it.