Privacy Policy

1. Introduction

ChessMMO ("we," "us," or "our") operates chessMMO.gg and the chessMMO mobile application available on iOS and Android (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights with respect to it. By creating an account or using the Service, you agree to the collection and use of information as described in this policy. Anonymous (guest) play is available without an account; the data practices for guest sessions are described below.

2. Information We Collect

3. How We Use Your Information

We use the information we collect to: • Authenticate your account and maintain secure session state • Render your avatar, username, and ELO rating to other players in the game world • Validate and record chess moves server-side (all game logic is authoritative on our servers) • Calculate and update ELO ratings using a variable K-factor system after each rated game • Save your world position so you respawn at your last location • Display your match history and rating progression • Detect and prevent cheating, botting, or abuse of game systems • Deliver OTA updates to keep the mobile app current without requiring an App Store re-submission • Improve game balance, fix bugs, and scale server infrastructure We do not use your data for advertising, profiling for third-party marketing, or sale to data brokers.

4. Data Storage & Infrastructure

Your profile and match data are stored in a PostgreSQL database hosted by Supabase (supabase.com) in their managed cloud infrastructure. Supabase enforces row-level security (RLS) so that only authenticated requests with the correct credentials can read or modify your records. Our real-time game server runs on Colyseus Cloud. The WebSocket connection between your device and the game server is encrypted with TLS. In-memory game state on the Colyseus server is ephemeral and is not replicated to long-term storage. We maintain logically separate databases for development and production environments. Production data is never used in development.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances: • With Supabase and Colyseus as infrastructure subprocessors necessary to operate the Service — they are contractually bound to process data only as instructed • With Expo / EAS for the purpose of delivering app updates • With law enforcement or regulatory authorities when required by applicable law, valid legal process, or to protect the safety of users or the public • In connection with a merger, acquisition, or sale of assets — in which case we will notify you before your data is transferred and becomes subject to a different privacy policy Your username and ELO rating are visible to all players in the game world by design. Your email address is never displayed publicly.

6. Data Retention

We retain your account information and match history for as long as your account is active or as needed to provide the Service. If you request account deletion, we will permanently remove your profile (email, username, avatar, ELO, position) and all associated match history records within 30 days of receiving your request. Anonymized aggregate statistics (e.g., total games played across all users) may be retained indefinitely without linkage to your identity. Guest session data is discarded automatically at the end of each connection and is never written to persistent storage.

7. Security

We implement industry-standard safeguards including: • TLS encryption for all client–server communication (WebSocket and HTTPS) • Bcrypt-hashed passwords via Supabase Auth — we have no access to your plaintext password • Row-level security policies on all database tables • Server-side move validation — the game server, not the client, is the authoritative source of truth for all game state No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Access — request a copy of the data we hold about you • Correction — request correction of inaccurate data • Deletion — request erasure of your account and associated data • Portability — request your match history in a machine-readable format (PGN files are available on request) • Objection — object to certain processing activities To exercise any of these rights, contact us at dan@chessmmo.gg. We will respond within 30 days. We may need to verify your identity before fulfilling a request. California residents: We do not sell personal information as defined under the CCPA/CPRA. You have the right to know what data we collect and to request deletion. EEA/UK residents: Our processing is based on contract performance (operating the game you signed up for) and legitimate interests (security, fraud prevention). You may lodge a complaint with your local supervisory authority.

9. Children's Privacy

ChessMMO is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at dan@chessmmo.gg and we will promptly delete such information. Users in the European Economic Area must be at least 16 (or the age of digital consent in their member state) to create an account.

10. Third-Party Links & App Stores

The Service is distributed through the Apple App Store and Google Play Store. Downloading the app is subject to Apple's and Google's respective terms and privacy practices, which are independent of this policy. We are not responsible for the privacy practices of the app store platforms. This website (chessmmo.gg) does not use third-party analytics, advertising networks, or tracking cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you via email or an in-app notification. Your continued use of ChessMMO after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Email: dan@chessmmo.gg Website: chessmmo.gg