← Back to app

Privacy Policy

Last updated: 2026-06-24 · Applies to gambitcoach.com

This Privacy Policy explains how GambitCoach ("we", "us") processes your personal data when you use the service at gambitcoach.com. We comply with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the California Consumer Privacy Act (CCPA/CPRA) where applicable.

1. Data controller

The data controller within the meaning of GDPR Art. 4(7) is:

We do not have a designated Data Protection Officer (DPO) because we do not meet the thresholds in GDPR Art. 37 / BDSG § 38. You may contact us directly at the email above for any data-protection question.

2. Hosting location

The service is hosted on Microsoft Azure in the Germany West Central region (Frankfurt am Main, Germany). All personal data is stored on servers located within the European Union. We do not transfer personal data outside the EEA.

3. Data we collect and lawful basis (GDPR Art. 6)

Data Purpose Lawful basis
Email address (when you sign in) Identify your account, secure sign-in, send magic-link / one-time codes Art. 6(1)(b) - contract
Account identifier (a key derived from your verified email or sign-in provider) and an admin flag Link your data to one account across sign-in providers; gate administrative features Art. 6(1)(b) - contract
Chess.com username Identify your data + fetch your public games Art. 6(1)(b) - contract
Your public chess.com games (PGN + metadata) Run Stockfish analysis, persist results Art. 6(1)(b) - contract
Games you import (pasted PGN) and games you play against our bots Store and analyse the games you add yourself Art. 6(1)(b) - contract
Deep-analysis results (Stockfish evaluations of your games) Show your move-quality feedback without re-running the engine each visit Art. 6(1)(b) - contract
IP address (in-memory, transient) Per-IP rate limiting; abuse prevention Art. 6(1)(f) - legitimate interest
Server-side request logs (URL, status, timing) Operational diagnostics; security Art. 6(1)(f) - legitimate interest
Telemetry via Azure Application Insights
(only enabled in production; not on dev)
Detect errors and performance regressions Art. 6(1)(f) - legitimate interest

4. Cookies and similar technologies

We use only strictly necessary cookies. No tracking cookies, no advertising cookies, no third-party analytics cookies. The following cookies are set:

Because all cookies we set are strictly necessary for the service you request (ePrivacy Directive Art. 5(3), TTDSG § 25(2) Nr. 2), no separate consent banner is shown. You can clear them at any time via your browser settings; doing so will sign you out.

5. Retention

6. Recipients and third parties

All other engine analysis runs on our servers in Germany; the inputs (positions, moves) are not shared with any third party.

We do not sell or rent your personal data. We do not run third-party advertising. We do not use third-party analytics or social media trackers.

7. Your rights

Under GDPR you have the right to:

To exercise any of these rights, email privacy@gambitcoach.com. We will respond within 30 days as required by GDPR Art. 12(3).

California residents have equivalent rights under CCPA/CPRA, including the right to know, the right to delete, and the right to opt out of sale (we do not sell personal information).

8. Right to lodge a complaint

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority (GDPR Art. 77). The competent authority in Germany depends on the state in which the controller is based; for federal-level matters this is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Straße 153, 53117 Bonn, Germany
www.bfdi.bund.de

9. Children

GambitCoach is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact privacy@gambitcoach.com and we will delete it.

10. Security

We use HTTPS / TLS for all data in transit. Server-side data is stored on Azure-managed encrypted storage. We follow the principle of data minimisation: we collect only what is required to operate the service.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated in-app before they take effect.


GambitCoach is an independent project, not affiliated with, endorsed by, or sponsored by Chess.com, Inc. or the Lichess organisation.