Features

Spaced RepetitionRepertoire BuilderOpening TrainerDeviation FinderGame ImportChessAtlas vs Chessable
Library

Language

EnglishFrançaisEspañolDeutsch

Privacy Policy

Last updated: March 9, 2026

This Privacy Policy explains how ANKT SERVICES ("we," "us," or "our") collects, uses, stores, shares, and protects your personal data when you use ChessAtlas. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), applicable French data protection laws, and other privacy regulations including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

SUMMARY: We collect only the data necessary to provide our chess training service. We do not sell your personal data. We do not use advertising trackers. We use PostHog for product analytics (with your consent). Your data is primarily stored in the EU, though some processors are US-based with appropriate safeguards. You have the right to access, correct, delete, and export your data at any time.

1. Data Controller

The data controller responsible for your personal data is:

ANKT SERVICES

SAS - Société par Actions Simplifiée

SIREN: 843902156

RCS: Angers

N° TVA: FR 81 843902156

25 Rue Lenepveu, c/o WeForge

49100 Angers, France

Data Protection Contact: privacy@chessatlas.net

2. Data We Collect

We collect and process the following categories of personal data. We apply data minimization principles and only collect data that is necessary for the purposes described.

2.1 Account Information (Required)

When you create an account, we collect:

  • Email address - For account identification, login, and communications
  • Display name (nickname) - Your chosen username visible on the platform
  • Password - Stored only as a cryptographic hash (bcrypt), never in plain text
  • Account creation date - For account management
  • Language preference - To display content in your preferred language

2.2 Chess Platform Connections

When you connect your chess accounts, we collect:

  • Lichess username
  • Chess.com username
  • Last synchronization date

We use these usernames to fetch your publicly available games through their respective APIs. We do NOT access your passwords, private messages, or any private account data on these platforms.

2.3 Training and Usage Data

As you use ChessAtlas, we collect:

  • Courses you create, fork, and study
  • Variations and chapters in your repertoire
  • Training session data (moves played, correct/incorrect responses)
  • Spaced repetition scheduling data (due dates, intervals)
  • Statistics and progress data (XP, streaks, accuracy rates)

2.4 Payment Data

If you subscribe to a paid plan:

  • Stripe customer ID (for subscription management)
  • Subscription status and plan type
  • Billing history (invoices, payment dates)
  • Country (for VAT calculation)

Important: We do NOT store your full credit card number, CVV, or banking details. All payment data is processed directly by Stripe.

2.5 Technical Data

We automatically collect:

  • IP address (hashed and truncated for analytics)
  • Browser type and version
  • Operating system
  • Device type
  • Referrer URL
  • Session duration and page views

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service: Operating your account, delivering training features, synchronizing games
  • Communication: Sending important service emails, subscription reminders, security alerts
  • Improvement: Analyzing usage patterns to improve features (with consent)
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Legal Compliance: Meeting tax and regulatory obligations

We will NEVER sell your personal data to third parties for advertising purposes.

5. Third-Party Services

We share data with the following third-party service providers who act as data processors:

5.1 Essential Services

  • Stripe (Payment Processing) - Processes payments. Location: USA (EU-US DPF certified).
  • Google OAuth (Authentication) - Optional Google sign-in. Location: USA (SCCs + EU-US DPF).
  • DigitalOcean (Hosting) - Servers and database hosting. Location: Amsterdam, Netherlands (EU).

5.2 Chess Platforms

  • Lichess.org - We fetch publicly available game data via their public API.
  • Chess.com - We fetch publicly available game data via their public API.

5.3 Analytics (Consent-Based)

  • PostHog - Product analytics. Only activated with your explicit consent.

6. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards through:

  • EU-US Data Privacy Framework (DPF) certified processors
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable

7. Data Retention

We retain your personal data for the following periods:

  • Active accounts: Retained while your account is active
  • Account data after deletion: Deleted within 30 days (backups up to 90 days)
  • Payment/invoice records: 10 years (French legal requirement)
  • Analytics data: Anonymized after 26 months
  • Security logs: 12 months
  • Support tickets: 3 years after resolution

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request we limit processing of your data
  • Right to Portability (Art. 20): Receive your data in a machine-readable format (PGN for chess data)
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (for consent-based processing)
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

To exercise your rights, contact us at privacy@chessatlas.net. We will respond within 30 days.

9. US State Privacy Rights

If you are a resident of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have additional privacy rights:

  • Right to know what data we collect
  • Right to delete your data
  • Right to opt-out of "sales" of personal information
  • Right to non-discrimination

We do NOT sell your personal information. We do not share your data with third parties for monetary consideration.

10. Cookies & Local Storage

10.1 Essential Cookies

Required for the Service to function:

  • Session authentication cookies
  • CSRF protection tokens
  • User preferences (language, theme)

10.2 Analytics Cookies (Consent Required)

We use PostHog for product analytics to understand how users interact with our Service. These cookies are only set with your explicit consent via our cookie banner.

10.3 Local Storage

We use browser local storage and IndexedDB to store chess training data locally on your device for faster performance. This data remains on your device and is not transmitted to our servers unless you explicitly sync.

11. Automated Decision-Making

We use automated processing for the following purposes, none of which produce legal effects or similarly significant effects on you:

  • Spaced Repetition Algorithm (SM-2/FSRS): Schedules your training reviews
  • Deviation Detection: Identifies when you deviate from your repertoire
  • Progress Tracking: Calculates your XP and statistics

We do NOT use profiling or automated decision-making that produces legal effects or significantly affects you.

12. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit: TLS 1.2+ for all data transmission
  • Encryption at rest: Database encryption using AES-256
  • Password hashing: bcrypt with appropriate cost factor
  • Access controls: Role-based access with principle of least privilege
  • Regular backups: Encrypted backups with tested restoration procedures
  • Security monitoring: Automated detection of suspicious activities

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the CNIL (French supervisory authority) within 72 hours
  • If the breach is likely to result in high risk, we will notify affected users directly
  • We will document all breaches and remediation actions

14. Children's Privacy

The Service is not intended for children under 13 years old. We do not knowingly collect personal data from children under 13. If you are a parent and believe your child has provided us with personal data, please contact us at privacy@chessatlas.net.

For users aged 13-16 in the EU, parental consent is required under GDPR Article 8.

15. Do Not Track

Our Service currently does not respond to "Do Not Track" browser signals. However, we respect your cookie preferences set through our consent banner.

16. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending you an email notification for significant changes
  • Displaying a notice in the application

Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact & Complaints

For privacy-related questions or to exercise your rights:

ANKT SERVICES

Data Protection

25 Rue Lenepveu, c/o WeForge

49100 Angers, France

Email: privacy@chessatlas.net

Right to Lodge a Complaint

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In France, this is:

CNIL (Commission Nationale de l'Informatique et des Libertés)

3 Place de Fontenoy

TSA 80715

75334 Paris Cedex 07, France

Website: www.cnil.fr