%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%201080%201080'%20style='enable-background:new%200%200%201080%201080;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%233A6D9E;}%20.st1{fill:%23FFFFFF;}%20.st2{fill:%230F2942;}%20.st3{fill:%234A8AC2;}%20.st4{fill:%236AA8D4;}%20%3c/style%3e%3cg%3e%3cg%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M532.3,384.4l-27.5,14.5c-0.2,8.4-1.4,29.2-7.8,50.4l42.7-22.5c0.2-3.5,0.3-6.8,0.4-10.1%20c0.5-14,0.6-25.7,0.6-32.3H532.3z%20M589.9,406.6h-11.6c0.2,12.1,1.4,23.1,3.7,33c0.9,3.8,1.9,7.4,3.1,10.8l168.8,88.9L540,658.8%20L420.4,592l-0.9-0.5l-93.3-52.2l153.2-80.7c1.7-4,3.1-8.1,4.2-11.9c4.6-15.4,6.4-30.6,7-40.4L240,538.4L540,706l300-167.7%20L589.9,406.6z'/%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cpath%20class='st2'%20d='M504.8,398.9c-0.2,8.4-1.4,29.2-7.8,50.4l-17.6,9.3c1.7-4,3.1-8.1,4.2-11.9c4.6-15.4,6.4-30.6,7-40.4%20L504.8,398.9z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st3'%20d='M793.4,583.3l-42.7,23.8l3.2,1.7L540,728.3L326.2,608.8l3.2-1.7l-42.7-23.8L240,607.9l300,167.7l300-167.7%20L793.4,583.3z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st4'%20d='M793.4,652.8l-42.7,23.9l3.2,1.7L540,797.9L326.2,678.4l3.2-1.7l-42.7-23.8L240,677.4l300,167.7l300-167.7%20L793.4,652.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cpath%20class='st2'%20d='M629.6,552.6c0,0,16.7-7.8,12.4-21c-3-9.3-42.3-12.7-63.8-63c-4-9.4-7.4-20.4-9.8-33.3%20c-2.1-11.4-3.5-24.3-3.9-39c0-1-0.1-2.1-0.1-3.1c0-1.9,0-3.9,0-5.9c0-3.1,0-6.2,0.1-9.4h31.3v-14.3l-32.3-33%20c14.1-9.3,23.4-25.3,23.4-43.5c0-28.8-23.3-52.1-52.1-52.1c-28.8,0-52.1,23.3-52.1,52.1c0,17.6,8.7,33.2,22.1,42.7l-32.4,32.4%20v15h32.4c0,0,0,1.8,0,4.9c-0.1,3.9-0.3,9.9-0.9,17.3c-1,12.5-2.9,28.9-6.9,45.5c-0.4,1.7-0.9,3.4-1.3,5.1%20c-2.5,9.3-5.6,18.4-9.6,26.9c-8.1,17.3-19.8,31.6-36.5,37.7c-33.2,12.6-22.1,31.6-11.1,36.3l-19,14.2v4.2L460,592h57.2v-26.8%20l4.9-12.6h50l7,11.8v26.9h42.1l28.6-16v-10.9L629.6,552.6z%20M543.4,291.3c2.4-10.9,10.4-18.4,17.9-16.8%20c7.4,1.7,11.5,11.9,9.1,22.8c-2.4,10.9-10.4,18.5-17.9,16.8C545,312.4,541,302.2,543.4,291.3z%20M538.2,339.5l0-0.4l0.1-1.1%20l0.8-7.2h11.1l2.1,5.3l4.4,10.8l6.9,17h-32.1L538.2,339.5z%20M518.8,531.1c11.4-11.9,16.9-47.8,19.5-81.8c0.6-7.7,1-15.3,1.4-22.5%20c0.2-3.5,0.3-6.8,0.4-10.1c0.5-14,0.6-25.7,0.6-32.3c0-3.8,0-6,0-6c-0.4-0.4,9.4,0,9.4,0c0,2.5,0.1,4.9,0.1,7.3%20c0.2,14.2,0.8,27,1.5,38.6c0.2,3,0.4,6,0.6,8.9c0.2,2.9,0.5,5.7,0.7,8.5c7.1,75,24.4,89.5,24.4,89.5H518.8z'/%3e%3c/g%3e%3c/g%3e%3cg%3e%3cpolygon%20class='st2'%20points='649.8,575.3%20619.8,591.3%20539.5,634.1%20460,592%20517.2,580.8%20517.5,580.7%20517.5,607.1%20542.5,619%20579.1,599.7%20579.1,568.6%20592.6,566%20'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
ChessstackPrivacy Policy
Last updated March 18, 2026
This Privacy Notice for Chessstack LLC ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at chessstack.app or any website of ours that links to this Privacy Notice
- Use Chessstack — a personal chess opening trainer that uses spaced repetition science to help you master your repertoire
- Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@chessstack.app.
1. What Information Do We Collect?
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You
The personal information we collect may include the following:
- Email addresses
- Usernames
- Passwords — stored only as a cryptographic hash using bcrypt. We never store your password in plain text.
Chess Data
We store the chess data you create and import, including: opening repertoires and moves, spaced repetition drill history and scheduling data, imported games from Lichess and Chess.com, puzzle solving history, and Stockfish analysis results.
Payment Data
We do not collect or store any payment information. If you choose to make purchases, all payment data (such as card numbers and billing details) is handled entirely by Stripe. We never have access to your payment instrument numbers or security codes. You may find Stripe's privacy notice here: https://stripe.com/privacy.
Technical Data
We use a single HTTP-only session cookie to keep you logged in. This cookie is:
- HTTP-only (not accessible to JavaScript)
- Secure (transmitted only over HTTPS when configured)
- SameSite: Lax (prevents cross-site request forgery)
- Expires after 14 days of inactivity
We do not use tracking cookies, analytics scripts, or advertising pixels. Server logs may temporarily record IP addresses for security purposes (e.g., rate limiting login attempts).
Sensitive Information. We do not process sensitive information.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
2. How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To provide the Service. We use your chess data to store and display your repertoires, schedule spaced repetition reviews, import and analyze your games, and track your drill progress.
- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "What Are Your Privacy Rights?" below.
3. When and With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
Stripe
If you subscribe to a paid plan, payment processing is handled by Stripe. Stripe receives your payment information (card number, billing address) directly — this data never passes through our servers. Stripe's privacy policy governs how they handle your payment data.
Lichess API
If you choose to import games from Lichess, we make API requests to Lichess on your behalf using your Lichess username. We receive your game data (moves, results, timestamps) and store it locally for analysis. We do not send any of your Chessstack data to Lichess.
Chess.com API
If you choose to import games from Chess.com, we make API requests to Chess.com on your behalf using your Chess.com username. We receive your game data and store it locally. We do not send any of your Chessstack data to Chess.com.
Loops
We use Loops to send transactional emails such as email verification and password reset messages. Your email address is shared with Loops solely for the purpose of delivering these communications.
Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
4. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which you have an account with us.
If you delete your account, all associated data (repertoires, drill history, imported games, settings) will be permanently removed from the database. Expired session records are automatically cleaned up every 6 hours.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. Specifically:
- Passwords hashed with bcrypt (never stored in plain text)
- Session-based authentication with HTTP-only secure cookies
- Rate limiting on login attempts to prevent brute-force attacks
- CSRF protection via SvelteKit's built-in mechanisms
- Security headers (HSTS, CSP, X-Frame-Options, etc.)
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
6. Do We Collect Information From Minors?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at support@chessstack.app.
7. What Are Your Privacy Rights?
In Short: You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details provided in the section "How Can You Contact Us About This Notice?" below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "How Can You Contact Us About This Notice?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your user account
- Export your repertoire data in PGN format at any time
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
If you have questions or comments about your privacy rights, you may email us at support@chessstack.app.
8. Do We Make Updates to This Notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
9. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at support@chessstack.app or contact us by post at:
Chessstack LLC
10. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us at support@chessstack.app.