Chess Tracker

Privacy Policy

Protecting your personal data is important to us. Below we inform you in accordance with Art. 13 GDPR about the collection and processing of personal data when using chess-tracker.com.

1. Responsible Party

The party responsible for data processing on this website is: Dustin-Joel Eden c/o IP-Management #8443 Ludwig-Erhard-Straße 18 20459 Hamburg Email: [email protected]

2. Data Collection on This Website

a) Hosting (24fire)

This website is hosted on a server provided by 24fire GmbH (Kaiserstraße 21, 55116 Mainz, Germany). The hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These include: • IP address of the requesting device • Date and time of the request • Page visited / name of the requested file • Amount of data transferred • Browser type and version • Operating system used • Referrer URL Processing is based on our legitimate interest in providing and securing the website (Art. 6(1)(f) GDPR). Data is automatically deleted after 14 days. Data processing agreement: A data processing agreement (DPA) is in place with 24fire. Servers are located in Germany.

b) Cloudflare CDN & Workers

We use the Content Delivery Network (CDN) and Workers from Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare accelerates and secures our website. Requests are routed through Cloudflare servers, processing technically necessary connection data (IP address, pages visited, date and time, browser type). Additionally, we use Cloudflare Workers as an API proxy for Chess.com requests. No personal data is stored by the Workers — they merely forward requests to the public Chess.com API. Legal basis is our legitimate interest in secure and performant delivery (Art. 6(1)(f) GDPR). Data transfers to the USA are based on the EU-US Data Privacy Framework (Art. 45 GDPR — adequacy decision). Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

c) Cookies and Session Data

This website uses the following cookies: • Session cookie for authentication (login) — deleted at end of session • Language preference (locale) — stored in the browser • Cookie consent preference — stored in localStorage Additionally, if you consent, we use Google Analytics 4 and Google Ads Conversion Tracking cookies (see sections below). Using the website without logging in does not require cookies. Legal basis for technical cookies: Art. 6(1)(f) GDPR (legitimate interest in functionality). Legal basis for analytics/advertising cookies: Art. 6(1)(a) GDPR (consent).

d) User Accounts

When you register, we store: • Email address • Hashed password (bcrypt) • Optional: display name • Chess.com username (when linking a profile) This data is processed exclusively to provide account functionality (Art. 6(1)(b) GDPR — contract performance). Passwords are stored only in hashed form and cannot be read in plain text.

e) Chess.com API

This website retrieves publicly available data from the Chess.com Public API (player statistics, ratings, games). Retrieval happens server-side through our Cloudflare Worker. Technical connection data (e.g. our server's IP address) may be transmitted to Chess.com during retrieval. No personal data of users is shared with Chess.com. The displayed data is publicly available on Chess.com. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in displaying public chess data).

f) Data Storage

All user data is stored in a SQLite database on the server hosted by 24fire in Germany. No data is transmitted to external databases or cloud storage services.

g) Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. IP anonymization is active on this website, so your IP address is truncated beforehand within the EU/EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. We use Google Analytics to analyze and regularly improve the use of our website. No personally identifiable information (such as usernames, email addresses, or search queries) is sent to Google. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. For more information on data protection at Google, visit: https://policies.google.com/privacy

h) Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and Google Ads Conversion Tracking by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you arrive at our website through a Google ad, Google Ads places a cookie on your device. These cookies expire after 30 days and are not used for personal identification. Using this cookie, Google and we can recognize that a user clicked on an ad and was redirected to our website. This data is used to compile conversion statistics. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. For more information on data protection at Google, visit: https://policies.google.com/privacy

i) Google AdSense

This website uses Google AdSense, an advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense uses cookies and web beacons to display advertisements based on your previous visits to this and other websites. Google may use advertising cookies (including DoubleClick cookies) to serve ads based on your browsing behavior. The data collected includes your IP address, browser information, and browsing behavior. This data may be transmitted to and stored on servers in the USA. Google is certified under the EU-US Data Privacy Framework. Usage is only with your consent pursuant to Art. 6(1)(a) GDPR. You can manage your cookie preferences at any time via the cookie banner. You can opt out of personalized advertising by visiting Google's Ad Settings: https://adssettings.google.com For more information on data protection at Google, visit: https://policies.google.com/privacy

3. Data Retention

Personal data is deleted as soon as the purpose of storage no longer applies. For user accounts: upon account deletion. For server log files: after 14 days. Inactive accounts may be automatically deleted after 12 months without login. You may request immediate deletion of your account and all associated data at any time.

4. Your Rights

Under the GDPR, you have the following rights: • Right of access to your stored data (Art. 15) • Right to rectification of inaccurate data (Art. 16) • Right to erasure of your data (Art. 17) • Right to restriction of processing (Art. 18) • Right to data portability (Art. 20) • Right to object to processing (Art. 21) To exercise your rights, contact: [email protected]

5. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR). The competent authority is that of your place of residence or that of the responsible party's registered office.

6. Third-Party Services and Data Transfers

This website uses the following third-party services: • 24fire GmbH (Hosting) — server location: Germany • Cloudflare, Inc. (CDN, DNS, Workers) — certified under EU-US Data Privacy Framework • Chess.com (public API) — server-side retrieval of public data only • Google Ireland Limited (Google Analytics 4, Google Ads Conversion Tracking, Google AdSense) — only with consent, certified under EU-US Data Privacy Framework No personal data is shared with any other third parties without your consent.

7. Search Engines and Indexing

Publicly accessible content on this website (e.g. player profiles, statistics) may be indexed by search engines. Indexing is controlled via a robots.txt file and meta tags. Non-public areas (dashboard, settings) are excluded from indexing.

8. Changes

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements. The current version applies upon your next visit.