Title here
Summary here
Privacy Policy
Last updated on August 17, 2025
Read the Chess Prep Pro Privacy Policy to understand how we handle your personal data.
Chess Prep Pro Privacy Policy
Thank you for using Chess Prep Pro. This Privacy Policy explains how Chess Prep Pro (“we” or “us”) collects, uses, and protects your personal data when you use our mobile application (available on Android and iOS) and related services. It also outlines your rights and choices under applicable privacy laws. We are committed to legal compliance with the Google Play Developer Policy, Apple App Store requirements, the EU GDPR, California CCPA/CPRA, and other relevant laws.
By using Chess Prep Pro, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the app. For any questions or concerns about your privacy, you can contact us at chessprepprohelp@gmail.com.
Information We Collect
We collect only the data necessary to provide and improve Chess Prep Pro’s features. The personal and non-personal information we collect falls into the following categories:
Account Information: When you create an account (via email/password or third-party login like Google or Apple), we collect your email address and an authentication identifier. We do not ask for or store a username or profile photo at this time. If you choose a social login, we receive your email and a unique ID token from the provider; we do not collect your friend lists or social profile data. (Future anonymous accounts will use a random ID with no email attached.)
Chess Repertoire Data: The core of Chess Prep Pro is helping you build and practice chess openings. We store the chess repertoire information you input – such as moves, variations, notes, and training history – in your account on Firebase Cloud Firestore (a cloud database). This data is tied to your user ID so you can access your repertoire across devices. Any training history (e.g. which moves you practiced and your success rate) and downloaded reference data (like opening statistics) are also stored in your account. PGN files that you import are processed only on your device; we do not automatically upload your personal PGN files to our servers unless you choose to back them up to your account or send them to us for support. Our Firestore databases are hosted in the us-east4 (Ashburn, Virginia, USA) region; data is stored in that region unless you export or delete it. App Usage Data: We collect certain information about how you use the app to understand and improve Chess Prep Pro. This includes which screens or features you access, which languages you use in the app, and other interaction events. We use Firebase Analytics (Google) to log these events. Importantly, we configure analytics to avoid any personally identifying information – it focuses on general usage patterns (e.g. feature taps, time spent). This data may include device attributes like device type, OS version, and a unique device or instance ID assigned by Firebase, but not your name or contact info. We do not collect precise GPS location, contact lists, or sensor data (e.g. microphone, camera) from your device.
Diagnostics and Crash Reports: To ensure the app runs smoothly, we use Firebase Crashlytics to collect crash reports and error diagnostics. If the app crashes or encounters a serious error, Crashlytics will automatically collect data about the incident – for example, the stack trace (technical details of the error), device model, OS version, and a Crashlytics Installation UUID (a random identifier for the app instance). This helps us identify and fix bugs. Crash reports do not include your account credentials or chess content, but they may include device identifiers and technical data. We generally cannot identify you personally from crash logs alone. Crashlytics keeps crash data and associated identifiers for 90 days before removal from live and backup systems.
Purchase and Subscription Data: Chess Prep Pro offers premium features via in-app purchases or subscriptions. We use RevenueCat (a secure third-party service) to manage and validate purchases. RevenueCat processes information like your purchase history (which products you’ve bought or subscribed to) and the status of your subscription. We link your purchase data to your Chess Prep Pro user account (for example, by using your Firebase User ID or an anonymous RevenueCat ID) so that premium features unlock properly for you across devices. We do not receive or store any credit card numbers or billing information – purchases are handled by Apple App Store or Google Play Store payment systems, and we only receive confirmation of the transaction (a receipt or token). RevenueCat stores data on AWS in the U.S.; deletion can be requested and we will forward erasure to RevenueCat where applicable. Advertising Data: For free users, Chess Prep Pro displays ads to support our development. We use Google AdMob to serve these advertisements. AdMob may collect certain device information to personalize ads, including your device’s Advertising ID, IP address, general location (e.g. city or region inferred from IP), and information about your interactions with ads. In regions like the EEA, UK, and Switzerland, we ask for your consent before AdMob uses personal data for targeted advertising. If you consent to personalized ads, AdMob will use data about your interests or app usage to show relevant ads. If you decline, AdMob will serve non-personalized ads (ads targeted only by context). Either way, we do not receive personal details about you from AdMob – we only see aggregated ad performance reports.
We use a Google-certified Consent Management Platform (CMP) via Google’s UMP SDK for users in the EEA, UK, and Switzerland. You can review or change consent anytime in Settings → Privacy.
On iOS we show Apple’s App Tracking Transparency prompt if we intend to access the advertising identifier for personalized ads. If you decline, we do not access the IDFA and we request non-tracking ads.
On iOS, if the system does not allow tracking or if the user is a known minor under applicable policies, we do not access the IDFA and only request contextual ads.
Support Communications: If you contact us for support (such as by sending an email to our support address), we will receive whatever information you choose to provide. This typically includes your email address and the content of your message, and may include diagnostic data (if you send screenshots, logs, or PGN files for troubleshooting). We use this information solely to assist you and resolve your issue. All support emails are handled via Google’s secure Gmail service, which means your communications with us are also subject to Google’s privacy and security measures.
No Other Personal Data: We do not collect any biometric data, health data, financial information (outside of purchase confirmation as described), or any sensitive personal data categories. Our site does not use analytics or marketing cookies. Our hosting provider maintains standard server logs, which include IP address and user agent, for security and debugging. Our hosting provider’s server logs are retained for up to 30 days, then deleted. The app does not use any trackers beyond the services noted above. If you are in California, sharing data for cross-context behavioral advertising is treated as “sharing” under CPRA; see Your Rights for opt-out.
In summary, the information you provide to us (like email and chess content) is used to create your account and deliver the app’s functionality, while other data (analytics, crash logs, device info for ads) is collected automatically to maintain and improve the service. We strive to minimize personal data collection and be transparent about its use.
How We Use Your Information
We use the collected information for the following purposes, in accordance with applicable law:
Provide and Improve the Service: We process your data to operate Chess Prep Pro and its features. This includes authenticating you, saving your chess repertoire and training progress, and syncing your data across devices. We also use usage data and crash reports to understand app performance, identify bugs, and improve features. For example, knowing which openings or languages are most popular helps us optimize those parts of the app.
Personalize User Experience: If you have consented to personalized advertising, we use data collected by AdMob to show you more relevant ads within the app. Aside from ads, our app itself currently does not deliver personalized content based on profiling – all users generally see the same features. In the future, we may introduce optional personalization (for instance, suggesting training exercises based on your history), but such features will be clearly explained and, if required by law, offered with choice. Any future cross-app tracking for ads would require ATT consent on iOS. Account Management and Customer Support: We use your account info (like email) to maintain your account, for example to send important service updates or verify your identity when you request something (such as a password reset or data deletion). When you reach out for support, we will use the information in your request to help troubleshoot and respond. We will never use your support communications for marketing purposes.
Purchases and Subscriptions: We process purchase data to unlock premium features you are entitled to. For instance, after you buy a subscription, our server (via RevenueCat and the app stores) verifies the purchase and updates your premium status in our database. We may also use purchase history for customer service (e.g. if you have an issue with a subscription, we might look up your transaction by its ID to assist you). We keep this information secure and use it only as needed to manage subscriptions and comply with billing requirements.
Notifications and Reminders: With your permission, we schedule local notifications on your device – for example, a daily training reminder. These notifications are managed on your device and do not involve sending personal data through our servers. (They do not use any push notification service, and you can turn them on or off in the app settings.)
Advertising (Free Users): If you use the free version of Chess Prep Pro, we display ads provided by Google AdMob. We use data (with your consent in applicable regions) to request ads that may be of interest. For example, AdMob might use a device identifier to avoid showing the same ad too often, or to serve ads in your language. If you opt out of personalized ads, AdMob will serve contextual ads instead (which might be based on non-personal criteria like the content of our app). Revenue from these ads supports the app’s development. In the EEA/UK/CH, consent is collected via a Google-certified CMP through the UMP SDK. If consent isn’t obtained, non-personalized ads are served. Security and Fraud Prevention: We may process data (including analyzing logs or unusual usage patterns) to protect the security of our services, our users, and others. This includes efforts to prevent abuse of the app (for example, ensuring one person is not spamming any future community feature), to enforce our Terms of Service, and to prevent fraud or cheating.
Legal Compliance: When necessary, we will use or disclose information to comply with legal obligations.
We will only use your personal data for the purposes above and compatible purposes. We do not use your data for any kind of automated decision-making that produces legal or similarly significant effects on you.
Legal Bases for Processing (GDPR/UK GDPR)
For users in the European Economic Area, United Kingdom, Switzerland, and other regions with similar laws, we must specify the legal bases under the GDPR (General Data Protection Regulation) for our processing of personal data. We only process your data when we have a valid legal basis to do so under Article 6 of the GDPR. These bases include:
Performance of a Contract: Most of our data processing is to provide you with the Chess Prep Pro service that you requested – this is considered contractual necessity under GDPR Article 6(1)(b). When you create an account and use our app, a contract is formed (the app’s Terms of Service) and we must process your data to fulfill it. This includes using your provided information to set up and maintain your account, saving your repertoire and training data, delivering features, and processing purchases. Without this data, we cannot provide the core service.
User Consent: We rely on your consent in certain cases – primarily for personalized advertising and the use of certain cookies/trackers (though our app itself doesn’t use cookies, our AdMob SDK does use mobile ad identifiers). In the EEA/UK, we present a consent prompt via Google’s User Messaging Platform (CMP) to ask for permission to show personalized ads. If you give consent, the legal basis for using your data for targeted ads is Article 6(1)(a) (consent). You have the right to withdraw that consent at any time (see Your Rights below) – for example, you can revisit the consent settings in the app to switch to non-personalized ads, or simply contact us. We may also ask consent before any new data collection (for instance, if in the future we introduce a community profile with optional personal info, we’d only process what you choose to provide). Note: For children under the age of consent (see Children’s Privacy), we do not process data based on consent. In the EEA/UK, consent for personalized ads is collected via a certified CMP integrated with the IAB TCF (via Google’s UMP SDK). You may withdraw consent at any time in the app’s privacy settings.
Legitimate Interests: We process certain data under the GDPR’s “legitimate interests” basis (Article 6(1)(f)) for improving our app (using analytics and crash data), ensuring security and preventing fraud, and performing limited direct communications with users about service updates. You have the right to object to processing based on legitimate interests (see Your Rights).
Legal Obligation: In some cases, we must process data to comply with a legal obligation (GDPR Article 6(1)(c)). For instance, accounting laws might require us to keep records of revenue (which includes purchase transactions) for a certain period. If authorities lawfully require user data (e.g. for an investigation), we would be legally obliged to comply. We only do so after verifying the request and ensuring it’s lawful.
We will indicate throughout this Policy which basis applies for each type of processing where appropriate. Generally, contract is the basis for account and repertoire data, consent for ads, and legitimate interests for analytics, improvements, and basic communications/support. If you ever have questions about the specific legal basis for a particular processing activity, feel free to contact us.
Disclosure of Information to Third Parties
We do not sell your personal information to third parties for money. However, we do share certain data with third-party service providers and partners who help us run Chess Prep Pro. These third parties only process your data on our behalf for the purposes explained below, or as otherwise required by law. We contractually require them to protect your data and use it only for providing their services to us. Here we name each external service or SDK integrated into Chess Prep Pro and what it does with your information: Google Firebase (Backend Infrastructure): Chess Prep Pro is built on Google’s Firebase platform for its backend. Firebase acts as our data processor for storing and managing user data. Key Firebase services we use:
Firebase Services: We use Google Firebase for our backend infrastructure, including authentication, database storage, crash reporting, and analytics. Your data is processed in the us-east4 (Ashburn, Virginia, USA) region. Firebase maintains strict security including encryption at rest and in transit, and operates under Google’s GDPR compliance and Standard Contractual Clauses for EU data transfers.
Google AdMob (Advertising): We use Google AdMob to display ads. AdMob may collect device identifiers, IP address, and general location for ad personalization. With your consent (in EEA/UK regions), AdMob shows personalized ads based on your interests. You can decline consent to receive non-personalized ads instead. You can change your ad preferences at any time in the app’s “Privacy Settings” or “Consent Choices” menu.
RevenueCat (In-App Purchases): We use RevenueCat to manage subscriptions and purchases. RevenueCat validates your purchases with Apple/Google and tells our app whether you have active premium features. Your purchase data is stored on AWS servers in the USA with appropriate security measures.
Third-Party Login Providers: If you sign in with Apple or Google, we receive your email address and a unique identifier to create your account. We don’t store additional profile information like your name or photo. These logins simply streamline account creation - we don’t post anything to your social accounts.
Lichess API (Chess Data): Chess Prep Pro fetches chess opening statistics from Lichess.org’s public API. When you view opening statistics, your device connects directly to Lichess servers (they may see your IP address for security purposes). We don’t send any personal information to Lichess.
Email and Infrastructure: Our support email uses Google Gmail, and our website/code are hosted on secure platforms with appropriate data protection agreements.
We will never rent or sell your personal information to third-party advertisers or unrelated parties. The third parties we do work with (as listed above) are either integral to our app’s functionality or our service operations. Each of these parties has been vetted for strong privacy and security practices. We have Data Processing Agreements in place with many of them (Firebase/Google, RevenueCat, etc.) that include Standard Contractual Clauses and other protections for international data transfers. If we ever need to share data in other scenarios, we will only do so with your consent or as permitted by law. For example, if in the future we add a social feature where you choose to share parts of your repertoire with the community or post comments, that content (and your chosen display name) will be visible to others by your action. We will clearly inform you in the app when something will be public or shared, so you can decide whether to proceed. By default, all your data is private to you and visible to us and our processors as needed to provide the service.
International Data Transfers
Chess Prep Pro is developed and operated by a team based in (and/or using services in) the United States and other countries. As a result, your personal data may be transferred to and stored in countries outside of your own, including the United States. In particular, as noted above: Our primary database and authentication services (Firebase) are in the United States.
Other third-party services like Google AdMob, RevenueCat, and Lichess also operate from the US or other jurisdictions outside the EU.
Privacy laws vary by country. When we transfer personal data from the European Economic Area (EEA), UK, or Switzerland to countries not deemed “adequate” by those jurisdictions (such as the U.S.), we take steps to ensure an equivalent level of data protection as you enjoy at home. For transfers to Google services such as Firebase and AdMob, Google LLC is certified under the EU-U.S. Data Privacy Framework. We also rely on SCCs where appropriate. In addition to SCCs, we may also rely on other measures: Some providers might be certified under frameworks like the new EU-U.S. Data Privacy Framework (if applicable and up-to-date) or have Binding Corporate Rules. We monitor legal developments and will adjust our transfer mechanisms if needed.
We implement encryption for data in transit and at rest, which mitigates risks during cross-border transfers. For instance, your data is encrypted when sent to Firebase or RevenueCat, reducing exposure to unauthorized access.
Where feasible, we pseudonymize or anonymize data before storage. Many analytics and crash data are not directly identifiable to a person.
By using Chess Prep Pro, you understand that your data will be transferred to the U.S. and possibly other jurisdictions. However, know that we do not take this lightly – these transfers are necessary to provide the service (e.g., we cannot offer real-time global sync without a cloud server) and we employ the described safeguards to protect your information. If you have questions about international data transfers or want a copy of the relevant SCCs, you can contact us.
Data Retention
We retain personal data only as long as necessary to fulfill the purposes described in this Policy, or as required by law. The retention periods vary by data type: Account Data: Retained until you delete your account. Once deleted, data cannot be recovered.
Chess Content: Deleted when your account is deleted.
Crash and Analytics Data: Crash reports deleted after 90 days. Analytics event-level data in Google Analytics for Firebase is retained for 14 months (property setting), after which Google deletes it; aggregated reports remain.
Advertising Identifiers: If you gave consent to personalized ads, your device’s advertising ID may be used by AdMob until you reset or change your consent. You can reset the advertising ID on your device at any time, which breaks the link to prior data. On our side, we don’t store the ad ID – it’s processed by the AdMob SDK, so retention is mainly in Google’s realm. They typically refresh the usage of that data according to their ads data retention policies (for instance, advertising data is often kept pseudonymously for a certain period to allow frequency capping and performance measurement, then either deleted or anonymized). If you withdraw consent, Google is informed to stop processing it for new targeting; past data might be archived purely for legal/audit purposes.
Support Emails: Retained as needed to assist you. Can be deleted upon request.
Purchase Data: Retained for subscription duration and audit purposes. Anonymized after account deletion.
Legal Requirements: Some data may be retained as required by law for tax, regulatory compliance, or dispute resolution. All retained data remains subject to this Privacy Policy.
Your Privacy Rights
Depending on your jurisdiction, you have certain rights regarding your personal data. We are committed to honoring these rights. Below, we explain rights for users in different regions and how you can exercise them: Users in the European Union, UK, Switzerland, and similar jurisdictions (GDPR): You have the following data subject rights: Right to Access: You can request a copy of the personal data we hold about you. This typically includes your account details and the data you provided (like your email, repertoire content, etc.), as well as relevant logs or information we have associated with you. We will provide this in a common format (e.g. JSON or PDF report) electronically.
Right to Rectification: If any personal data we have is incorrect or incomplete, you have the right to have it corrected. For example, if you change your email, you can update it in the app or ask us to update our records. (Note: Some data, like chess moves you added, you can edit directly in the app.)
Right to Erasure (Right to be Forgotten): You can request deletion of your personal data. This is satisfied by account deletion – when you delete your account (either through the app or by requesting via email), we will remove your personal data from our systems (with the limited exceptions noted under Data Retention for legal purposes). You can also ask us to delete specific data (e.g., a particular piece of content) and we will do so unless an exemption applies. Once erased, the data is gone from active systems, and we won’t process it further.
Right to Restrict Processing: You have the right to ask us to limit processing of your data in certain circumstances. For instance, if you contest the accuracy of data or have objected to processing (see below), you can request a restriction – meaning we will still store the data but not use it until resolved. If you just want to stop using the app for a time, you can log out and/or ask us to deactivate your account without full deletion, which is a form of restriction.
Right to Data Portability: You can request to receive your personal data in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another controller where technically feasible. In practice, this means you can ask for an export of your data (for example, your repertoire in PGN or JSON format and account info) to take to another app. We will help to the extent possible – e.g., providing your stored chess data and any relevant info we have.
Right to Object: You may object to our processing of your personal data where we rely on legitimate interests. If you object, we will evaluate whether our interest in the processing is compelling enough to override your rights. You also have an unconditional right to object to your data being used for direct marketing. (Note: We currently do not send marketing emails, and ads processing is based on consent, not legitimate interest, so this mainly would apply if in future we considered something like a newsletter – which we would only send with consent anyway.) If you exercise this right, and we have no overriding reason to continue processing, we will stop the processing in question. For example, you can object to analytics tracking – and we will then disable analytics for your usage.
Right not to be subject to Automated Decision-Making: We do not engage in automated decisions with legal or similar significant effects (like credit scoring, etc.). So this is not applicable in any impactful way. In any case, you have the right to not be subject to such decision-making including profiling, unless certain exceptions apply. We confirm we do not do this.
Right to Withdraw Consent: If we are processing your data based on consent (e.g. personalized ads), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal, but it means we will stop the consent-based processing going forward. You can withdraw consent by changing the setting in the app (for ads) or contacting us for other consent-based matters.
To exercise any of these rights, please contact us at chessprepprohelp@gmail.com. We may need to verify your identity to securely fulfill requests (for example, by having you email from your registered email or provide certain account info). We will respond to your request within a reasonable timeframe and in accordance with applicable law (generally within 30 days for GDPR rights). There is no fee for these requests in most cases. If for some reason we cannot comply with your request (e.g., a legal requirement prevents us from deleting something), we will explain the reason. Additionally, EU/UK users have the right to lodge a complaint with a Data Protection Authority (DPA) or supervisory authority in their country if they believe our processing of their personal data violates the law. We encourage you to contact us first so we can address your concerns, but you do have the right to go directly to the authorities. For instance, in the UK the authority is the ICO; in Ireland the DPC; in France CNIL; etc. Users in California (CCPA/CPRA) and Certain U.S. States: If you are a resident of California, you are protected by the California Consumer Privacy Act (as amended by the CPRA) and possibly other state laws (like Virginia’s CDPA, Colorado Privacy Act, etc., which have similar rights). We extend similar core rights to all users in the United States where applicable. Under CCPA/CPRA, you have: Right to Know: You can request that we disclose the specific pieces and categories of personal information we have collected about you in the past 12 months, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we shared it. This largely overlaps with what we describe in this Privacy Policy. For quick reference, in the last 12 months, Chess Prep Pro collected the following categories of personal info (as defined by CCPA):
Identifiers (real name only if you provided via support or social login; email address; account ID; device identifiers).
Customer Records (not applicable to physical address or payment card – we collect none of those; though email could be considered contact info).
Commercial Information (records of products or services purchased, i.e. your purchase/subscription history).
Internet or Other Electronic Network Activity (app usage information, crash logs, and interactions with ads – e.g. “screen X opened” or “ad clicked” counts).
Geolocation Data (approximate location such as country or region, derived from IP for analytics/ads – but not precise GPS).
Inferences drawn from the above (e.g., ad networks might infer your interests for ad personalization – we don’t do that ourselves, but AdMob might categorize your device as interested in “games” for ad serving).
Sensitive Personal Information: We do not collect sensitive info like government IDs, full account passwords (only password hash is stored via Firebase Auth), biometric data, health data, or precise location, nor do we collect racial/ethnic origin, contents of private communications (aside from you contacting support), etc. Chess Prep Pro is not intended to process sensitive personal information as defined under CPRA, and we have no knowledge of collecting such data on users.
You have the right to request these details, which we will provide in a portable and easily readable format (usually this will be similar to an access request under GDPR).
Right to Delete: California residents can request deletion of their personal information that we have collected and retained. As noted earlier, this is accomplished via account deletion – you may use our automated tools or request our help. Once we verify the request, we will delete your personal info from our records (and instruct our service providers to do the same) unless an exemption applies. Possible exemptions: if the information is needed to complete a transaction or provide the service you requested, to detect security incidents or protect against illegal activity, for debugging, for exercising free speech or another legal right, to comply with a legal obligation, or for certain internal uses aligned with your expectations (CCPA has these carve-outs). We will inform you if any data must be retained and why. Typically, if you ask to delete, we delete everything necessary to identify you, keeping only minimal data as allowed (for example, a record that “a user with email X had a purchase, now deleted” purely for financial reconciliation, not tied to your identity in our app).
Right to Correct: Under CPRA, you have the right to request correction of inaccurate personal information. We will honor this by enabling you to update info (like email) or doing so upon your request, as explained in the GDPR section.
Right to Opt-Out of Sale or Sharing: Chess Prep Pro does not “sell” personal data in the traditional sense (we don’t exchange your data for money). However, CPRA’s definition of “sharing” includes providing data to third parties for cross-context behavioral advertising. The use of AdMob to show personalized ads could be considered “sharing” of personal info (specifically device identifiers and context) for targeted advertising purposes. California residents have the right to opt out of such sharing.
How to Opt-Out: We honor Global Privacy Control (GPC). If you send a GPC signal, we treat it as an opt-out of sale/share.
If you opt-out through any of these methods, we will ensure AdMob only serves non-personalized ads (and thus no “sale/share” of data for targeted ads occurs). We do not knowingly share data for any other third party’s independent use.
Do Not Sell/Share Links: California residents can visit our website’s footer for a “Do Not Sell or Share My Personal Information” link, or contact us directly using the information above. We have a Do Not Sell/Share policy by default since we don’t exchange data for money. We confirm that we have not sold any personal information in the past 12 months, and have only “shared” as described for ads when consented to.
Right to Limit Use of Sensitive PI: (CPRA adds this for certain sensitive data). As noted, we do not collect sensitive personal info like precise geolocation, financial info, SSN, etc. Thus there is nothing to limit in that regard. If that changes, we will provide a way to limit use of such info to only what’s necessary.
Right of No Retaliation/Non-Discrimination: We will not discriminate against you for exercising any CCPA rights. This means we won’t deny you our service, charge you different prices, or provide a lesser experience because you opted out of sale, requested deletion, etc. (However, note that certain data is needed to provide the service – e.g., if you ask us to delete all your data, the app may no longer function for you. That’s a consequence of the service not having the data, not retaliation. We will inform you if any request will affect your ability to use the app.)
To exercise any California privacy rights, you (or your authorized agent) can contact us at chessprepprohelp@gmail.com with your request. We will ask for some information to verify your identity (like confirming your account email, or other details). Under CCPA, you can make a request up to twice in a 12-month period free of charge. We aim to respond within 45 days as the law stipulates (or 90 days if we notify you of an extension). If we deny a privacy request, you may appeal by replying to our email with ‘Appeal’ in the subject. If you are from other U.S. states (such as Virginia, Colorado, Connecticut, Utah, etc.), the rights you have are similar: access, correction, deletion, and opt-out of targeted advertising (and perhaps profiling). We will provide for you in the same manner as above. Simply reach out to us with your request. Users in Other Countries: We respect privacy rights globally. Even if you are not in EU or California, we will endeavor to honor requests to access, delete, or correct your data, within the bounds of applicable law. For example, Canadian users (subject to PIPEDA) can request access and correction, which we will provide. If any law in your locale provides additional rights, we aim to comply. You can always contact us to inquire or make requests, and we will do our best to help.
Account Deletion
You have the option to delete your Chess Prep Pro account at any time. We provide two convenient methods:
In-App: Users can delete their account from Settings → Account → Delete Account. Deleting an account removes the account and associated data we are not legally required to retain.
Web Form: You can also delete your account via our website by visiting https://chesspreppro.com/deleteaccount/. This page will ask you to verify ownership and then process the deletion.
When an account deletion request is received and verified, we will: Permanently delete or anonymize all personal data associated with your account from our live databases (this includes your email, login credentials, and all chess content you have stored).
Remove you from our authentication system (so the login will no longer work).
Invalidate any RevenueCat purchase links to your ID and consider the subscription terminated in our system (note: you may still need to cancel any active subscription through Apple/Google to stop billing, as deleting the account in our system does not automatically cancel billing with the app store – we will include instructions if that’s the case).
Cease processing your data going forward.
As mentioned, some data may remain in backups for a short duration, but those are safeguarded. Also, any data we must keep for legal reasons will be retained only for that purpose and not used otherwise. For instance, if you made purchases, we might keep an internal record of “user of email [redacted] bought a subscription on X date” for tax records, but that record would no longer be attached to an active user account and would not be used to identify you. After deletion, if you ever wish to use Chess Prep Pro again, you would need to create a new account as we won’t have your old data. We may not be able to restore deleted accounts, as deletion is intended to be final. If you experience any issue with the account deletion process (e.g., you lost access to the app and can’t delete from within), just email us at chessprepprohelp@gmail.com from the address associated with your account and we will manually verify and delete your account. We may ask for certain information to confirm identity if the email doesn’t match or if an agent is acting on your behalf, as required by privacy laws.
Children’s Privacy
Chess Prep Pro is not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old. Our services and content are directed at a general audience (primarily chess enthusiasts) and not specifically at kids. If you are under 13, please do not create an account or provide any personal information. If we learn that we have inadvertently collected personal data from a child under 13, we will promptly delete that data from our records. For teens aged 13 to 17: We recommend that you use the app with parental permission. Some regions have higher age requirements for certain data processing (for example, under 16 in parts of the EU for giving consent). If you are between 13 and the age of majority in your jurisdiction, you should review this Privacy Policy with a parent or guardian and make sure you understand it. We may require parental consent for you to register in some cases (if required by local law). Chess Prep Pro does not contain content that is inappropriate for teens, but we still want to ensure minors’ data is handled with extra care. We do not use any personal data of users under 18 for marketing or profiling. We also do not serve personalized ads to known minors in jurisdictions where that is prohibited. For example, Google’s services restrict personalized ads for users identified as under 13 (or under 16, as applicable) and we abide by those policies. If you are a parent or guardian and you believe your child under 13 (or under the applicable minimum age) has provided personal data to us, please contact us immediately at chessprepprohelp@gmail.com. We will investigate and delete the information if it exists. You can also use the account deletion link on behalf of your child.
Data Security
We are committed to protecting your information. We implement a variety of technical and organizational security measures to safeguard personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: Encryption: All communication between the Chess Prep Pro app and our servers (Firebase, RevenueCat, etc.) is encrypted using HTTPS (TLS encryption). This means data in transit is protected from eavesdropping. Additionally, our database storage (Firestore) encrypts data at rest on Google’s servers. Crash and analytics data sent to Firebase are also transmitted securely. For any backups or internal transfers, we use encryption where possible.
Access Controls: Personal data in our databases is restricted by authentication. Only you (via the app with your credentials) and authorized service processes can access your data. The developer/maintainer can access data on the server side for legitimate purposes (like support or maintenance) but this is protected by authentication, and we limit such access to what’s necessary. Within our small team, access to personal data is on a need-to-know basis – e.g., the developer can query the database to assist a user issue, but we don’t have employees casually browsing user data. Administrative consoles (Firebase, etc.) are protected by strong passwords, two-factor authentication, and other best practices to prevent unauthorized login.
Secure Development Practices: We follow secure coding guidelines. We don’t hard-code sensitive secrets in the app. We keep our software and SDKs up-to-date to patch security vulnerabilities. We also utilize Firebase Security Rules to ensure that data in Firestore is not improperly accessed – for example, rules ensure that only authenticated users can read/write their own repertoire data (and not others’ data) unless explicitly shared. We review security and update dependencies regularly.
Third-Party Security: We choose reputable third-party providers (like Google, Apple, RevenueCat) who have high security standards. Google, for instance, has extensive certifications (ISO 27001, SOC 2, etc.) and employs advanced security measures. RevenueCat uses AWS, which is also industry-standard in security. We review their compliance resources to ensure they meet requirements.
Anonymization and Pseudonymization: Where possible, we reduce the identifiability of data. For example, we do not store plain passwords (only salted hashes via Firebase Auth). We reference users by user IDs internally rather than by email in many cases. Crashlytics uses UUIDs to identify crashes rather than personal info. Analytics uses random instance identifiers. This way, even if some data were exposed, it’s not easily traceable to an individual.
Monitoring and Patching: We monitor for potential security events and have processes to respond if something occurs. We keep logs of important activities (like logins or data deletions) to spot suspicious behavior. If we discover any security breach affecting personal data, we will notify affected users and/or regulators as required by law (for instance, GDPR’s 72-hour breach notification rule for serious incidents). We also promptly update the app and backend when vulnerabilities are reported.
While we strive to protect your data, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information. However, we continuously improve our security measures to keep up with evolving threats. You also play a role in security: keep your account credentials confidential, use a strong unique password, and notify us if you suspect any unauthorized access to your account. We will never ask you for your password via email. If you’re using a shared device, make sure to log out. In summary, we take appropriate and industry-standard measures to secure data, but if an unlikely security issue arises, we will act swiftly to mitigate it and inform you as needed. Your trust is crucial to us, and we work hard to earn and maintain it.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify you by updating the “Last Updated” date at the top of this policy. For significant changes, we may provide a more prominent notice (such as an in-app alert or an email notification). It is important that you review the Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use Chess Prep Pro after a Privacy Policy update, it will signify your acceptance of the revised policy (to the extent permitted by law). If you do not agree with the changes, you should discontinue use of the app and can request deletion of your data. Any changes will be effective when posted, unless stated otherwise. If we were to materially change the purposes of processing or start collecting additional personal data not previously collected, we would obtain any necessary consents or give you the opportunity to opt-in or opt-out, as required.
Data Controller Information
Controller: Tomasz Bogun, trading as Chess Prep Pro.
Registered Address (Ireland): Chess Prep Pro 47 Castlelawns, Athboy, Co.Meath Ireland
Contact Email: chessprepprohelp@gmail.com
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us: Chess Prep Pro Support Email: chessprepprohelp@gmail.com We will gladly assist you with any inquiries – whether it’s understanding more about your data, exercising your rights, or troubleshooting an issue. Your privacy and satisfaction are very important to us, and we appreciate the opportunity to clarify our practices or address any problems. You may also reach out to us via our official website’s contact page or support form if available. We aim to respond promptly to all legitimate inquiries.