Privacy Policy
Effective date: July 16, 2026
This Privacy Policy explains how Chesstatic Private Limited, operating the platform hosted at chessfeed.ai ("Chessfeed", "we", "our", or "us"), collects, uses, shares, retains, and protects personal data when you use our websites, applications, Academy portal, payment flows, and related services (the "Services").
1. Scope and our role
This Policy applies to personal data processed through the Services, including information relating to users, parents or guardians, Academy administrators, coaches, students, prospective customers, and payment contacts. The policy deals with the entirety of data collected even though the same may not amount to personal data under the provisions of applicable data privacy laws.
For direct consumer Services, Chessfeed generally determines why and how personal data is processed and acts as the relevant data fiduciary or controller under applicable law. For Academy student data, the Academy may determine the educational purpose and instructions, with Chessfeed processing that data on the Academy's behalf under the applicable agreement. Chessfeed may still act independently for account security, fraud prevention, billing, legal compliance, platform telemetry, and protection of the Services.
The exact allocation of roles for an Academy may be further described in an Academy agreement or data-processing agreement.
2. Personal data we collect
2.1 Account and identity information
- Name, display name, email address, username, profile image, phone number where provided, and account identifiers.
- Authentication information received from Google, Microsoft, or another sign-in provider. We do not receive your third-party password.
- Age, date-of-birth range, parent or guardian details, consent records, and relationship information where required for a minor account or Academy onboarding.
2.2 Chess, learning, and User Content
- Chess games, PGNs, FEN positions, imported match history, scoresheet images, OCR results, notes, annotations, studies, workbooks, exercises, and uploaded files.
- AI Coach prompts, responses, feedback, audio or text interactions, analysis requests, engine outputs, and related context.
- Progress information, feature usage, game-analysis history, exercise completion, ratings or public profile data imported from connected chess platforms.
2.3 Academy information
- Academy name, administrators, coaches, managers, centres, batches, membership roles, invitations, student affiliations, and roster information.
- Paid-seat assignment, active paid access, Academy usage context, Academy Credit-pool activity, game-analysis allowance, and educational progress visible to authorised Academy personnel.
- Academy billing contacts, plan selection, paid seat capacity, renewal quantity, payment requests, and order-form or agreement information.
2.4 Payment and billing information
- Selected plan or Credit pack, price, currency, tax and discount information, billing interval, entitlement snapshot, and purchase date.
- Internal order, subscription, billing-period, entitlement, invoice, receipt, and transaction identifiers.
- Razorpay order, payment, subscription, customer, invoice, or Payment Link identifiers; payment method category; masked or limited instrument information where provided by the processor; and payment, refund, cancellation, failure, dispute, or chargeback status.
- Credit balances, bucket type, grant source, expiry date, reservations, ledger entries, game-analysis allowance, consumption history, and promotional or administrative adjustments.
- Support correspondence, refund requests, evidence, reconciliation notes, webhook event logs, billing-job logs, payment timelines, and audited administrative actions.
Complete card numbers, UPI credentials, online-banking passwords, and similar payment-authentication information are entered into Razorpay's payment environment and are not intentionally stored by Chessfeed.
2.5 Technical, device, and usage data
- IP address, browser, device and operating-system information, app version, language, time zone, identifiers, log data, crash data, and security events.
- Pages and features viewed, clicks, session activity, referral information, performance metrics, and analytics events.
- Approximate location derived from IP address for security, fraud prevention, localisation, analytics, and, where enabled, currency or regional pricing presentation.
- Cookies, local storage, and similar technologies used for authentication, preferences, analytics, security, and checkout continuity.
2.6 Communications
- Support requests, sales enquiries, demo and onboarding communications, survey responses, feedback, and complaint records.
- Transactional messages about payments, renewals, failed charges, cancellations, expiry, Academy payment requests, security, and policy changes.
3. How we obtain personal data
- Directly from you, a parent or guardian, an Academy administrator, coach, or organisation.
- From connected services such as Chess.com, Lichess, Google, Microsoft, or Razorpay when you authorise the connection or payment.
- Automatically from your device and use of the Services.
- From authorised administrators, support personnel, public sources, fraud-prevention providers, or legal authorities where permitted by law.
4. How we use personal data
- Create and secure accounts; authenticate users; manage roles, Academy memberships, and paid access.
- Import and analyse chess games; provide AI Coach, Stockfish, OCR, study, exploration, reporting, and Academy features.
- Calculate, reserve, commit, release, grant, expire, and display Credits and game-analysis allowances.
- Create and manage payment orders, subscriptions, recurring charges, Academy billing periods, Payment Links, renewals, seat expansions, refunds, and payment reconciliation.
- Issue receipts or invoices, maintain accounting and tax records, investigate disputes and chargebacks, prevent fraud, and comply with financial and legal obligations.
- Personalise learning, remember preferences, measure performance, improve usability, and develop or test new features.
- Provide support, respond to rights requests, send transactional notices, and communicate material service or policy changes.
- Protect users, enforce our Terms, detect abuse, preserve audit trails, and establish, exercise, or defend legal claims.
- Create aggregated or de-identified analytics and evaluation data that does not reasonably identify an individual.
5. Legal grounds and consent
Depending on the jurisdiction and context, we process personal data to perform a contract, with consent, to comply with legal obligations, for legitimate or permitted business purposes, to protect vital or security interests, or as otherwise authorised by applicable law. By agreeing to avail our services, you give the consent for such processing.
Where processing relies on consent, you may withdraw consent through the available settings or by contacting us. Withdrawal does not affect processing already lawfully completed and may prevent us from providing a feature that requires the data.
Where a parent, guardian, or Academy provides information about another person, that person represents that they have authority and have provided any required notice or obtained any required consent.
6. Payment processing and Razorpay
Razorpay processes B2C Credit-pack payments, B2C recurring subscriptions, and Academy Payment Links. When you start checkout, we may provide Razorpay with your name, email address, phone number, selected plan or pack, amount, currency, internal transaction reference, Academy reference, and other information needed to process and reconcile the payment.
Razorpay independently collects payment-instrument and authentication information and may process data for fraud prevention, risk checks, regulatory compliance, settlement, disputes, and its own legal obligations. Razorpay's processing is also governed by its privacy policy and terms.
We receive and store provider identifiers, status information, timestamps, limited payment-method information, and webhook or verification data so that we can confirm payment, grant entitlements exactly once, support customers, detect duplicates, and maintain audit records.
7. AI, engine, and content processing
User Content and relevant chess context may be sent to Stockfish engines, Google Vertex AI/Gemini, OCR services, text-to-speech services, or other approved providers to produce requested analysis and coaching. We seek to send only information reasonably needed for the feature.
We may review interactions and technical metadata for quality, safety, support, abuse prevention, and product improvement. We may create aggregated or de-identified datasets for evaluation and improvement. Any broader model-training use of identifiable private content will require an appropriate legal basis, notice, and controls.
8. Academy data and administrator access
Authorised Academy administrators, managers, and coaches may access student profile, membership, game, analysis, progress, exercise, paid-access, and usage information according to their permissions and the Academy's configuration.
Academies control who is added to their roster, who receives paid-seat access, and how Academy-sponsored usage is allocated. An Academy may export or request deletion of data it controls, subject to contractual, legal, security, billing, and record-retention requirements.
A student may also maintain a personal Chessfeed account. Personal workspace activity and personal entitlements are not automatically controlled by the Academy merely because the user is an Academy member, unless the activity occurs in an authorised Academy context or the applicable agreement states otherwise.
9. Children and minors
Chessfeed supports young chess players. A minor may use the Services only with the legally valid involvement or consent of a parent or guardian, or through an Academy that has obtained the required permissions. We do not knowingly sell children's personal data or use it for targeted advertising.
Parents, guardians, and Academies should provide only information necessary for the educational purpose and should not upload sensitive or unrelated information. Contact privacy@chessfeed.ai if you believe a child's data was provided without appropriate authority or if you wish to exercise a child's privacy rights.
10. How we share personal data
We do not sell personal data. We may share personal data with the following recipients for the purposes described in this Policy:
- Cloud hosting, storage, database, security, content-delivery, monitoring, email, and customer-support providers.
- AI, engine, OCR, audio, and analytics providers, including Google services used for AI and analytics.
- Authentication providers such as Google and Microsoft.
- Payment processors such as Razorpay, financial institutions, tax or accounting providers, and fraud or dispute-management providers.
- Authorised Academy administrators, coaches, managers, parents, guardians, or institutional contacts where applicable.
- Professional advisers, auditors, insurers, investors, acquirers, or transaction counterparties subject to confidentiality and legal safeguards.
- Courts, regulators, law enforcement, government authorities, or other persons where disclosure is required or permitted by law or necessary to protect rights and safety.
Service providers are permitted to process data only for authorised purposes and are subject to contractual, confidentiality, security, and legal obligations appropriate to their role.
11. Public and shared content
If you choose to make a game, profile, study, comment, or other content public or share it with another user or Academy, the selected recipients may view and further use that information. Review visibility and sharing settings before publishing content. We are not liable for the processing made by the said users.
12. International processing and data location
Chessfeed and its service providers may process personal data in India and in other countries where they operate. Those countries may have different data-protection laws. Where required, we use contractual, organisational, or other lawful transfer safeguards.
We will not describe data as stored exclusively or primarily in a particular country unless that statement accurately reflects the deployed infrastructure and provider configuration at the relevant time.
13. Retention and deletion
We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain account and content history, fulfil payment and Academy obligations, resolve disputes, prevent fraud, comply with tax and legal duties, and maintain security and audit trails.
When an account is deleted, active product data will be deleted, anonymised, or de-linked according to our operational process, subject to backup cycles and lawful exceptions. We may retain transaction, invoice, tax, payment-provider identifier, refund, chargeback, ledger, entitlement, security, abuse, legal-claim, and audited administrative records for longer periods where necessary or required.
Aggregated or de-identified information that no longer reasonably identifies an individual may be retained for analytics, security, research, and product improvement.
14. Security
We use technical and organisational safeguards designed to protect personal data, including access controls, authentication, encryption in transit, infrastructure and application monitoring, audit logging, environment separation, payment-secret controls, and restricted administrative tools.
No system can be guaranteed completely secure. You are responsible for securing your account and devices and for notifying us promptly of suspected unauthorised activity.
15. Your rights and choices
Depending on applicable law, you may have rights to request access, correction, updating, deletion, restriction, objection, withdrawal of consent, portability, grievance redressal, or nomination of another person to exercise rights in specified circumstances.
To submit a request, email privacy@chessfeed.ai from the account address and describe the request. We may verify identity and authority before acting. We may retain information or decline a request where permitted or required by law, including for payment, tax, fraud, security, legal-claim, or Academy-instruction reasons.
Academy students may also direct requests to their Academy where the Academy controls the relevant educational record. We will cooperate with the Academy as required by the applicable agreement and law.
16. Cookies and similar technologies
We use essential cookies and storage for sign-in, security, session continuity, preferences, billing state, and core functionality. We may use analytics cookies or similar technologies to understand traffic and product use. Where consent is required, we will provide appropriate controls.
Browser or device settings may allow you to block cookies, but essential features may then stop working correctly.
17. Communications
We send service and transactional messages needed to operate your account, including security alerts, payment confirmations, subscription renewals, failed-payment notices, cancellation confirmations, Credit or allowance expiry notices, Academy payment requests, support responses, and material policy notices.
Marketing communications, where used, will include an unsubscribe option or other control required by applicable law. Unsubscribing from marketing does not stop essential transactional messages.
18. Personal-data breaches
If a personal-data breach occurs, we will investigate, mitigate, document, and notify affected persons and authorities as required by applicable law. Notices may describe the nature of the incident, likely consequences, protective steps, and how to contact us.
19. Changes to this Policy
We may update this Policy to reflect changes in law, infrastructure, providers, payment methods, product features, or data practices. We will post the revised Policy with a new effective date and provide additional notice or obtain consent where required by law.
20. Contact and grievance requests
Chesstatic Private Limited, trading as chessfeed.ai
522, Clover Hills Plaza, 5th Floor, Sn-27, Par Pune City, Maharashtra, India - 411048
General support: ops@chessfeed.ai
Privacy and data-rights requests: privacy@chessfeed.ai
Website: https://chessfeed.ai
Grievance officer / data-protection contact: Hemant Rai, hemant@chessfeed.ai