Legal
Privacy Policy
ChessSight.ai is designed to respect your privacy. We do not retain the images or videos you upload beyond the duration of a single analysis request, we do not sell your data, and we do not display advertising.
1. Who We Are
ChessSight.ai is operated by Abtin Feizollahi ("we", "us", "our"). For the purposes of UK data protection law and the UK GDPR, we are the data controller for personal data processed through this service. You can contact us at chesssight@gmail.com.
2. Information We Collect
We collect the minimum information necessary to provide the service.
Images and videos you upload. When you use the board analysis feature, images or video clips are transmitted from your device to our server-side proxy (a Cloudflare Worker), which forwards them to Google's Gemini API for analysis. Your media is sent solely for the purpose of producing a chess position and is not stored on our servers after the request completes.
IP address (rate limiting only). Your IP address is stored temporarily in a Cloudflare KV store to enforce per-user rate limits (a maximum of 20 analyses per hour and 5 per minute). This data expires automatically after one hour and is not used for any other purpose.
Analysis history (local to your device). If you use the analysis feature, your last 8 analyses — including the resulting FEN position and a small thumbnail — are stored in your browser's localStorage. This data never leaves your device and is not accessible to us. You can clear it at any time using the "Clear history" button within the app, or by clearing your browser's site data.
Account information (optional sign-in). If you choose to create an account or sign in using Google, Apple, or email/password, your authentication is handled by Google Firebase Authentication. Firebase may collect your email address, display name, profile photo URL, and a unique user identifier. This information is used solely to manage your sign-in session and is stored securely by Firebase. Authentication tokens are stored in your browser's IndexedDB, managed by the Firebase SDK. If you sign in via Google or Apple, those providers share limited profile data with us per their respective privacy policies. You can use ChessSight.ai without creating an account by choosing "Continue as Guest."
Email address (newsletter only). If you subscribe to our newsletter via the sign-up form, your email address is collected and managed by Buttondown (buttondown.com), our newsletter platform. You can unsubscribe at any time using the link in any newsletter email.
3. How We Use Your Information
- Providing the service — processing your uploaded media through the Gemini API to produce a FEN/PGN position and analysis.
- Rate limiting — using your IP address to prevent abuse and ensure fair access for all users.
- Sending newsletters — if you have subscribed, communicating product updates and announcements to you via Buttondown.
We do not use your data for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects.
4. Legal Basis for Processing (UK GDPR)
- Contract / steps prior to contract (Article 6(1)(b)) — processing your uploaded media to deliver the analysis you requested.
- Legitimate interests (Article 6(1)(f)) — storing your IP address ephemerally to enforce rate limits and prevent abuse, where our interest in operating a fair and secure service is not overridden by your rights.
- Consent (Article 6(1)(a)) — collecting your email address for the newsletter. You may withdraw consent at any time by unsubscribing.
5. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Cloudflare | Request proxying, rate limiting, hosting | IP address, request metadata |
| Google Gemini API | AI chess board recognition and analysis | Uploaded image or video (not retained) |
| Buttondown | Newsletter delivery | Email address (if subscribed) |
| Google Fonts | Typography | Your IP address when fonts are loaded |
| Lichess / Chess.com | External analysis links (optional) | FEN string (in URL, if you click the link) |
| Firebase Authentication (Google) | User sign-in and session management | Email, display name, profile photo (if signed in) |
We encourage you to review the privacy policies of these services for details on how they handle data sent to them.
6. Data Retention
- Uploaded media — not retained after the analysis request completes.
- IP addresses — deleted automatically after one hour via KV TTL.
- Analysis history — stored only in your browser's
localStorage; retained until you clear it or clear your browser's site data. - Email address — retained by Buttondown for as long as you remain subscribed, and deleted upon unsubscription.
- Account data — if you create an account, your authentication data is managed by Firebase and retained until you delete your account or request deletion.
7. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your personal data where there is no legitimate reason for us to continue processing it.
- Restriction — ask us to restrict the processing of your data in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent (i.e. the newsletter), withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at chesssight@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies and Local Storage
ChessSight.ai does not use cookies. We use localStorage to store your analysis history on your own device, as described in Section 2. If you sign in, the Firebase Authentication SDK stores authentication tokens in your browser's IndexedDB to maintain your session. These tokens are managed entirely by Firebase and are removed when you sign out or clear your browser's site data. No tracking pixels or third-party analytics scripts are loaded by this service.
9. Children's Privacy
ChessSight.ai is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Where changes are material, we will notify newsletter subscribers by email. Continued use of the service after the updated policy takes effect constitutes acceptance of those changes.
11. Contact
For any privacy-related questions or requests, please write to us at chesssight@gmail.com.