Privacy Policy

Last updated: June 2026

1. About elostep

elostep is a personalized chess training platform. For questions about this policy, contact us at chess.train.app@gmail.com.

2. What Data Is Collected

elostep collects only what is necessary to provide the service:

• Account data: username, hashed password (bcrypt), Chess.com and/or Lichess username (optional), email address (optional — only if you add one for account recovery)
• Training data: puzzle results, ELO rating, session history, streak information
• Activity logs: login timestamps, analysis events, session completions, feedback messages you voluntarily submit
• Server logs: IP addresses in standard web server access logs (retained max 30 days)

elostep does not collect: real names, payment information, or device identifiers.

3. How Your Data Is Used

• To provide personalized puzzle recommendations based on your game weaknesses
• To track your training progress and ELO rating
• To maintain login sessions (30-day session cookie)
• To send a password reset link if you have added a recovery email and request one
• To generate AI coaching reports and training insights via the Anthropic Claude API — your Chess.com or Lichess game data and puzzle training history is sent to Anthropic for processing

4. Third-Party Services

• Chess.com API: If you connect a Chess.com account, elostep fetches your public game history to analyze your play. Only publicly available data is accessed.
• Lichess API: If you connect a Lichess account, elostep fetches your public game history to analyze your play. Only publicly available data is accessed.
• Anthropic (Claude API): Your game data and puzzle training history is sent to Anthropic to generate coaching reports and insights. Anthropic's Privacy Policy applies to this processing.
• hCaptcha: elostep uses hCaptcha (Intuition Machines Inc.) during registration to prevent automated sign-ups. hCaptcha's Privacy Policy applies to data collected during the CAPTCHA challenge.
• Hetzner Cloud: Our servers are hosted in the EU (Nuremberg, Germany). Hetzner's Privacy Policy applies.
• Lichess puzzle database: Puzzle content is sourced from the Lichess open database (CC0 license). No personal data is shared with Lichess.

5. Cookies

elostep uses a single session cookie strictly necessary for authentication. This cookie does not track you across sites, contains no personal data, and expires after 30 days of inactivity. No analytics, advertising, or third-party cookies are used.

6. Your Rights (GDPR)

If you are located in the European Union, you have the following rights:

• Right to access: Download all data elostep holds about you via Account Settings → "Export My Data"
• Right to deletion: Delete your account at any time via Account Settings → "Delete My Account"
• Right to portability: Your data export is provided in standard JSON format
• Right to rectification: Contact us to correct inaccurate data
• Right to complain: You may lodge a complaint with your national supervisory authority (Hungary: NAIH)

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all profile data, puzzle results, and event logs are permanently deleted from our systems within 30 days.

8. Data Security

Passwords are hashed using bcrypt and never stored in plaintext. All connections use HTTPS. Access to the database is restricted to the application server.

9. Children

This service is not directed at children under 13. If you believe a child has registered, please contact us and the account will be deleted.

10. Changes to This Policy

elostep may update this policy as the service evolves. Continued use after changes constitutes acceptance of the revised policy.

11. Contact

For any privacy-related requests or questions: chess.train.app@gmail.com