GrandChess
Start my report
Placeholder content. Update company details insrc/lib/company.tsbefore going live with payments.

Privacy Notice

Last updated: 2026-05-06

This Privacy Notice explains how TODO_LEGAL_NAME ("we") handles personal data when you use GrandReport. We act as the data controller for the personal data described below.

1. Data we collect

  • Identity & contact data — first name, last name, email, business name, project name, that you submit when ordering a report.
  • Chess game data — the Lichess/Chess.com username or PGN file you submit, and the moves and analysis derived from it.
  • Support communications — the content of any messages you send us.
  • Technical data — IP address, device, browser, language preference, and basic usage telemetry needed to operate and secure the Service.

Payment data (card number, billing address, etc.) is collected and processed directly by our payment provider Paddle — we never see or store it.

2. Purposes and legal bases

  • Delivering your report (contract performance) — using your email, username/PGN and game data to generate and email the report.
  • Operating, securing and improving the Service (legitimate interests) — including fraud prevention, debugging, and aggregated usage analysis.
  • Customer support (legitimate interests / contract) — replying to questions you send us.
  • Legal compliance (legal obligation) — keeping records required by tax and accounting law.

3. Who we share data with

  • Paddle — our Merchant of Record for sales. Paddle handles payments, tax compliance, invoicing, refunds and subscription management. See Paddle's Privacy Notice.
  • AI model providers — chess move classifications and report drafting are performed by AI providers (e.g. Google, OpenAI) via Lovable AI Gateway. We send the chess analysis data needed to generate your report.
  • Lichess — game imports and Stockfish analysis run via the Lichess API.
  • Hosting and infrastructure providers — Lovable Cloud (Supabase) for database and storage, and our hosting platform for serving the website.
  • Authorities — where required by law.

4. International transfers

Some of our service providers process data outside the EU/EEA. Where this happens we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions).

5. Retention

We keep your report and order data as long as needed to provide the Service and to meet legal obligations (typically up to 7 years for invoicing/tax records). Game data and intermediate analysis are deleted earlier when no longer needed. You can ask us to delete your data at any time (see "Your rights" below).

6. Your rights

If you are in the EEA or UK, you have the right to:

  • Access the personal data we hold about you;
  • Have inaccurate data corrected;
  • Have your data erased;
  • Restrict or object to certain processing;
  • Receive your data in a portable format;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email TODO_SUPPORT_EMAIL. We aim to respond within one month.

7. Security

We use appropriate technical and organisational measures (encryption in transit, access controls, least-privilege keys) to protect your data. No system is 100% secure, so we encourage you to use a strong, unique password where applicable.

8. Cookies

We use a small number of cookies and similar technologies that are strictly necessary to operate the Service (e.g. remembering your language and an affiliate referral code). We do not use advertising cookies.

9. Contact

Privacy questions? Email TODO_SUPPORT_EMAIL.