Privacy Policy

Introduction

Disco Chess ("we", "us") takes your privacy seriously.

This policy sets out how we use and protect your personal data when you visit our website.

As the data controller, we are responsible for your personal data.

What is personal data?

Personal data is any information about a person which identifies them.

What type of personal data do we collect?

We collect:

  • Identity information e.g. name and address.
  • Contact information e.g. email address and telephone number.
  • Financial data e.g. your payment details.
  • Preference information e.g. marketing and advertising preferences.
  • Usage and performance data e.g. puzzle solving accuracy, timing, progress through cycles, and statistics related to your use of the Service.

We do not collect sensitive data or data relating to children. We do not collect or store date of birth information.

How do we collect your personal data?

We collect this data when you interact with us through or using our website and when you send us correspondence.

How and why do we use your personal data?

In accordance with data protection law, we can only use your personal data if we have a legal basis for doing so.

We use personal data for the following reasons:

  • So that we can interact with you and provide services and marketing to you. Our legal basis for doing so is our legitimate interests or those of a third party, and for the performance of any contract we have with you, or to take steps before entering into a contract with you.
  • To help us ensure that the website is operating effectively. Our legal basis for doing so is our legitimate interests or those of a third party.
  • To enable us to make and receive payments. Our legal basis for doing so is for the performance of any contract we have with you or to take steps before entering into a contract with you.
  • To track your progress, provide personalised features, generate statistics, and improve the Service. This includes collecting and analysing puzzle solving performance data such as accuracy, solving time, cycle completion, and other usage metrics. Our legal basis for doing so is our legitimate interests in operating and improving the Service, and for the performance of any contract we have with you.

Email Communications

We may send you various types of email communications related to your use of the Service. These include:

  • Newsletter: Optional product updates, new features, exclusive offers, and chess improvement tips
  • Daily habit reminders: Optional daily emails to help you build a consistent training habit
  • Hot streak rescue: Optional reminders when your hot streak is at risk of expiring
  • Inactivity reminders: Optional notifications if you haven't solved puzzles for a prolonged period
  • Performance insights: Optional insights into your performance and areas for improvement
  • Essential communications: Important service updates, security notifications, and transaction confirmations

You can manage your email preferences at any time through your account settings. You can opt out of promotional and reminder emails, but you will continue to receive essential communications relating to goods or services we are providing you.

Our legal basis for sending promotional and reminder emails is our legitimate interests in providing you with a helpful service and your consent where required. For essential communications, our legal basis is the performance of our contract with you.

Analytics and Usage Tracking

We use analytics tools to understand how users interact with our Service. This helps us improve the Service and provide a better user experience.

Google Analytics: We use Google Analytics 4 in cookieless mode to understand how visitors use our website. This means we collect aggregated, anonymous data about page views and user interactions without storing cookies on your device. Data is processed in accordance with Google's privacy practices and GDPR requirements.

Mixpanel: We use Mixpanel for detailed product analytics. Mixpanel helps us understand usage patterns, track feature adoption, and measure user engagement. We use Mixpanel's EU data residency, meaning all data is processed and stored within the EU. Data collected includes:

  • Page views and navigation patterns
  • Puzzle solving activity (correct/incorrect attempts, solving time, puzzle sets used)
  • Feature usage (hearts system, referral program, premium features)
  • User identification (anonymized user ID, email, display name)
  • Device and browser information

Reddit Pixel: We use Reddit Pixel to measure the effectiveness of our advertising campaigns on Reddit. This helps us understand how users discover and engage with our Service after seeing our ads. The Reddit Pixel tracks page visits and conversions. When you are signed in, we share your email address and user ID with Reddit for customer matching, which allows Reddit to attribute conversions to specific ad campaigns. Data is processed in accordance with Reddit's privacy practices.

All analytics data is anonymized where possible and used solely for improving the Service. We do not sell or share this data with third parties for marketing purposes.

You can opt out of analytics and advertising tracking by adjusting your cookie preferences or using browser privacy settings.

Do we share personal data?

We only share personal data with third party service providers where necessary. Our current third-party service providers include:

  • Google Analytics: For anonymous website usage statistics (cookieless mode)
  • Mixpanel: For product analytics and usage tracking (EU data residency)
  • Reddit: For conversion tracking and advertising measurement (Reddit Pixel)
  • Google (Firebase): For authentication services
  • Cloudflare: For content delivery and security

We will get your express consent before we share your data with any third party for their own marketing purposes.

Where we share your personal data, we only do this where we are satisfied that the third party will take appropriate steps to protect your data and its use is limited to acting on our instructions.

We may need to share your personal data with legal and regulatory bodies if this is necessary for us to comply with the law or any applicable regulations.

International transfers

We use service providers that process data within the European Economic Area (EEA). Specifically:

  • Mixpanel analytics data is stored in the EU through their EU data residency program
  • Cloudflare operates data centers within the EU and processes data locally

In cases where data processing occurs outside the EEA (such as with Firebase Authentication), we ensure appropriate safeguards are in place, including Standard Contractual Clauses and compliance with relevant data protection frameworks.

Do we use third party links on our website?

Yes, the website may include links to third party websites or content. We have no control over these, so you should read the privacy policy of any third party site you visit.

Is the personal data secure?

We take the security of your data seriously and have put in place appropriate measures to protect it.

We limit access to your personal data to only those employees, agents, contractors and other third parties who need to know for business purposes, and they are subject to robust confidentiality obligations.

How long is the personal data kept for?

We only keep your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected.

We will keep the majority of your personal data for so long as you use any of our goods, services or the website, or until you withdraw your consent (where this is our legal basis for processing).

We will only keep information about orders and payments for longer than this. We will keep this data for a period of 6 years after our relationship with you has ended.

Your legal rights

You have the following rights:

  • The right to be provided with a copy of your personal data that we hold.
  • The right to ask us to correct any personal data we hold about you.
  • The right to ask us to delete your personal data in certain circumstances.
  • The right to request that we restrict the processing of your personal data in certain circumstances.
  • The right to request that we transfer your personal data to yourself or a third party in certain circumstances.
  • The right to withdraw your consent to processing where this is the legal basis relied upon by us.
  • The right to object to the processing of your personal data for direct marketing purposes.
  • The right to object to the processing of your personal data in certain circumstances where we are relying on a legitimate interest.

For more information on these rights, please contact us or consult your local data protection authority.

How can you exercise your rights?

If you wish to exercise any of these rights, please contact us. You will not have to pay a fee to exercise your rights, but we may need to request additional information from you before we can act.

Usually, we will respond to legitimate requests to exercise these rights within one month; however, this can take longer if the request is complex. If we think it will take longer, we will let you know.

Keeping us up to date

You must let us know if any personal data we hold about you is incorrect or out of date.

Changes to this policy

This policy gets reviewed and updated regularly. Please make sure you check this page each time you visit the website.

Contact us

Should you have any questions about this policy or wish to exercise any of your data rights, please contact us at [email protected].

Complaints

We would appreciate you contacting us to allow us to attempt to resolve any complaints. However, you have the right to make a complaint to your local data protection authority at any time.