Public policy placeholder

Privacy Policy

Draft for closed-alpha use. Formal privacy review is still required.

This policy summarizes the current data boundaries for accounts, profiles, games, reports, moderation, fair-play signals, and operational logs.

Data We Store

The current foundation stores account and profile metadata, sessions, games, moves, controls, clocks, ratings, archives, analysis jobs/results, puzzle attempts, reports, sanctions, fair-play signal summaries, audit logs, and entitlement usage.

  • Public profiles expose only public-safe fields when the user has enabled profile visibility.
  • Completed public friend-game archives respect the existing visibility controls.
  • Private reports, moderator notes, audit logs, raw fair-play metadata, and sensitive account details are not public profile data.

Fair Play And Moderation Data

Fair-play signals are private moderator-facing summaries. They are not public accusations, automated verdicts, automated sanctions, or risk scores.

  • Future scoring must be privacy-reviewed and based on multiple durable server-owned signals.
  • Sensitive device, IP, session, or behavioral data must be limited, access-controlled, and retention-reviewed before use.
  • The platform does not expose fair-play internals to regular users.

Operational Logs

The API records safe request and audit metadata for debugging, readiness checks, and moderation accountability without intentionally logging passwords, tokens, payment details, or private payloads.

  • Request IDs and duration metadata support incident triage.
  • Audit logs track moderation and account-sensitive actions where implemented.
  • Future notification delivery logs must remain metadata-only and must not store sensitive message payloads.
  • Future support or privacy-request logs must record workflow metadata without storing sensitive request details in general application logs.
  • Formal retention windows must be reviewed before public launch.

User Controls

Users can currently edit basic profile metadata, control public profile visibility, and export PGN for completed current-user friend games. Account-wide export, account deletion, anonymization, notification controls, provider-backed email delivery, and visible account recovery or verification flows are deferred.

  • Hidden public profiles return public-safe not-found behavior.
  • Future account deletion must anonymize personally identifying fields while preserving completed game, moderation, rating, and audit integrity where retention requires it.
  • Future email or push notifications require consent, unsubscribe controls, delivery audit records, and provider configuration before messages are sent.
  • Avatar uploads are not implemented; avatar metadata accepts URLs only where allowed.
  • Production privacy requests require a formal support process with identity checks, triage ownership, retention rules, and audit-safe response tracking before broad launch.