Privacy Policy

EloCoach.ai is operated by Benjamin Marsili, established in the Netherlands. References to “we”, “us”, or “EloCoach” in this policy refer to that entity.

We are the controller of your personal data within the meaning of the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679). Our supervisory authority is the Autoriteit Persoonsgegevens (AP), the Dutch data protection authority.

Contact: [email protected]

Account data. Your Chess.com or Lichess username, fetched at your request. Legal basis: contract (Art. 6(1)(b) GDPR) — we cannot provide the service without it.

Game data. PGN game records retrieved from the Chess.com or Lichess public APIs on your behalf. We store only recent games needed for coaching. Legal basis: contract.

Conversation history.Your messages and the coach's responses within a session, stored so the coach can maintain context across turns. Legal basis: contract.

Coaching memory (facts). Structured insights extracted from your sessions — opening tendencies, recurring weaknesses, stated goals — stored to make future sessions meaningful. Legal basis: contract; legitimate interest in delivering a coherent long-term coaching experience.

Usage analytics. Aggregated, pseudonymous product usage data via PostHog and Google Analytics. Legal basis: consent (you control this via the cookie banner). You may withdraw consent at any time.

Device and log data. IP address, device type, OS version, and error logs, retained for up to 30 days for security and debugging. Legal basis: legitimate interest.

Your game data and conversation history are sent to Google's Gemini API for analysis and response generation. Google acts as a data processor on our behalf. The transfer is covered by the European Commission's Standard Contractual Clauses (SCCs). Google does not use your data to train its models under our API agreement.

We do not make solely automated decisions that produce legal or similarly significant effects about you.

We share data with the following sub-processors. Services marked planned are not yet active; we list them in advance so you are informed before processing begins.

• Google (Gemini API) — AI inference; your game data and conversation history are processed to generate coaching responses. EU Standard Contractual Clauses (SCCs) in place. Google does not use your data to train its models under our API agreement.
• Google Analytics (GA4) — pseudonymous usage analytics. Activated only with your consent. IP anonymisation enabled. EU SCCs in place.
• Neon / PostgreSQL — primary database hosting for account data, game records, and coaching memory. EU region.
• Koyeb — application server hosting. Your requests are processed on Koyeb infrastructure.
• PostHog — product analytics. Activated only with your consent. Data may be stored in the EU.
• LangWatch — LLM call tracing and observability. Coaching prompts and responses (stripped of sensitive identifiers) may be logged for quality monitoring.
• Upstash Redis — in-memory cache for active session state and API rate limiting. No personal data is persisted beyond session TTL.
• Inngest (planned) — durable background job execution for game fetching, retry logic, and scheduled tasks. Game identifiers and player handles pass through job payloads.
• Resend (planned) — transactional email delivery for weekly coaching digests. Your email address (if provided) will be shared with Resend solely to deliver your digest.
• Expo Push Notification Service (planned) — push notifications for proactive coaching alerts (e.g., tilt detection, critical moment reviews). Your device push token will be stored and shared with Expo solely to deliver notifications.
• Adapty (planned) — in-app subscription and purchase management. Billing-related data (purchase history, entitlements) will be processed by Adapty. Payment card details are handled directly by Apple / Google and are never stored by EloCoach or Adapty.
• Gradium / Gemini Live API (planned — voice feature) — real-time speech-to-text and text-to-speech for voice coaching. Audio captured during voice sessions will be streamed to the voice provider solely for transcription and synthesis; it is not retained beyond the duration of the turn.

We do not sell your personal data to third parties.

We use strictly necessary cookies to operate the service and, with your consent, analytics cookies (_ga, _gid, PostHog) to understand how people use EloCoach. You can manage or withdraw consent at any time using the cookie preferences link in the footer.

We retain your account and coaching data for as long as you have an active account. If you request deletion, we will remove your personal data within 30 days, except where we are required by law to retain it longer.

You have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict or object to certain processing
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent at any time, without affecting prior processing
• Lodge a complaint with the Autoriteit Persoonsgegevens

To exercise any right, email [email protected]. We will respond within one month.

EloCoach is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with data, contact us and we will delete it promptly.

We apply appropriate technical and organisational measures to protect your data, including encrypted transport (TLS), access controls, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Some processors operate outside the European Economic Area. All such transfers are protected by EU Standard Contractual Clauses or an equivalent adequacy mechanism.

We may update this policy from time to time. Material changes will be notified via in-app notice or email at least 14 days before they take effect. Continued use after that date constitutes acceptance.