Privacy Policy

Version: 2025-08-29 • Last updated: 30 Aug 2025

This Privacy Policy explains how IQChess (9517-9206 Québec inc., “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you use our apps, websites, products, and services (“Services”).

1) Summary

We collect account info (e.g., email, name), gameplay and usage data, device and log data, and purchase metadata from platform stores.
We use data to provide and secure the Services, enable gameplay and social sign-in, process purchases, improve features (including AI/engine analysis), and comply with law.
We share data with service providers (e.g., hosting, authentication, analytics, payments) under contracts; we don’t sell personal information.
You have rights to access, correct, and delete personal information, subject to legal limits. You can delete your account in-app.

2) Controller & Contact

Controller: 9517-9206 Québec inc. (IQChess). Privacy Officer: [Name or role], privacy@iqchess.org, Mailing: [Insert address].

3) What we collect

Account & Profile: email, display name, avatar, locale, and any profile fields you provide. If you sign in with Apple/Google/Facebook, we receive identifiers and the data those providers share (often name and email; sometimes only an opaque ID).
Gameplay & UGC: game records (PGN/FEN), moves, analysis requests, chat/messages, reports you file, preferences.
Device & Logs: IP address, device model/OS, app version, crash reports, diagnostic logs, coarse location from IP.
Purchase Data: transaction IDs, product IDs, price and currency metadata, and fraud signals from platform stores or processors. We do not receive full payment card numbers from Apple/Google/Stripe.
Cookies & Similar: limited cookies/local storage for authentication, preferences, and analytics on the website.

4) How we use data

Provide and operate the Services (authentication, gameplay, matchmaking, ratings, analysis, cloud sync).
Maintain safety and integrity (fraud prevention, abuse detection, enforcing policies).
Improve and develop features (including training quality signals for AI/engine tuning, de-identified where feasible).
Communicate with you (service messages, updates). Marketing emails are optional and require your consent.
Comply with legal obligations and platform policies; defend our legal rights.

5) Legal bases & consent

Where applicable (e.g., under PIPEDA and Québec Law 25), we obtain meaningful consent for the collection, use, and disclosure of personal information. For users in jurisdictions with GDPR-style regimes, our legal bases include consent, contract performance, legitimate interests (e.g., service security and improvement), and compliance with legal obligations.

6) Sharing & service providers

We share personal information with:

Hosting & Infrastructure: Amazon Web Services (e.g., Cognito, AppSync, DynamoDB, S3, CloudWatch) in regions such as the United States and others we may add for performance.
Identity Providers: Apple, Google, Facebook (if you use those to sign in).
Payments: Apple App Store, Google Play, and (for web) Stripe or equivalent processor.
Analytics & Logs: performance/crash analytics and telemetry providers.
Moderation & Safety: tools used to detect abuse or cheating.
Legal/Compliance: to comply with law, protect rights, or in connection with mergers/acquisitions.

Service providers act on our instructions and are bound by confidentiality and data-protection obligations.

7) International transfers

Your data may be transferred to and processed in countries other than your own (including the United States). We use contractual and technical safeguards appropriate to the sensitivity of the data. By using the Services, you understand these transfers.

8) Retention

We retain personal information only as long as necessary for the purposes set out in this policy, to comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, we delete or de-identify information.

9) Your rights

Access & Portability: request a copy of your data.
Correction: request updates to inaccurate information.
Deletion: delete your account in-app; we will also delete or de-identify associated personal information, except where we must retain it (e.g., legal, fraud prevention, or transactional records).
Withdraw consent: where processing relies on consent, you may withdraw it at any time (this doesn’t affect prior processing).

To exercise rights, contact privacy@iqchess.org. We will verify your request and respond within timeframes required by law.

10) Children

The Services are not directed to children under 13. If we learn a child under 13 provided personal information without verifiable parental consent, we will delete it.

11) Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data (e.g., encryption in transit, access controls, logging). No system is perfectly secure; we cannot guarantee absolute security.

12) Breaches & incidents (Québec Law 25)

We maintain an incident register and will notify the Commission d’accès à l’information (CAI) and affected individuals of confidentiality incidents presenting a risk of serious injury, as required by law.

13) Marketing & CASL

We send marketing emails only with your express consent. You can unsubscribe at any time using the link in the email or by contacting us. Service/transactional messages are not marketing and will continue as needed.

14) Cookies

We use strictly necessary cookies/local storage for authentication and preferences, and limited analytics cookies to understand site usage. You can adjust browser settings to limit cookies, but some features may not work.

15) Third-party links

Our Services may contain links to third-party sites or services. Their privacy practices are governed by their policies, not this one.

16) Changes

We may update this Policy. The “Last updated” date indicates the current version. Material changes will be communicated in-app or on our website.

17) Contact

Privacy questions or requests: privacy@iqchess.org • Mailing: [Insert address]