Andromeda is a personal chess website operated by Christian J. Walls (the "operator", "we", "us"). This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights you have over it. We collect the minimum needed to run the site and we do not sell your data or use third-party advertising or cross-site tracking.
◇ 1 · Who is responsible
The data controller for this site is Christian J. Walls. For any privacy question or request, contact cjwalls1999@gmail.com.
◇ 2 · What we collect
If you create an account, we store:
- Your username, email address, and whether the current email address has been verified.
- Your password, stored only as a salted cryptographic hash — we never store or see your actual password.
- An optional display name and your preference settings (for example, disabling background animations, or enabling read-aloud move narration and its level).
- If you enable authenticator-app two-factor authentication, an encrypted authenticator secret, the enablement state, and hashed one-time recovery codes.
- Content you create on the site: game bookmarks, player bookmarks, game collections, and imported PGN games, including imported-game visibility and each collection's saved sort preference. If you import from a Lichess or Chess.com URL, we process that public game URL; for Chess.com when direct server access is blocked, we may ask Jina AI Reader to retrieve Chess.com's public game metadata for that URL. The stored imported game may include source PGN tags such as
SiteorLink. - If you use the cast remote coach-email feature, an optional coach email address you choose to remember, plus the studied game URLs you explicitly mark during that cast session.
- If you use the native position scanner, the diagram image you choose, any visible caption text recognized from it, and the extracted chess position are processed to return a FEN or matched game. Successful scans are processed transiently. For the configured owner account only, a validated scanner upload that fails may save the failed diagram image and scanner error metadata to that owner account, up to the configured retention limit, so the operator can review or delete it later. Failed scans from other accounts are not saved.
- If you create an account, Google reCAPTCHA processes the CAPTCHA response token and may receive browser and device signals needed to verify that the signup is not automated.
- Which optional account features have been enabled for you.
For every visitor (including those without an account), we keep minimal, privacy-preserving analytics. For each dynamic page response we record:
- The page path requested, without any query-string parameters.
- The HTTP status code of the response.
- The host of the referring website, if you arrived from an external link (not the full URL).
- A salted monthly visitor hash. This is a one-way hash that is mixed with a secret value that rotates each month; it lets us count distinct visits within a month without ever storing who you are.
- A coarse device type (desktop, mobile, or tablet) and browser family.
We deliberately do not store your raw IP address, your raw browser user-agent string, query strings, or requests for static files (images, scripts, stylesheets). Automated bot and scanner traffic is logged separately, using the same minimal non-identifying fields, purely to monitor abuse — it is never mixed into human visitor analytics.
Detailed human analytics records are automatically deleted after 90 days; detailed scanner records are deleted after 30 days. Before deletion, we retain only a non-identifying daily total (date, event type, and count) for up to 24 months for human traffic and 12 months for scanner traffic. Those totals contain no visitor hash, path, status, referrer, device, or browser data.
◇ 3 · Cookies
We use only first-party, functional cookies: a session cookie to keep you signed in, and a CSRF token cookie that protects forms against cross-site request forgery. Both are marked Secure and are set only when needed. We do not use advertising cookies, analytics cookies, or any cross-site tracking technology.
◇ 4 · Why we use it
- Run your account — sign-in, profile, imported games, bookmarks, collections, and settings.
- Account email — to send password-reset messages, email-verification links, account-security notices, and material service or policy updates.
- Coach email you request — to send a confirmed cast-session studied-game list to the coach email address you provide.
- Position scanning you request — to recognize a diagram image, extract a chess position, and open a matching game or analysis board.
- Security — to protect the site against abuse, fraud, and attacks, including optional authenticator-app two-factor authentication.
- Aggregate understanding — to see which pages are visited, in aggregate, so we can improve the site.
◇ 5 · Legal bases (GDPR)
If you are in the European Economic Area or the UK, we rely on the following legal bases under the GDPR:
- Performance of a contract — to provide the account and features you sign up for.
- Legitimate interests — for security, abuse prevention, and minimal pseudonymous analytics that do not identify you.
- Consent — where the law requires it; you may withdraw consent at any time.
◇ 6 · Sharing and processors
We do not sell, rent, or trade your personal data, and we do not share it with advertisers. The site runs on server infrastructure provided by our hosting provider (DigitalOcean), where the database is stored in a data center in Canada. If you request a password reset, email verification link, or other service-related notice, your email address and the message are passed to our transactional email provider (Resend) solely to deliver that message. Account creation uses Google reCAPTCHA to reduce automated signup abuse; Google processes the CAPTCHA response under its own privacy terms, and Andromeda sends the returned response token to Google's verification endpoint before creating the account. If you explicitly confirm a cast-session coach email, the coach email address you provide and the marked studied-game URLs are also passed to Resend solely to deliver that message. If you choose to import a game from Lichess or Chess.com, the server contacts that provider's public game endpoints to retrieve the PGN for the URL you supplied. For Chess.com imports, if direct server access to Chess.com is blocked, we may send the public Chess.com game URL to Jina AI Reader so it can retrieve Chess.com's public game metadata. If you use the native position scanner, the selected image is processed on Andromeda's server by the site's own recognition pipeline; scanner images, recognized text, extracted positions, and owner-account-retained failed scan images are not sent to a paid external model provider. Authenticator-app two-factor codes are verified locally by Andromeda; we do not send those codes or authenticator secrets to Google or any SMS provider. We may also disclose data if required to do so by law.
◇ 7 · How long we keep it
Account data is kept for as long as your account exists. If you ask us to delete your account, we remove your account data. Analytics records are pseudonymous by design — because the visitor hash salt rotates monthly, records cannot be linked back to an individual across months — and are retained only for aggregate trend analysis. Successful native position-scanner images and recognized text are processed for the scan response only; uploaded scanner image bodies are not intentionally stored for successful scans, and any framework temporary upload file is closed and deleted after the request. Failed scanner images saved for the configured owner account are retained until the operator deletes them, deletes that account, or the retention limit prunes the oldest failures. Failed scans from other accounts are not saved.
◇ 8 · Your rights (GDPR)
If the GDPR applies to you, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Port your data to another service.
- Withdraw consent at any time, without affecting prior processing.
- Lodge a complaint with your local data protection supervisory authority.
Signed-in account holders can delete their account from profile settings. To exercise any other right, email cjwalls1999@gmail.com.
◇ 9 · Your rights (California / CCPA & CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Delete personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information — note that we do not sell or share personal information as those terms are defined under the CCPA/CPRA.
- Not be discriminated against for exercising any of these rights.
Signed-in account holders can delete their account from profile settings. To make any other request, email cjwalls1999@gmail.com.
◇ 10 · Children
This site is not directed to children. We do not knowingly collect personal data from children under 16 (or under 13 in the United States). If you believe a child has provided us data, contact us and we will delete it.
◇ 11 · Security
The site is served over HTTPS with HSTS enforced. Passwords are stored as salted hashes, optional authenticator-app secrets are encrypted, recovery codes are hashed, cookies are marked Secure, and standard protections against clickjacking and content sniffing are in place. No system is perfectly secure, but we take reasonable measures to protect your data.
◇ 12 · Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be made clear on this page and may also be announced by email.
◇ 13 · Contact
Questions, requests, or complaints about your data: cjwalls1999@gmail.com.