Privacy Policy — How We Collect · Use · Store · Protect · Share Your Personal Data
Operated by Phoenix Brothers | Tamil Nadu, India | chessox.com
| Topic | Summary |
|---|---|
| What we collect | Name, email, username, IP address, device/browser info, gameplay data, subscription and payment info |
| Why we collect it | To operate your account, run tournaments, process payments, improve platform, send service communications |
| Who we share it with | Payment processors, hosting providers, analytics tools, law enforcement when legally required. We never sell your data. |
| How long we keep it | Account data: 90 days after deletion. Transaction records: up to 7 years for legal/tax compliance. |
| Your rights | Access, correct, erase, restrict, port your data. Opt out of marketing. Withdraw consent. File a complaint. |
| Minimum age | 13 years. Parental consent for 13-17. Cash prize features restricted to 18+. |
| Cookies | Essential always on. Analytics and marketing only with explicit consent. |
| Contact | contact@chessox.com | Response within 48h | Resolution within 30 days |
Legal Basis: Compliance with India's Digital Personal Data Protection (DPDP) Act, 2023; IT Act 2000 & IT Rules 2011; Consumer Protection Act 2019. EU/UK users also benefit from GDPR-aligned rights.
Chessox.com is operated by Phoenix Brothers, Tamil Nadu, India. We are the Data Fiduciary under DPDP Act 2023.
| Contact Type | Details |
|---|---|
| Company Name | Phoenix Brothers |
| Platform | Chessox.com |
| Registered Address | Tamil Nadu, India |
| General Support | help@chessox.com |
| Privacy and Data Requests | contact@chessox.com |
| Grievance Officer | help@chessox.com | Response: 48 hours | Resolution: 30 days |
| Tournaments | contact@chessox.com |
| Website | https://www.chessox.com |
Data Protection Contact: For all privacy requests (access, correction, deletion, complaints): contact@chessox.com. Acknowledged within 48h, full response within 30 days. Escalate to Grievance Officer at help@chessox.com if unresolved.
Username, email address, hashed password, country (optional), date of birth (age verification).
Chess rating & history, games played, tournament participation, puzzle scores, friends/clan memberships, in-platform messages, chat history, profile picture/bio. Game records (PGN) stored permanently.
Plan type, transaction IDs, billing history, renewal dates. We do NOT store full card numbers, CVV, or bank account details.
IP address, browser/OS, device type, screen resolution, referring URL, pages visited, timestamps.
Support emails, survey responses, feedback — retained up to 2 years for quality assurance.
Data we do NOT collect: precise location, biometrics, health data, racial/ethnic origin, political/religious beliefs. No facial recognition. No data selling.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage account | Registration, profile data | Contract |
| Provide gameplay & tournaments | Gameplay, rating data | Contract |
| Process subscription payments | Payment, subscription data | Contract |
| Communicate about your account | Email, account data | Contract / Legal obligation |
| Detect cheating & fraud | Gameplay, IP, device data | Legitimate interest / Legal obligation |
| Platform security & abuse prevention | IP, technical data | Legitimate interest |
| Improve platform performance | Technical, anonymised gameplay | Legitimate interest |
| Send marketing communications | Email, name | Consent (opt-in) |
| Comply with legal obligations | All relevant data | Legal obligation |
| Tax & financial record-keeping | Payment/transaction data | Legal obligation (Income Tax Act) |
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential / Functional | Login sessions, authentication, security tokens, language | No (platform won't work) |
| Analytics | Usage stats, feature performance, error tracking (anonymised) | Yes – via Cookie Settings |
| Marketing / Personalisation | Promotional content preferences (explicit consent) | Yes – Cookie Settings or opt-out |
| Third-Party | Payment provider scripts, analytics SDKs | Partially (essential payment scripts cannot be disabled) |
Managing preferences: Cookie consent banner on first visit; update via Cookie Settings in footer or browser settings. Consent stored for 12 months.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 90 days after deletion | Service provision |
| Game records (PGN) | Indefinitely (anonymised after deletion) | Platform archive & statistics |
| Chat and messages | 2 years | Dispute resolution |
| Payment transactions | 7 years | Income Tax Act 1961 (India) |
| Support communications | 2 years | Quality assurance |
| IP and access logs | 90 days | Security monitoring |
| Anti-cheat investigation data | 5 years | Platform integrity |
| Marketing consent records | 3 years from last consent | DPDP Act compliance |
| Deleted account data | 90 days in backup, then purged | Recovery window |
Account Deletion: Within 90 days, identifiable data removed from active systems. Transaction/tax records retained for 7 years as required by law, but not used for marketing.
| Recipient | What We Share | Why |
|---|---|---|
| Payment Processors (Razorpay, UPI) | Transaction ID, subscription plan, amount | Process payments & prize disbursements |
| Cloud Hosting Provider | Encrypted user data, game records | Hosting & data storage |
| Analytics Provider | Anonymised usage data, page views | Performance monitoring & improvement |
Operated from India. If accessing outside India, data may be transferred to India. Appropriate safeguards (standard contractual clauses) applied for cross-border transfers.
Minimum age: 13 years. Users under 13 not permitted; accounts discovered will be suspended and data deleted within 48h.
Ages 13-17: Require verifiable parental consent. Restricted from independent premium subscriptions, cash prize tournaments. No marketing profiling without explicit parental consent.
Parental access: Parents/guardians may request access/correction/deletion of child's data via contact@chessox.com with proof of relationship.
Encryption: TLS 1.2+ in transit; bcrypt hashing for passwords.
Access controls: Need-to-know basis, confidentiality obligations.
Payment security: PCI-DSS compliant providers; Chess OX never stores card details.
Incident response: Data breach notification within 72 hours to affected users and authority.
Your responsibility: Use strong unique password; enable 2FA; contact help@chessox.com if compromised.
EU/UK users: Benefit from GDPR/UK GDPR rights, including right to lodge complaint with ICO or local supervisory authority.
Consent-based marketing: Only send promotional emails with explicit opt-in. Opt out anytime via Unsubscribe link, Account Settings, or email contact@chessox.com (subject "Unsubscribe").
Transactional communications (cannot opt out while active): registration, subscription confirmations, renewal notices, payment receipts, security alerts, policy updates.
Links to external sites (social media, payment portals) are subject to their own privacy policies; Chess OX not responsible.
Data Fiduciary: Phoenix Brothers ensures lawfulness, fairness, transparency. Consent management: free, specific, informed consent for marketing/cookies. Data Principal rights: fully facilitated. Grievance redressal: Grievance Officer at help@chessox.com (ack 48h, resolution 30d). Data processor obligations: contractually enforced security measures.
Material changes: email notification + platform notice 14 days in advance. Minor changes: website update without advance notice. Previous versions available on request.
| Contact Purpose | Details |
|---|---|
| General Privacy Questions | contact@chessox.com - response within 48h |
| Data Access / Correction / Erasure | contact@chessox.com - resolution within 30 days |
| Unsubscribe from Marketing | contact@chessox.com with subject "Unsubscribe" |
| Grievance Officer (escalation) | help@chessox.com - resolution within 30 days |
| Data Breach Report | contact@chessox.com (priority response) |
| Postal Address | Phoenix Brothers, Tamil Nadu, India |
Escalation Path:
Step 1: contact@chessox.com (48h response, 30d resolution)
Step 2: Grievance Officer at help@chessox.com
Step 3: Data Protection Board of India (once operational), National Consumer Helpline 1800-11-4000, or CDRC under Consumer Protection Act 2019. EU/UK users may contact local supervisory authority (e.g., ICO).