1. Controller
Controller to complete: BLITZFORGE_LEGAL_ENTITY.
Address to complete: BLITZFORGE_LEGAL_ADDRESS.
3. Data collected
- Account: email, Clerk ID, username, password hash when local authentication is used.
- Profile: first name, last name, city, country, birthday, gender, photo, bio.
- Guest sessions: token hash, IP hash, user-agent hash.
- Authentication and session: JWT, client-side local storage and information needed to keep a session active.
- Games: PGN, FEN, moves, results, Elo, accuracy and game history.
- Chat: messages, rooms, reactions and members.
- Notifications: type, message and metadata.
- Social: friends, followers and likes.
- Progression: Elo, quests, badges, rewards and inventory.
- Analysis and coach: move quality, probabilities and coach messages.
- Premium payments: subscriptions, purchases, provider IDs and webhook events.
- Media: images sent through upload-image and publicly exposed through S3 URLs when the product publishes them.
4. Why this data is used
- Create and secure accounts and sessions.
- Enable online play, campaign mode, game history and game recovery.
- Provide move analysis, accuracy, progression and coach feedback.
- Manage puzzles, quests, badges, rewards and inventory.
- Enable chat, notifications, profiles and social interactions.
- Manage purchases, subscriptions, restores and premium rights.
- Handle support, security, moderation and abuse prevention.
5. Legal basis — to validate
Legal bases must be reviewed before publication. Expected categories may include contract performance, legitimate interest, legal obligation and consent when required.
To validate: exact legal basis by purpose.
6. Game and analysis data
BlitzForge processes positions, moves, PGN, FEN, results, Elo, accuracy, move quality, probabilities and coach messages to enable play, review and progression.
These features must not be described as professional or official coaching.
7. Chat, social and notifications
Messages, rooms, reactions, members, friends, followers, likes and notifications may be processed to provide social features, inform users and support moderation.
8. Payments and premium
The codebase includes services related to Stripe, Apple, Google and RevenueCat. Their exact use, countries and processor roles must be confirmed before publication.
Payment data may include subscriptions, purchases, provider IDs, statuses and webhooks. Card numbers should not be requested by support email.
9. Cookies and local storage
BlitzForge may use strictly necessary cookies, localStorage/sessionStorage, JWT or equivalent storage for authentication, session and language preference.
If non-essential analytics or marketing trackers are added, a consent decision and a dedicated component must be added.
10. Processors — TODO
List to complete and validate: BLITZFORGE_PROCESSORS_TODO.
11. Retention periods — TODO
Retention policy to complete: BLITZFORGE_RETENTION_POLICY_TODO.
12. Security
BlitzForge aims to use HTTPS, hashes for certain tokens or technical identifiers, JWT authentication and access controls. No page should promise zero vulnerabilities.
13. User rights
Depending on applicable law, users may have rights of access, correction, objection, restriction, portability or deletion. Exact procedures require legal validation.
14. Account deletion
Requests can be initiated from the Delete account page or by contacting support/privacy. Some data may be retained where needed for legal obligations, payment, security or abuse prevention.
15. Minors — TODO
The policy regarding minors must be defined and validated before official publication. Do not use child-safety claims without dedicated validation.
17. Last updated
2026-07-09.