Privacy Policy

We take the protection of your personal data seriously. This privacy policy explains how we process data when you use our website (quietloop.dev) and the Chrome Extension "AI Analysis for Lichess."

1. Data Controller

Jonathan Glasmeyer
Redder 4
25421 Pinneberg
Germany
Email: contact@quietloop.dev

2. Data Processing on the Website

When you visit quietloop.dev:

• Server logs: The IP address of your device is automatically transmitted when you access the website. This IP address is stored by the hosting provider in standard server logs for security purposes. No further processing or tracking takes place.
• No cookies, analytics, or tracking tools are used on this website.

3. Data Processing in the Chrome Extension "AI Analysis for Lichess"

When using the Chrome Extension, we process the following data:

• Lichess Game Data: The extension sends your Lichess game data to our server to generate AI-based analysis. This data does not contain personal information.
• IP Address: Your IP address is technically necessary to process your request and is automatically transmitted to our server. We immediately hash it using the SHA-256 algorithm and store only the hashed form. This hash cannot be reasonably used to identify you.
• No tracking or advertising is used within the extension.

4. Authentication and User Account (Google Sign-In)

To provide a personalized and secure experience, our extension uses Google's OAuth 2.0 service for user authentication. This is an optional feature to access additional services like analysis credits.

4.1. Authentication Process

When you choose to sign in, you will be directed to Google's secure login page. This process ensures that your Google credentials (like your password) are never shared with our extension or our servers.

4.2. Data We Receive from Google

Upon successful authentication, Google provides us with a limited set of your profile information. This includes:

• Your primary email address

We do not receive access to your Google password or any other personal data from your Google account beyond what is listed above.

4.3. How We Use Your Data

The information we receive from Google is used exclusively for the following purposes:

• To create and manage your user account within our service.
• To associate your usage of the service (e.g., analysis credits) with your account.

4.4. Secure Token Management

After you sign in, our authentication provider, Supabase, generates secure access and refresh tokens. These tokens are stored securely within your browser's local extension storage (chrome.storage.local). They are used solely to authenticate your requests to our servers and are never shared with any other third parties.

4.5. User Control and Revoking Access

You have full control over the permissions you grant to our application. You can review and revoke our extension's access to your Google account at any time through your Google Account security settings.

5. Purpose and Legal Basis of Data Processing

• Processing game data and hashed IP addresses: Necessary to fulfill the core functionality of the extension (Art. 6(1)(b) GDPR – performance of a contract).
• Processing your account data (Google login): Necessary to create and manage your user account and associate service usage (Art. 6(1)(b) GDPR – performance of a contract).
• Server logs on the website: Necessary for security and proper operation of the website (Art. 6(1)(f) GDPR – legitimate interest).

6. Data Storage and Third-Party Services

We do not share personal data with third parties, except where necessary to provide our services or as required by law. Your account data (email) is stored until you delete your account. Our service providers include:

• Supabase: We use Supabase as our backend and authentication service provider. Supabase handles the secure verification of your Google identity and the management of your user session. For more information, please refer to the Supabase Privacy Policy.
• Stripe: To process payments, we use the service provider Stripe, Inc. As a result, your email address may be transmitted to a third country outside the European Economic Area (EEA). Stripe ensures compliance with European data protection standards through the use of EU Standard Contractual Clauses. You can find more information in Stripe’s Privacy Policy.

7. Data Security

All data transmissions between the Chrome Extension, our servers, and third-party providers (such as Stripe and Supabase) are encrypted using HTTPS (TLS encryption).

8. Your Rights

You have the right to:

• Request information about your stored personal data.
• Request correction of your data.
• Request the deletion of your account and all associated personal data by contacting us at contact@quietloop.dev. Your data will be permanently deleted without undue delay.
• Withdraw your consent at any time, where applicable.
• File a complaint with the competent supervisory authority.

9. Contact

If you have questions about privacy or data protection, you can contact:
contact@quietloop.dev