Last updated: 29.04.2025

1. Introduction:

This Privacy Policy explains how World Chess Community – IM Pawel Weichhold (“we”, “us”) handles your personal data in connection with our website, community, emails, and services, including the “Free Course”, “6-Week Rating Peak: Chess Challenge — Monthly Access”, and “Chess Lessons”.

2. Information Collected

Data you provide directly
- Account & contact: email, first/last name.
- Checkout: billing email; optional invoicing details (company name, country, VAT/tax number, address).
  We do not collect full card numbers—payments are processed by Stripe.
- Community & course: posts/comments, uploaded PGNs/games, messages, form responses (e.g., invoice request).
- Support & communications: emails you send us, preferences (e.g., marketing opt-in).
- Live/Q&A (if you join): recordings may capture video, audio, chat, display name.
Data collected automatically (when you use the site/services)
- Usage data: pages viewed, lessons opened, progress, timestamps, referral/UTM tags.
- Device/technical: IP address, approximate location (country/region), browser/device type, OS, language, time zone.
- Cookies & similar tech: session IDs, authentication tokens, analytics and preference cookies, local storage.
Data from partners/third parties
- Payment processor (Stripe): payment status, amount/currency, masked card info (brand, last 4), charge/ refund events. No full card data.
- Platform tools (e.g., Systeme.io/hosting, forms, email): enrollment status, course access events, email engagement (opens/clicks).
- Analytics/anti-fraud services: aggregated or pseudonymous signals to keep the service secure.
What we don't seek to collect:
- Sensitive data (e.g., health, political opinions, precise geolocation) — please don’t send it.

Optionality
- Fields marked optional are not required to use the service. If you choose not to provide certain data, some features (e.g., invoices for companies) may be unavailable.

3. How we use your information (purposes & legal bases):

Provide the service (contract): account access, course delivery (weekly drip), progress tracking, community features.
Payments & invoices (contract/legal obligation): process payments via Stripe; issue invoices on request.
Support & operations (contract/legitimate interests): respond to emails, fix issues, maintain security.
Service improvement & analytics (legitimate interests/consent where required): measure usage to improve lessons and UX.
Fraud prevention & security (legitimate interests/legal obligation): detect abuse, protect accounts.
Communications:
- Transactional (contract): receipts, access, course updates.
- Marketing (consent or legitimate interests): newsletters/offers; you can opt out anytime.
Legal compliance (legal obligation): tax/accounting, responding to lawful requests.
Recordings (legitimate interests): if you join optional live/Q&A, we may record for replays; you can keep camera/mic off.

4. Sharing & disclosures (processors/recipients):

5. Data retention (how long we keep data):

Account, purchases, invoices: for the life of your account + as required for tax/accounting (typically up to 6 years, depending on jurisdiction).
Course/community activity: while your subscription is active and for up to 24 months after inactivity (or earlier upon deletion where feasible).
Support emails/forms: up to 24 months after resolution.
Analytics logs: typically 12–26 months (provider defaults).
Recordings (if any): as long as reasonably needed for the program, then replaced or deleted.
We may retain minimal data longer to comply with law or resolve disputes.

6. Security:

HTTPS (SSL/TLS) for data in transit; access controls and least-privilege for staff/tools.
Payments via Stripe; we don’t store card numbers.
Regular updates/patching of platforms; monitoring for abuse.
No method is 100% secure; please keep your password confidential.

7. International transfers:

Your data may be processed outside your country (e.g., EU→US) by our providers.
We rely on Standard Contractual Clauses or equivalent safeguards where required, and take steps to protect your data consistently with this Policy.

8. Marketing communications:

Marketing emails are opt-in (or sent under legitimate interests where permitted).
You can unsubscribe anytime via link in the email or by contacting us.

9. Cookies & tracking:

We currently do not use analytics, advertising, or social media cookies on imchessbrain.com.
Our course/checkout host (Systeme.io) and payment processor (Stripe) may set strictly necessary cookies or similar tech (e.g., session IDs, security tokens, local storage) to run the site, keep you logged in, prevent fraud, and process payments. These are essential and do not require consent under EEA/UK rules.
We do not run third-party tracking pixels or cross-site ads.
If we later introduce any non-essential cookies (e.g., analytics or marketing), we will update this Policy and display an opt-in consent banner where required.
You can control cookies in your browser; blocking essential cookies may affect login or checkout.

11. Children:

Our services are for adults (18+) or those with parent/guardian consent where applicable.
If you believe a minor provided data without consent, write to us and we’ll delete it where required.

12. Third-party links:

Our site may link to third-party sites (e.g., chess platforms). Their privacy practices apply there; review their policies.

13. Changes to this Policy:

We may update this Policy from time to time. The “Last updated” date shows the current version.

14. Controller & contact: