♜ Local Rook

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

Responsible for data processing is:
Manuel Bißinger, Haubachstr. 21, 22765 Hamburg, Germany.
Email: privacy@localrook.com.

2. Hosting

Our platform and database are securely hosted on servers provided by netcup GmbH in Germany (EU). Data processing is based on our legitimate interest in providing a secure and reliable service (Art. 6(1)(f) GDPR).

3. Information We Collect and Legal Basis

When you use Local Rook, we process data based on the fulfillment of our contract with you (Art. 6(1)(b) GDPR):

  • Authentication Data: We use OAuth providers (Google, GitHub). We receive basic profile data (Name, Email, Avatar URL) to create your account.
  • Profile & Usage Data: Venues added, ratings submitted, check-ins, and messages.
  • Technical Data: Hashed IP addresses for rate limiting and security (Art. 6(1)(f) GDPR).

4. External Services & US Data Transfers

We integrate several third-party services. Some providers are based in the USA. Data transfers to the US are safeguarded by the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).

  • OAuth Providers (Google & GitHub): Used for secure login.
  • Interactive Maps (Stadia Maps): To display chess venues, your browser connects directly to Stadia Maps (USA), transmitting your IP address. This is necessary to provide the core mapping functionality (Art. 6(1)(f) GDPR).
  • Chess Platform APIs: You can link your Lichess (EU), Chess.com (US), or FIDE accounts. We only fetch your public ratings based on your explicit initiation.
  • AI Integrations: If you utilize AI features (like game analysis or translations), text or PGN data is sent to our AI partners (OpenAI, Anthropic, DeepSeek, Moonshot AI, OpenRouter). If your PGN files contain usernames, these are transmitted to analyze the game.
  • Security (Cloudflare Turnstile): Used on specific forms to prevent bot attacks.

5. Cookies and Analytics

We use essential cookies strictly necessary for authentication and platform security. For analytics, we use a self-hosted instance of Umami Analytics. Umami anonymizes your IP address securely and does not set tracking cookies. No personal data is shared with third parties. This helps us understand platform usage based on our legitimate interest (Art. 6(1)(f) GDPR). You can manage your preferences via our Cookie Settings banner.

6. Your Rights under the GDPR

You have the right to:

  • Request access to your personal data (Art. 15 GDPR).
  • Request correction of inaccurate data (Art. 16 GDPR).
  • Request deletion of your data / "Right to be forgotten" (Art. 17 GDPR).
  • Restrict the processing of your data (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Object to processing based on legitimate interest (Art. 21 GDPR).
    To exercise these rights, please contact privacy@localrook.com. You also have the right to lodge a complaint with a supervisory authority.

Contact Us

For privacy-related inquiries or to request data deletion, please contact our support team at privacy@localrook.com.