Privacy policy

Plain English. Covers chessmasti.com (the website) and Analyze with Chess Masti (the Chrome extension). Last updated 2026-05-26.

The website — chessmasti.com

What we store

  • Account: email, a bcrypt hash of your password (we never see the plaintext), and a Google account ID if you sign in with Google. Account data lives in Google Firestore.
  • Saved games and preferences: PGNs you save, coaching-tone preference, playing style, study goals, favorite openings, and board/piece-set choices. Tied to your account in Firestore.
  • Session cookie (cm_session): a signed JWT in an httpOnly cookie. Used only to keep you signed in.

What we send to third parties

  • Anthropic Claude receives the position (FEN), the relevant PGN snippet, and your coaching query so the coach can respond. If you have named an opponent (e.g. their Lichess or Chess.com username) the coach is also told that username so it can tailor its advice. We do not send your own name, email, or account ID along with the request.
  • The Maia-2 microservice receives the current position (FEN) and the two ratings (yours and the bot's) when you play against the Twin Bot opponent, so it can return a humanlike move. It receives nothing else.
  • Public Lichess and Chess.com APIs are queried from our server when you scout an opponent, import a game, or ask the coach about a named opponent — we fetch their publicly listed game history (the same data anyone can see on those sites). We never use private or authenticated endpoints unless you opt in via OAuth.
  • Lichess OAuth is used only if you choose to connect your Lichess account to play live games through us.
  • Resend sends the password-reset email when you request one.
  • Google Firebase Analytics and Vercel Analytics record anonymous page views and feature usage so we can see what is being used. No content of your games or coaching chats is sent to either.
  • Sentry receives the details of any error that happens in your browser (stack trace, the URL you were on, your browser type and hardware metadata such as CPU core count and RAM tier). It does not receive PGNs, chat messages, or account data. Used only for crash diagnosis.

Where data lives

  • On our servers (Google Firestore) via the Firebase Admin SDK: account, saved games, preferences. Server- side only — your browser never connects to Firestore directly.
  • On your device (IndexedDB): puzzle progress and spaced-repetition state. Stored locally in your browser and never sent to us.
  • On Supabase: data from the internal feedback portal used by our intern programme. Regular users do not interact with this; if you have been added to the intern allowlist we store the feedback and quality flags you submit.

What we do not do

  • We do not sell your data. There is no advertising business model.
  • We do not share PGNs or chats with anyone outside the third parties listed above.
  • We do not run Stockfish on our servers — engine analysis happens in your browser as WebAssembly. Positions you analyse stay on your machine for engine evaluation; they only leave it when you choose to ask the AI coach about them.

Deleting your data

Email aayanhetamsaria4@gmail.com and we'll delete your account and saved games within seven days.

The Chrome extension — Analyze with Chess Masti

What the extension does

It adds an orange "♟ Analyze with Chess Masti" button to game pages on lichess.org and chess.com. When you click it, the extension reads the PGN of the game you are looking at and opens chessmasti.com/analysis in a new tab with that PGN in the URL. That's it.

What it accesses

  • The DOM of pages on lichess.org and chess.com. Per Chrome's extension model the content script has read access to every page on those two domains while the extension is installed. In practice it does nothing on pages that aren't a game-like URL — the button only appears, and the PGN is only read, on paths such as /game/, /analysis/,/play/, /live/, and /daily/, and on the Lichess game-ID URLs.
  • The public Lichess game-export endpoint (https://lichess.org/game/export/<id>) — fetched only when you click the button on a Lichess game, to get a clean PGN. No authentication, no cookies.

What it stores

Nothing. The extension has no storage permission, no background script, and no remote server of its own.

What it transmits

The PGN of the game you click on, sent only to chessmasti.com as a URL parameter when the new tab opens. Equivalent to copy-pasting the PGN into chessmasti.com yourself. Nothing is sent anywhere else.

What it does not do

  • It does not collect personal information, contact information, financial information, authentication data, or location.
  • It does not track your browsing across sites.
  • It does not run on any site other than lichess.org and chess.com.
  • It does not modify the content of pages it runs on, beyond adding the single button.
  • It does not use the data it accesses for any purpose other than opening chessmasti.com with your game pre-loaded.

Contact

Questions, deletion requests, or anything else: aayanhetamsaria4@gmail.com.