Privacy Policy

ChessMarshal (the "Service") is operated by Reckoned Force LLC, a limited liability company registered in Colorado, USA. This Privacy Policy describes what personal information the Service collects, how we use it, and the choices you have. Questions can be sent to support@chessmarshal.com.

When you create an account

Name, email address, and (if you sign in with Google) the Google account identifier. We never see or store your Google password.

When you create or run a club

Club name, location, federation affiliation, time zone, and optional logo and contact details. Subscription billing data (customer id, subscription id, plan, current period end) is held by Stripe; we mirror only what the dashboard needs to render the billing card.

When a player registers for a tournament

Player name, email, phone (if provided), USCF or other federation ID (if provided), school and grade (only when the club opts to collect them for scholastic events), and the check-in code we generate. For paid registrations we hold a Stripe checkout session id and payment intent id; the card data itself stays at Stripe.

When you look up a USCF member

For tournaments rated by US Chess we fetch published USCF member data (name, ratings, expiration date, optional FIDE title) from the public US Chess MSA system using the member id you provide. We cache the parsed result for 24 hours to reduce load on USCF and persist a snapshot on the player row so tournament directors can run eligibility checks offline.

When you use the Service

Standard request logs (IP, user agent, request path, timestamp) are processed at the Cloudflare edge as part of operating the Service. We do not run third-party advertising tags, analytics tracking pixels, or session-replay tools on the Service.

To operate the Service: run tournaments, pair rounds, render scoreboards, generate rating-report submission files, and produce certificates.

To communicate with you: account verification (magic-link sign-in), welcome messages, trial-ending reminders, registration confirmations, round-pairing digests, and sensitive-action confirmations. We do not send marketing emails to players who registered through a club's public registration page.

To bill and process payments: through Stripe and Stripe Connect. See section 5.

To protect the Service: detect and prevent fraud, abuse, and unauthorized access; comply with legal obligations.

Stripe — payment processing for ChessMarshal subscriptions and (via Stripe Connect) for club tournament fees. Stripe holds card numbers and billing addresses subject to their privacy policy.

Resend — transactional email delivery (account magic links, welcome, trial-ending, registration confirmations, round digests, sensitive-action codes). We share the recipient email address, message subject, and body.

Twilio — SMS notifications when a club enables them for round-pairing announcements. We share the recipient phone number and message body. We do not subscribe a player to SMS without their explicit opt-in.

Cloudflare — edge hosting, DNS, request routing, and D1 (database) storage. All Service infrastructure runs on Cloudflare; standard request logs are processed at the edge as part of routing.

US Chess (uschess.org) — we read public member data from the US Chess MSA system when a tournament director or player provides a USCF member id, in order to fetch ratings, expiration date, and optional FIDE title. We do not send any private data to US Chess; the lookup is read-only.

Google — only when you choose Google sign-in. Google authenticates you and returns a name + email; we hold the Google account id solely to recognize you on next sign-in.

We do not sell personal information. We do not share personal information with third parties for their own marketing.

Card data is held by Stripe under Stripe's privacy policy. ChessMarshal stores only the Stripe customer id, subscription id, status, trial-end timestamp, and current-period-end timestamp. These are the fields the billing card on your settings page reads from to render "you are on the 90-day trial" or "your plan renews on July 14".

Account, club, and tournament data is retained for the life of your account. Completed tournaments and their public scoreboards are retained indefinitely as historical archives unless you request specific removal. Account deletion request removes account credentials and ties to the user; club content (logos, tournaments, rosters) that is referenced by historical scoreboards may be retained in anonymized form.

Transactional email send logs and SMS send logs are kept for 90 days in our providers (Resend and Twilio) and are not separately retained by ChessMarshal beyond what is needed to render the audit trail to a club admin.

USCF lookup results are cached for 24 hours at the edge and persisted on the player row as the most recently fetched expiration / rating. Refreshing the data via the TD-side refresh action overwrites the cached snapshot.

You can review and update your account information from your settings page. You can delete your account at any time; we process deletion requests within 30 days. You can unsubscribe from round-pairing digests via the unsubscribe link in each digest email; transactional messages (account verification, receipts, sensitive-action codes) cannot be unsubscribed because they are part of operating your account.

If you are a resident of California (CCPA / CPRA), the EEA (GDPR), or the United Kingdom (UK GDPR), you may have additional rights including the right to access, correct, and request deletion of your personal information, and to object to certain processing. Send these requests to support@chessmarshal.com.

ChessMarshal is used by scholastic chess clubs, including those that organize tournaments for players under 13. We do not knowingly create accounts for users under 13; club tournament directors and parents register players on the club registration page. If you believe a child under 13 has created a ChessMarshal account directly, contact support@chessmarshal.com and we will remove the account.

We host on Cloudflare Workers + D1 with TLS for all traffic. Authentication uses HttpOnly session cookies; magic-link tokens expire after a short window. Sensitive actions (such as disconnecting Stripe or switching club federation) require an email-delivered one-time code. No security control is perfect; report suspected vulnerabilities to support@chessmarshal.com.

ChessMarshal is operated from the United States and stored on Cloudflare infrastructure that may serve from the region nearest the requesting user. By using the Service from outside the United States, you understand that your information will be processed in the United States and other countries where our processors operate.

We may update this Privacy Policy from time to time. We will update the "Last updated" date and, for material changes, email you at the address on file for your account at least 14 days before the change takes effect.

Privacy questions and requests can be sent to support@chessmarshal.com. Reckoned Force LLC, Colorado, USA.