1. Who we are
OpeningOS is a chess opening training service operated from the European Union. In this
policy, "we", "us" and "OpeningOS" refer to the operator of openingos.com.
We act as the data controller for the personal data described below.
2. What we collect
When you create an account, we collect:
- Your email address (required, used to log you in and to send transactional emails);
- Your first and last name;
- Optionally, your ELO rating and FIDE title (so titled players can claim their free Pro);
- Your password, stored only as a one-way bcrypt hash - we never see the cleartext.
As you use the product, we additionally store:
- The repertoires you import or build (PGN trees, comments, annotations);
- Your training history: which positions you saw, what you played, accuracy, response time;
- Session metadata: which browser, last login timestamp, language preference;
- If you connect Lichess: an OAuth refresh token and your Lichess username.
We do not use third-party advertising trackers, behavioural
fingerprinting, or social-network pixels.
3. Why we use it
- Operate the product - your account, your repertoires, your training stats.
- Send essential emails - sign-up confirmation, password reset, billing
receipts. We do not send marketing emails unless you explicitly opt in.
- Improve the product - aggregated, de-identified usage data helps us
decide what to build next. We never share individual training records with anyone.
- Comply with the law - for example, retaining invoices for the period
required by French tax authorities.
4. Legal basis (GDPR)
We process your data on the basis of (a) contract - you asked us to
run the service for you; (b) legitimate interest - running our business
and securing the platform; (c) legal obligation - accounting and tax;
and (d) consent, where the law requires it (e.g. optional analytics
you can opt into in Settings).
5. Who we share it with
- Hosting provider - our application runs on a dedicated server in
the European Union. Your data does not leave the EU during normal operation.
- Email service (Resend, EU region) - to deliver transactional
emails on our behalf.
- Payment processor (Stripe) - for Pro subscriptions only. Stripe
stores your payment details under their own privacy policy; we never store your card
number.
- Lichess - only if you choose to connect, and only to read studies
you've authorized via OAuth.
We do not sell or rent your personal data to anyone, ever.
6. How long we keep it
We keep your account data while your account is active. When you delete your account from
Settings → Danger zone, we soft-delete immediately (you can no longer log in) and hard-delete
after 30 days. Invoices we are legally required to keep are retained for the statutory
period (10 years in France).
7. Your rights
Under GDPR, you can:
- Request a copy of your data (right of access);
- Correct inaccurate data;
- Delete your data ("right to be forgotten");
- Export your repertoires (PGN download from the repertoire detail page);
- Object to a particular processing activity;
- Lodge a complaint with the CNIL (the French data protection authority).
Most rights are self-served from Settings. For anything else, write to
privacy@openingos.com
and we'll respond within 30 days.
8. Cookies
We use a single first-party session cookie (os_sid)
to keep you logged in, and a minimal preferences cookie to remember your interface language.
We do not set advertising or analytics cookies by default.
9. Changes to this policy
When we change this policy, we update the date at the top and email you at least 30 days
before the new version takes effect. Your continued use after that date counts as acceptance
of the changes.