Privacy Policy

Last updated: April 13, 2026

CaissaLab ("we", "us", "our") operates the CaissaLab website at www.caissalab.com. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account data

When you create an account, we collect your email address and password (hashed, never stored in plain text). Optionally, you may provide your Chess.com or Lichess username.

Chess game data

When you run an analysis, we fetch your publicly available games from Chess.com or Lichess using their public APIs. We store game data (moves, results, ratings, timestamps) in our database to generate your analysis. We do not access any private or non-public data from these platforms.

Analysis data

We store the results of Stockfish engine evaluations and AI coaching summaries generated from your games. This includes move-by-move evaluations, weakness verdicts, and drill puzzles derived from your blunders.

Payment data

Payments are processed by Razorpay. We do not store your card number, bank details, or UPI ID. Razorpay handles all payment data under their own privacy policy. We only store a reference to completed transactions (order ID, credits purchased).

Usage data

We collect basic usage information such as pages visited, features used, and analysis frequency to improve the product. We do not use third-party ad trackers.

2. How We Use Your Data

• To provide chess analysis, coaching, and drill features
• To process credit purchases and maintain your account balance
• To send transactional emails (analysis complete, purchase receipts)
• To improve the product based on aggregate usage patterns

3. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase — database and authentication hosting
• OpenAI — game data is sent (without your email or identity) to generate AI coaching summaries
• Razorpay — payment processing
• Vercel — application hosting

4. Data Retention

Your account and analysis data are retained as long as your account is active. You can request deletion of your account and all associated data by emailing us. We will process deletion requests within 30 days.

5. Cookies

We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies.

6. Your Rights

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your analysis data

7. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and row-level security on our database. However, no system is 100% secure. Use a strong, unique password for your account.

8. Changes

We may update this policy from time to time. Material changes will be communicated via email or a notice on the website.

9. Contact

For questions about this privacy policy or to exercise your data rights, email shivumat@gmail.com.