Privacy Policy
About us and this policy
We are Take Take Take, we operate a chess app that helps people learn and improve at chess. Our goal is to create an inclusive and engaging platform for chess players of all levels, from beginners to seasoned amateurs. Users can create an account, connect their chess accounts from other platforms, receive AI-powered analysis and personalised coaching on their games, and engage with other players in discussions and community features.
When you use our services (i.e our website or app), we collect data about you. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change and access it. This policy aims to give you a complete overview over what data we collect and how we process it in our services. We are dedicated to protecting user data, and follow all applicable data protection laws in the countries where we operate.
Our services may include embedded content from other providers, such as video embeds from Youtube and Twitch. These providers are responsible for any data they collect through your interaction with the embedded content.
What data do we collect
When we refer to "personal data", we mean information that can be linked to an individual. The data we collect about you depends on which parts of our services you use. We collect the following personal data about the users of our services:
| Category | Description and examples | Source |
|---|---|---|
| Log-in and profile information | Basic profile information such as name and contact information, log-in and authentication information (username, password or third-party sign-in). In addition there are any user preferences or settings provided by the user such as players followed, favourites, notification preferences, high scores, points etc. | User input |
| Third-party chess platform data | If you connect a third-party chess account (such as Lichess), we collect your username, ratings, game history and related statistics from those platforms to provide our services. | Collected from third-party platforms with user authorisation |
| Chess analysis and insights | We generate analysis, coaching insights and commentary based on your chess activity. This data is derived from your game data and stored as part of our service. | Generated by our service |
| Payment and transaction information | We may store payment methods, purchases and transaction information if you consume any of our paid content and services | User input |
| User generated content | If you are using our social and community features, we may collect and store user generated content like comments, reactions, likes, follows, club memberships, challenge participation, feedback, user contributions, polls and surveys. | User input |
| Behavioural and technical data | When you use our services we will collect information from your use through your device. This includes technical information about devices you use to access our services such as device identifiers, cookie identifiers and IP address. This also includes user behaviour data and product analytics data like clicks, views, scrolls and engagement, e-mail opening and reading data. | Collected from the user's device |
| Inferred data | Inferred data about users based on behaviour data and profile information. This may include personal interests and personal attributes such as skill level, activity patterns and engagement classifications. | Inferred from other data collected and processed |
How we use data (purposes and legal basis)
We use the data we have collected about you for the following purposes:
Service delivery: We process your data to ensure service delivery including delivering content, functionalities and ensure service availability. This includes providing AI-powered chess analysis and coaching, synchronising your chess platform data, and delivering push notifications and transactional communications. This also includes troubleshooting and service security. This processing is based on contract as legal basis.
Personalisation: We may use your information to provide a personalised user experience to you. Personalisation may be based on your user preferences (such as follows), profile information and inferred data. This processing is based on contract (for user initiated features) and legitimate interest (for general personalisation) as legal basis.
Product improvement and product development: We want to continuously provide better and more elaborate services to our users. We process data to understand your needs and to improve and expand the services we provide. We therefore process your data for product improvement and development purposes. This is mainly done through data aggregation and analytics. This processing is based on legitimate interest as legal basis.
Communications: We use your contact information to send you transactional messages (such as authentication emails and account notifications) and, where you have opted in, marketing communications via email or push notifications. Such marketing is optional, and you may opt-out of receiving these through a link in the communication, through your notification settings in the app, or by adjusting preferences on your device (for push notifications). This processing is based on contract (transactional) or legitimate interest / consent (marketing) as legal basis.
Marketing: To market our products and services, we may use third party marketing services from companies like Meta and Google, to provide relevant marketing to you and potential new customers. We use customer list matching products from these marketing partners, and you may opt-out of this activity by emailing us at legal@taketaketake.com. We also use tracking and marketing optimisation services from these partners, however for these functionalities, we only share your data with these third parties if you have provided your consent. Marketing is based on legitimate interest (opt-out) or consent (opt-in) as legal basis.
Advertising: We generally provide non-personalised and contextual advertising in our user interface. Advertising may also be personalised based on your user preferences, profile info and inferred data. It is optional to receive personalised advertising, and you may opt-out by sending us an e-mail to legal@taketaketake.com. Personalised advertising is based on our legitimate business interest as legal basis.
Customer service: We process your data when providing customer service and answer any enquiries sent to us through any channel (including through our social media presence). We only process this data for the purposes of answering your requests.
Security and prevention of abuse: We process data to ensure the safety of our users and the integrity of our services. This includes ensuring that users follow our rules for appropriate conduct in social interaction, content moderation, investigating fraud as well as breaches of service terms of use.
Complying with laws and regulations: We process personal data to comply with accounting laws and similar regulations, including presenting information to authorities when the law requires it. This processing is based on legal obligation as legal basis.
Data sharing
When we process your personal data, we may share data with other parties. These are mainly data processors; companies that perform services for us and that are under a legally binding data processing agreement to only process data on our behalf and to safeguard personal data in compliance with the GDPR.
In addition to sharing data with data processors, we may share data with other data controllers, which means companies who use the data independently and have full responsibility towards you for the company's use of your personal data for the specific purposes data is shared for. We would only share data with other data controllers when it is necessary to deliver a product or service to you, or when you have given your active consent to such disclosure.
| Company | Data controller/data processor | Service/purpose | Processing location |
|---|---|---|---|
| Convex | Data processor | Backend platform and database | US (Data Privacy Framework certified) |
| Fly.io | Data processor | Application hosting | Frankfurt, Germany |
| Neon | Data processor | Database | Frankfurt, Germany |
| OneSignal | Data processor | Push notifications, transactional and marketing email communications | US (Data Privacy Framework certified) |
| Sentry | Data processor | Crash analytics, bug fix | US (Data Privacy Framework certified) |
| Appsflyer | Data processor | App analytics | US (Data Privacy Framework certified) |
| PostHog | Data processor | Product analytics | US (Data Privacy Framework certified) |
| Resend | Data processor | Transactional email delivery (e.g. authentication emails) | US (Data Privacy Framework certified) |
| Meta | Data Controller | Marketing services | US (Data Privacy Framework certified) |
| Data Controller | Marketing services | US (Data Privacy Framework certified) |
We integrate with the Lichess chess platform when you link your account. Lichess has its own privacy policy governing the data it holds about you.
In addition, we may share personal data upon request with public authorities when we are legally required to disclose information, for example by court order or legal warrant from the police or other public authorities.
We may also share data in connection with transactions, restructurings or other corporate changes, e.g. as part of a merger, acquisition, sale of the company's assets or transfer of services to another company (e.g a transfer of data controllership to a new company).
Transfers of Data about people in the EU outside of the EU/EEA
When we process data about people in the EU, we mainly process this data within the EU/EEA. In some cases we use data processors that are located outside of the EU/EEA, however we do this only in cases where
- The transfer location and recipient is considered to be adequate under rules established under the GDPR (adequacy decisions), or
- The transfer takes place subject to the EU-US Data Privacy Framework or is subject to standard contractual clauses as defined by the EU Commission to regulate such transfers under the GDPR and necessary supplementary safeguards have been implemented.
Data Retention
We only keep personal data for as long as we have to in order to fulfil the purposes for which it was collected as described in this policy. We also store data based on legal requirements like book-keeping and accounting requirements.
When you delete your user account, we will delete all your personal data except for any data we are required or allowed to store for a longer period according to relevant laws and regulations (e.g. local accounting regulations). We will also keep anonymised and aggregated data beyond this retention policy.
Use of cookies and similar technologies
We use cookies and similar technologies on our websites and other digital services. A cookie is a piece of text that is stored on your device that helps us determine which parts of our websites are most popular, as well as which pages users visit, and for how long. We also use technology other than cookies, such as Software Development Kits (SDKs), to do the same. The data is used to give you a good experience, to improve performance, and in development, analysis and targeting of ads. We may combine cookie data with other data we have registered about you and your relationship with us, but only when permitted by applicable laws or when you have given us your consent.
Your rights as a user
You have rights connected to our processing of your personal data. We aim to respond to any requests related to these rights as quickly as possible, but always within 30 calendar days.
To make a request to exercise any of these rights, email us at legal@taketaketake.com.
| The right of access / the right of data portability | You have the right to know what personal data we process and how we process it. You have the right to get a copy of all the data we have about you. You also have the right to receive personal data we have about you in a structured, commonly used and machine-readable format. If you want to get such copies of all of your personal data, please get in touch with us and we will provide it to you. |
| The right to rectification | You have the right to rectify or correct any inaccurate data we may have about you. |
| The right to erasure/right to be forgotten | We delete data when it is no longer needed for the purposes it was collected for, however you also have the right to request deletion of your data. If you request deletion of your data, we will erase any information connected to you, with the exception of data we are required to store for other reasons (such as bookkeeping regulations). |
| The right to restrict processing and the right to object to processing | You have the right to object to the processing of your personal data which is based on our legitimate interests. |
| The right to avoid automated decision-making with legal or similar effects | We do not make automated decisions about our users that have any legal or similar effect. |
Complaints about data processing
You can always address any concerns or complaints to your relevant data protection authority (or you could complain directly to our lead data protection authority of Norway — you can find their contact information at Datatilsynet.no).
Changes to this privacy policy
When you start using our services or create an account with us, you agree to the contents of this policy and take on responsibility to familiarise yourself with it. Our latest Privacy Policy is always available here, and we will always state the date of the most recent change. We might update our Privacy Policy when there are changes in legislation, our practices, or when needed for any other reason. In the case of any changes that materially affects how we process your data, you will be explicitly notified of the changes.
Contact information
Take Take Take AS, with organisational number 931 316 753, is the data controller and responsible for data processing in our services. If you have any questions or concerns you may contact us by post at Maridalsveien 15, 0178 Oslo, Norway, or by e-mail at legal@taketaketake.com