PRIVACY
Privacy.
Last updated: 23 June 2026. One Chess is published by Joe Ralph. This policy covers both the One Chess iOS app and this website.
No account, no profile
One Chess does not require sign-up or login. You choose a display name during onboarding. We never ask for your email, phone number, or location, and there is no account on our servers tied to a real-world identity. See Online play below for the one case where your display name leaves the device.
What stays on your device
Your display name, games, lessons, mistake-review queue, settings, coaching messages, and engine cache are stored locally on the iPhone. None of this leaves your device, except as described under Online play and Crash and performance diagnostics below.
What the app sends to our server
To enforce the 7-day free trial and the one-time unlock purchase, the app communicates with our entitlement service at onechess.joeralph.in. Each request includes only:
- An App Attest assertion (backed by your device's Secure Enclave). We never see your Apple ID. We derive a SHA-256 hash from this assertion as your anonymous device identifier.
- The platform string "ios" and a short-lived nonce.
- For purchase or restore: a signed App Store transaction (JWS), which we forward to Apple's App Store Server API for verification. We store only an opaque transaction reference, not the transaction body.
- Your IP address reaches our edge proxy and is logged by nginx for rate-limiting and abuse prevention. Logs are rotated and discarded after 30 days. IPs are never linked to a device hash in any datastore we operate.
Online play (remote games)
When you start or join an online game against another person, the display name you chose and your moves are sent to our game server, shown to your opponent, and stored so the game can be reconnected and recorded. We keep finished online games for 90 days, then delete them automatically. Your display name may be visible to people you do not know (for example, anyone you share a game link with), so we recommend you do not use your real name.
What we store on the server
For each active device we keep one row containing the SHA-256 device hash, the platform, your trial start and end times, your purchase timestamp, and an opaque transaction reference. No emails, no IPs, no contact list, no analytics events. The one exception is online play: for finished online games we also store both players' display names, for up to 90 days (see Online play above).
In-app purchases
One Chess offers a one-time non-consumable purchase that unlocks the app forever on the buying Apple ID. Apple Promo Codes are accepted through Apple's native code redemption sheet. We never see your payment details — Apple handles billing.
App Store crash + usage
If you opt in to "Share with App Developers" under iOS Settings → Privacy → Analytics, Apple may share anonymized crash logs and basic usage statistics with us through App Store Connect. We use this only to fix crashes. We do not run any third-party analytics SDK, ad SDK, or tracking SDK of any kind. The only third-party SDK that processes any data is Sentry, used solely for crash and performance diagnostics — see below.
Crash and performance diagnostics
We use Sentry, a third-party error-monitoring service, to capture crash reports and performance diagnostics so we can fix bugs. Sentry may receive device and app state information at the time of a crash. We do not use it for advertising or tracking, and we have not enabled collection of personally identifying information. See Sentry's privacy policy at sentry.io/privacy.
No third parties
No Facebook SDK. No Google Analytics. No Firebase. No Mixpanel. No ad networks. No data brokers. The only third parties that touch your data are Apple (for IAP and App Attest), our hosting provider (for serving the API endpoint), and Sentry (for crash and performance diagnostics — see Crash and performance diagnostics above).
Retention + deletion
Finished online games (including the stored display names) are deleted automatically 90 days after the game ends. Server-side entitlement rows persist as long as the corresponding device continues to use the app; you can request deletion by emailing the address below with the device installation date. Deleting the app from your phone wipes the local database immediately.
Children
One Chess is not directed at children, and we knowingly collect no information from minors.
Your rights (GDPR + DPDP Act)
If you are in the EU, EEA, UK, or India: you can request access, correction, or deletion of any data we hold about you. Email the address below. We respond within 30 days. Because the only identifier we keep is a SHA-256 device hash that we cannot map back to a person, we will ask you to send us your purchase receipt (or trial-start date) so we can locate the corresponding row.
Changes to this policy
If we change anything material, we will update this page and bump the "Last updated" date. Continued use of the app after that date counts as acceptance.