Skip to content Skip to footer
Menu Close
Close
Dashbord

Privacy Policy (WhiteKnight Academy)


Last updated: 2026-02-17

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use
the White Knight Academy website and related services (the “Service”), including online chess lessons,
learning features, AI-assisted tools, and the White Knight Analytics dashboard available on our subdomains
(including analytics.whiteknight.academy and analytics.whiteknight.academy/dashboard).

If you do not agree with this Policy, please do not use the Service.

1. Data Controller (Who is responsible)

Data Controller: TheBroda sp. z o.o.

KRS: 0000677402 | NIP: 5242831345 | REGON: 367267919

Registered address: ul. Wierna 12, 03-890 Warszawa, Poland

Contact (privacy requests): contact@whiteknight.academy

We have not appointed a Data Protection Officer (DPO).

Canada contact point (for convenience): contact@whiteknight.academy (we can provide additional local contact details upon request).

2. Who the Service is for (Adults & Children)

Our Service is intended for adults (18+).
Children may participate in lessons only under a parent/guardian account and under the
parent/guardian’s responsibility and supervision.

U.S. children under 13 (COPPA)

If a child under 13 participates from the United States, we require verifiable parental consent
where applicable before collecting, using, or disclosing the child’s personal information.
We will implement appropriate consent verification methods as needed.

3. Personal information we collect

We collect information in three ways: (A) information you provide, (B) information we collect automatically, and (C) information from service providers and integrations (e.g., payments and connected accounts).

A) Information you provide

Account and profile data:

  • Name, surname
  • Email address
  • Phone number (optional)
  • Country / billing country (optional)
  • Preferred language (Primary Language; Secondary Language optional)
  • Timezone

Chess analytics & coaching preferences (dashboard / matching):

  • Chess platform usernames (e.g., Chess.com / Lichess usernames) that you provide
  • Playing level / goals / focus areas (e.g., tactics, openings, endgames)
  • Weekly availability / time windows for scheduling training or coaching sessions
  • Coaching preferences (e.g., group vs. individual, languages, topics)

Student/learning data (within the parent account):

  • Lesson attendance, learning history, training plans
  • Assessments/results (if used)
  • Coach notes and progress information

PGN uploads (optional):

  • PGN files you upload and the game metadata/content contained in them (moves, timestamps if present, player names/usernames if present)

Communications:

  • Messages sent to support
  • In-platform messages where available

AI chat content:

  • Messages you type into our AI chat and the AI responses (see Section 9)

Coach applications (Apply as a Coach):

  • Identity and contact data (name, email, location, timezone)
  • Languages spoken
  • Chess profile links/usernames (e.g., Chess.com / Lichess) (optional)
  • FIDE profile (FIDE ID or link) (optional but recommended)
  • Title (optional) (e.g., GM/IM/FM/CM/WGM/WIM/WFM/WCM)
  • Who you want to coach (e.g., age groups, adults)
  • Student levels you can coach (e.g., beginner / intermediate / advanced / competitive)
  • Coaching experience (e.g., years of experience)
  • Short bio and teaching approach
  • Availability and (optional) rate information
  • Intro video link (optional)
  • Confirmations/agreements (e.g., Code of Conduct / minors safety rules)

Biometrics / Wearables (optional, in development):

  • If you choose to connect wearable/health apps (e.g., Apple Watch / Apple Health, Google Fit), we may receive and process metrics such as sleep, HRV, resting heart rate, stress score, and related trend data.
  • You control whether to connect, what to share, and you can disconnect at any time (see Sections 4, 5, and 12).

Social / grant program (currently minimized):

  • At the application stage we aim to collect only necessary contact details and an explanation of eligibility.
  • If documentation is required in the future (e.g., to validate eligibility), we will request it separately, with clear notice and appropriate safeguards.

B) Information collected automatically

When you visit or use the Service, we may collect:

  • IP address, device identifiers, browser type, operating system
  • Usage data (pages viewed, clicks, events)
  • Log files and security-related data
  • Cookies and similar technologies (see Section 8)

C) Information from providers and integrations

Chess platform connections: If you connect a chess platform account (e.g., Chess.com or Lichess), we may retrieve game history and related metadata made available through that integration (such as game results, moves, time controls, timestamps where available, and opponent identifiers/usernames where available). We use this data to generate reports, statistics, and recommendations.

Payments: Payments are processed by Stripe and/or PayPal. We do not store full payment card details. Billing information may be collected by those providers as required to process payments.

4. How we use personal information

We use personal information to:

  • Create and manage accounts
  • Provide lessons (including scheduling and delivery via video platforms)
  • Provide chess analytics features (game analysis, statistics, trend tracking, reports, exports)
  • Generate coach-ready insights and improvement plans based on your games and preferences
  • Enable coach matching and training planning based on your goals, level, language, timezone, and availability
  • Operate coach recruitment (review coach applications, communicate with applicants, and (if accepted) create a coach profile)
  • Provide customer support and respond to requests
  • Process payments and manage subscriptions and trials
  • Send service communications (e.g., confirmations, reminders, important updates)
  • Send newsletters/marketing (only where permitted—see Section 6 and Section 8)
  • Improve and secure the Service, prevent fraud/abuse, troubleshoot
  • Measure and optimize marketing performance and retargeting (subject to consent where required)

Biometrics / Wearables (optional): If you connect biometrics, we use the shared metrics to generate correlation insights (e.g., how sleep/stress/HRV may relate to time trouble, accuracy, blunder rate) and to personalize recommendations. These insights are informational only and are not medical advice.

5. Legal bases (EEA/UK/Switzerland users)

Where the GDPR applies, we process personal data based on:

  • Contract: to provide the Service you request (accounts, lessons, analytics dashboard, reports, exports)
  • Legal obligation: for tax/accounting and compliance duties (retention may apply)
  • Legitimate interests: security, abuse prevention, basic analytics, service improvement (balanced against your rights)
  • Consent: marketing communications, non-essential cookies/retargeting, optional recordings/photo/video featuring minors, and optional integrations where consent is required

Biometrics / wearable metrics: Where wearable/biometric data is considered “special category” personal data (data concerning health), we process it only with your explicit consent and you can withdraw consent by disconnecting the integration or requesting deletion.

6. Marketing communications

If you subscribe to our newsletter or otherwise consent to marketing emails, we may send you updates and offers.
You can opt out at any time via the unsubscribe link or by contacting us at
contact@whiteknight.academy.

We currently plan to use SendPulse (or another email service provider). When finalized, this provider may change and will be treated as a processor/service provider.

7. Who we share data with (processors and partners)

We share personal information only as needed to operate the Service, including with:

  • Hosting / infrastructure: Hostinger; Cloudflare (CDN, security).
  • Website/LMS tools: WordPress, Elementor, TutorLMS, WooCommerce.
  • Payments: Stripe, PayPal.
  • Video lessons: Google Meet (Google) and Zoom (backup).
  • Customer communications/support: SendPulse (and/or similar tools).
  • Chess platform integrations (when you connect them): Chess.com, Lichess, and other chess data sources (e.g., opening databases / master databases) where applicable for analytics and training.
  • Wearables / biometrics integrations (when you connect them): Apple (Apple Watch / Apple Health) and/or Google Fit (and related providers), strictly for the metrics you choose to share.
  • Analytics & advertising (subject to consent where required):
    Google Analytics / Google Tag Manager / Google Ads; Meta (Facebook/Instagram); TikTok; Microsoft (Bing).
    We may also use server-side tracking solutions (e.g., via Cloudflare and/or Stape) to improve measurement and security.
  • Legal/compliance: advisors, accountants, or authorities where required by law.

We may disclose data to comply with legal obligations, enforce our Terms, or protect the rights, safety, and security of users and the Service.

Coach profiles: If a coach is accepted and a coach profile is created, we may display selected profile information (e.g., name or display name, languages, bio, titles, coaching focus, availability, intro video link) to users for coaching matching. We will not publish private contact details (such as email) publicly.

8. Cookies and tracking technologies

We use cookies and similar technologies for:

  • Essential site functionality and security
  • Analytics and performance measurement
  • Advertising and retargeting

We use CookieYes as our consent management platform. Where required by law (e.g., EEA/UK),
non-essential cookies will be set only after you give consent, and you can change/withdraw consent at any time via
the CookieYes preference controls.

Cookie Declaration: View Cookie Declaration

9. AI features and automated decision-making

We use AI features to help users search content, receive learning recommendations, support group matching, quality monitoring,
and produce statistics and recommendations.

AI chat

If you use our AI chat, your messages and the AI responses may be stored in your account area for up to 1 year
for product improvement, quality assurance, and support, unless a shorter period is required by law or you request deletion where applicable.

Third-party AI provider (OpenAI)

We may send AI chat content to OpenAI via its API to generate responses.
We recommend that users do not share sensitive personal information in the AI chat (e.g., medical documents, identity numbers).

OpenAI API data retention (abuse monitoring logs): When we use OpenAI’s API to provide AI-assisted features,
OpenAI may process and retain certain customer content (such as prompts and AI responses) in abuse monitoring logs for up to 30 days,
unless OpenAI is legally required to retain it for longer.

No training on our API data by default (unless opt-in): By default, OpenAI does not use data sent through its API
(inputs/outputs) to train or improve OpenAI models, unless the customer explicitly opts in to share data for training.
We do not intentionally opt in to training on our users’ personal data via the OpenAI API. If this changes in the future,
we will update this Privacy Policy and, where required, obtain any necessary consents.

No fully automated decisions

We do not make decisions with legal or similarly significant effects based solely on automated processing.
For example, coach acceptance decisions and grant/social program decisions are reviewed by humans (“AI assists, humans make final decisions”).

10. Lesson recordings, photos, and video

Lessons are not recorded by default.

If recording, photographing, or using video/audio is requested (e.g., by a parent/guardian or for promotional content),
we will obtain appropriate consent in advance. For minors, consent must come from a parent/guardian.

11. International data transfers

Because we use global providers (e.g., Google, Zoom, Stripe, Meta, OpenAI), personal data may be transferred outside the EEA/UK.
When required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and
additional measures as needed.

12. Data retention

We keep personal data no longer than necessary for the purposes described in this Policy, and we apply retention rules and periodic review.

Typical retention periods (unless longer retention is required by law or needed for disputes/security):

  • Account data & analytics history: while the account is active, and then typically up to 3 years after last activity
  • Game data & reports: while the account is active; you can request deletion, and we will delete or anonymize where applicable
  • Biometrics / wearable metrics (if connected): while connected and for a limited period after disconnect (typically up to 90 days), unless you request earlier deletion or longer retention is required by law
  • AI chat logs: up to 1 year
  • Security logs: typically up to 12 months
  • Marketing preferences: until you unsubscribe (then we keep minimal suppression records to respect your choice)
  • Accounting/tax records: generally at least 5 years
  • Coach applications: typically up to 2 years after submission (including rejected applications), unless you request deletion earlier where applicable

We may keep aggregated or anonymized information longer for statistics and service improvement.

13. Security

We use reasonable technical and organizational measures to protect personal data (e.g., access controls, encryption in transit where available,
monitoring, least-privilege access). No system is 100% secure; users should also protect their account credentials.

14. Your privacy rights

EEA/UK (GDPR)

Depending on your location, you may have the right to:

  • Access, rectify, erase, restrict processing
  • Data portability
  • Object to processing (including certain legitimate-interest processing)
  • Withdraw consent at any time (including biometrics consent by disconnecting the integration)
  • Lodge a complaint with a supervisory authority

In Poland, you may lodge a complaint with the President of the Personal Data Protection Office (UODO).

United States (including California)

U.S. privacy rights vary by state. Where applicable, you may have rights to know/access, delete, correct your personal information,
and opt out of targeted advertising and certain disclosures.

“Do Not Sell or Share” (California): We do not sell personal information for money. However, some advertising/retargeting
disclosures (e.g., via pixels) may be considered “sharing” for cross-context behavioral advertising under California law.
You can opt out via:

  • CookieYes preferences (Advertising/Marketing category), and/or
  • our “Do Not Sell or Share My Personal Information” page:
    Open page

Canada (PIPEDA)

You may request access to, and correction of, personal information we hold about you, and we will respond within applicable timelines.
We also follow breach notification obligations where applicable.

15. How to exercise your rights

To submit a request, email contact@whiteknight.academy with:

  • your name and the email used for the account, and
  • the request type (access/correction/deletion/opt-out, etc.).

We may need to verify your identity before fulfilling the request.

16. Changes to this Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date.

17. Contact

If you have questions about privacy, contact: contact@whiteknight.academy.