Privacy Policy
This Privacy Policy explains what data the Software and our support Telegram bot collect, how it is used, and your rights regarding your data.
1. Data We Collect
1.1 On Your Device (local only, never transmitted)
- Lichess API token (stored in
.envon your machine) - Bot configuration (
settings.json,bot_profiles.json) - Game logs, engine evaluations, chat messages (log files only, local)
- Your Windows Machine ID (hashed with SHA-256, stored in
license.dat)
1.2 On Our Server (Telegram bot)
- Your Telegram user ID, username, first and last name
- License key hash bound to your device
- Donation metadata received from DonationAlerts: amount, currency, timestamp, public donor name, optional message
- Timestamps of purchases, key activations, and support interactions
- Messages you send to the support bot
1.3 What We Do NOT Collect
- Your Lichess API token
- Your Lichess games, moves, or opponent data
- Your real name, address, or payment card details (DonationAlerts processes payments; we only see aggregated donation data)
- IP addresses beyond what is technically required for Telegram message delivery
- Any data from other applications on your machine
2. How We Use Data
- License verification: Machine ID hash and key hash are used to prevent license sharing.
- Customer support: Your Telegram ID and message history are used to respond to your questions.
- Subscription management: Donation records are used to issue and track subscription keys.
- Fraud prevention: Abuse patterns (e.g., key sharing) may result in license revocation.
- Product updates: We send broadcast messages about new versions via the Telegram bot. You can mute the bot at any time.
We do not sell, rent, or share your data with third parties for marketing purposes.
3. Third-Party Services
- Telegram: Hosts the support bot. Telegram's own Privacy Policy applies.
- DonationAlerts: Processes your payment. DonationAlerts's Privacy Policy applies to the payment transaction.
- Lichess.org: Your API token communicates directly between your machine and Lichess. We never receive it.
- GitHub (revocation list): A SHA-256 hash of revoked keys is stored in a public GitHub Gist. No personal data is published.
4. Data Retention
- License records: Retained while your subscription is active and for 12 months after expiration, for refund and support purposes.
- Support messages: Retained up to 12 months.
- Donation logs: Retained up to 12 months for accounting and fraud-detection purposes.
- Device data: Never leaves your device. Uninstalling the Software removes it permanently.
5. Your Rights
You may request at any time, through the support Telegram bot:
- Access to the data we hold about you
- Correction of inaccurate data
- Deletion of your data (this will also deactivate any active license)
- Export of your data in machine-readable form
We will respond within 30 days.
6. Security
- License data is encrypted on your device using authenticated encryption (Fernet / AES-128-CBC with HMAC).
- The support bot runs over HTTPS on Telegram's infrastructure.
- DonationAlerts access tokens are stored only on the Developer's private machine and are rotated on expiry.
We follow reasonable industry practices but cannot guarantee absolute security. In the event of a data breach affecting you, we will notify you via the Telegram bot within 72 hours of discovery.
7. Children
The Software is not intended for users under 16 years of age. We do not knowingly collect data from minors. If we learn that a minor has registered, we will delete their data.
8. International Transfers
The support bot may be hosted on servers located outside your country of residence. By using the Software, you consent to international data transfer.
9. Changes to this Policy
We may update this Privacy Policy. Material changes will be announced via the Telegram bot. Continued use of the Software after changes constitutes acceptance of the updated policy.
10. Contact
For privacy questions or data requests, contact us via the official Lichess Bot Telegram bot.