Privacy Policy

Effective date: 2026-05-05 Version 1.1 · published pending formal legal review Thai version is legally binding; this English version is provided for convenience.

Notice · This policy is published in good faith and reflects our current data-handling practice as of the effective date above. It has not yet undergone external legal counsel review. We will revise this document as needed; material changes are governed by §12.

1 · Who we are

3Chess is operated by Round Online ("we", "us", or "the service"). Data controller under the Thai Personal Data Protection Act B.E. 2562 (PDPA):

Controller: Round Online
Studio domain: https://round.online
Game domain: https://3chess.online
Privacy contact: privacy@3chess.online

2 · Scope

This policy applies to the 3Chess service, consisting of:

The downloadable game client running on the user's machine
Supporting online services: relay server, game server, leaderboard, and public audit pages

This policy does not apply to:

Storefronts where the game is sold (itch.io, Epic, Steam, etc.) which maintain their own privacy policies
Third-party websites that may be linked from our game

3 · Data we collect

3.1 · Online mode (casual play · zero-trace · end-to-end encrypted)

"Online mode" is the in-game label for casual online play (the button shown next to "Story", "Play vs Bot", and "Ranked"). In Online mode, 3Chess is zero-trace by cryptographic construction · the server is technically incapable of reading your game:

Gameplay is end-to-end encrypted between the 3 players
The session key is derived jointly by the 3 seated players — our server never holds the key
Our relay forwards only opaque ciphertext; we cannot decrypt, we do not log content
Game content (moves, chat, clocks) is NOT stored in our database
Online-mode rooms are limited to the 3 seated players · there is no spectator/observer slot
When the game ends, all state in game memory and relay memory is zeroized

3.2 · Ranked mode (data is stored, publicly auditable)

Ranked is the public-audit counterpart to Online mode: every move is signed and the server records the full game so MMR computation is transparent and verifiable. Identity is a device-generated keypair · there is no email signup, no password, no third-party SSO.

When you play ranked games, we store the following in our database:

Data	Detail
Public key (pubkey)	Cryptographic public key generated by your client at first launch · the only credential that identifies your ranked account · the matching private key never leaves your device
Display name	The name you choose to show other players (settable in-game)
Ranked game history	List of completed rated games: final placements (1st / 2nd / 3rd), timestamps, signed move chain
Rating / MMR	Rating values (μ, σ) per the PL-Elo + σ tracking model
Ranked chat messages	Chat text signed with the player's long-term key (signed, auditable)
Web session cookie	`3chess_session` HttpOnly cookie, 24-hour lifetime, set only while you are logged in to the website (used for the leaderboard / account pages — separate from the in-game keystore)

The website's account pages (login / signup with username + password) are an optional convenience layer for managing receipts and downloads — they do not affect or replace the in-game pubkey identity.

3.3 · Server access logs

Our self-hosted server keeps a standard web access log to keep the site secure, fix bugs, and understand aggregate traffic patterns. Legal basis: legitimate interest (PDPA s. 24(5) / GDPR Art. 6(1)(f)). Logs are never shared with third parties or used to profile you for ads.

Each request is recorded with: IP address, timestamp, the page or API path you requested, HTTP status, response size and latency, your browser's User-Agent, the referring site (host name only), and — when present — the marketing campaign tags utm_source / utm_medium / utm_campaign / utm_term / utm_content. We may also derive an approximate country from your IP.

Retention:

Data	Kept for
Raw access log (with IP)	48 hours
Anonymous daily summaries (no IP, no User-Agent, no referrer)	indefinite
Security incident records (failed logins, rate-limit triggers, server errors)	up to 12 months

We never log Authorization headers, cookies, request bodies, passwords, payment details, or any query-string parameters other than the utm_* campaign tags above.

4 · Data we do not collect

To be explicit, we do not collect or process:

❌ IP addresses in our application database (server access logs are described in §3.3)
❌ Online-mode game content (moves, chat, clocks)
❌ Spectator identity (spectators view ranked games anonymously)
❌ Precise geolocation (we record country code only · no city · no GPS)
❌ Biometric data
❌ Health or financial data
❌ Advertising identifiers or tracking pixels
❌ Cross-site tracking · third-party analytics · session replay
❌ Social media account data (unless you opt in to link accounts in a future version)

5 · Purposes of processing

We process the data above only for these purposes:

Purpose	Legal basis (PDPA s. 24)
Providing ranked game service (matchmaking, rating, leaderboard)	Performance of contract
Displaying public audit pages for ranked games (transparent rating computation)	Legitimate interest — game fairness
Cheat prevention (signature verification, move chain audit)	Legitimate interest
Responding to data subject rights requests	Legal obligation

We will never use your data to:

Serve advertisements
Sell or share with third parties for marketing purposes
Build behavioral profiles

6 · Recipients of data

Your data may be shared with:

Recipient	What data	Why
The general public (ranked only)	pubkey, display name, rating, completed ranked game history with signed move chain	Ranked is publicly auditable so MMR computation is transparent and verifiable
Law enforcement	As legally required	Legal obligation

Online-mode game content is never shared with anyone — not even with us. See §3.1.

We do not sell your data.

7 · Retention

Data type	Retention
Online-mode game content	Not retained · zero-trace (§3.1)
Session cookies (web)	24 hours after last login
Ranked game history	Lifetime of account · pseudonymized on deletion (see §11)
Rating + profile (pubkey, display name, μ/σ)	Lifetime of account · until you request deletion
Ranked chat messages	Lifetime of account · body replaced with `[deleted]` on deletion
Signed move chains (evidence)	Permanent · pubkey pseudonymized on deletion (chain integrity must be preserved for other players' rating)

8 · Your rights

Under PDPA, you have the following rights:

Right	How to exercise
Access your data	Email privacy@3chess.online with your pubkey
Rectify inaccurate data	Via in-game settings or email
Erase data (right to erasure)	Via in-game account settings, or email request
Portability (export)	Request JSON export via privacy@3chess.online
Object to processing	Email with reason
Withdraw consent	At any time (will result in ranked account deletion)
File a complaint	PDPC · https://www.pdpc.or.th

Important exception: signed move chains of completed ranked games cannot be deleted (see §7) because doing so would corrupt other players' rating integrity. On deletion: your pubkey is replaced with a one-way pseudonym that cannot be reversed back to the original key, your display name becomes [deleted], and your chat message bodies become [deleted].

9 · Cookies

We use exactly one session cookie: 3chess_session for ranked authentication.

HttpOnly · not accessible from JavaScript
SameSite=Strict · CSRF protection
24-hour lifetime
Cleared on logout

We also set a 3cl cookie when you click a language switcher, storing your preferred UI language for future visits (1-year lifetime, no personal data).

We do not use: advertising cookies, analytics cookies, tracking pixels, or third-party cookies.

10 · Minors

This service is intended for users aged 13 and over because ranked mode includes chat. If you are under 13, please do not create a ranked account or submit personal data. Parents who discover that a child under 13 has created an account may contact privacy@3chess.online for deletion.

Online mode has no age restriction (no data is collected).

11 · Security

We implement the following measures:

Transport encryption: TLS on all connections
Content encryption: industry-standard authenticated encryption on all game content in all modes
Signatures: cryptographic signatures for move and game-over integrity
Zero-trace Online mode: no Online-mode game content is stored
Pseudonymization on delete: pubkey is replaced with a one-way pseudonym (cannot be reversed back to the original key), display name and chat bodies are replaced with [deleted]
Access control: no employee has access to data beyond public audit pages

Acknowledged limitations: ranked move chains and chat are signed with the player's long-term key and are not end-to-end encrypted (this is intentional — ranked has to be publicly auditable for the rating system to be transparent). Online mode is end-to-end encrypted; the server forwards opaque ciphertext only.

12 · Changes to this policy

When this policy changes materially, we will:

Update the "Effective date" at the top
Post a notice in-game (visible on the main menu) and on 3chess.online

We do not collect email addresses, so there is no individual notification channel — players must check the website or in-game notice. Non-material wording or formatting changes do not require notification.

13 · Contact

Subject	Email
Privacy inquiries, data requests (PDPA/GDPR)	privacy@3chess.online
Everything else — bugs, account help, legal, press, general	hello@3chess.online

Postal address: contact via email above (disclosed upon formal request).

14 · Governing law

This policy is interpreted and enforced under the laws of the Kingdom of Thailand, specifically:

Personal Data Protection Act B.E. 2562 (PDPA)
Computer Crime Act B.E. 2550 (as amended 2560)
Any disputes fall under Thai court jurisdiction

For players residing in the European Union, we will honor additional rights under GDPR as legally required.

End of Privacy Policy · Version 1.1