ChessPD statement of compliance with the Indian Digital Personal Data Protection Act 2023. Data Fiduciary identity, Data Principal rights, Grievance Officer contact, and the path to the Data Protection Board.
Under section 2(i) of the Digital Personal Data Protection Act 2023 ("DPDP Act"), the Data Fiduciary for personal data processed via the ChessPD platform is Sai Tarun, sole proprietor, operating under the trade name ChessPD, registered in India.
The Data Fiduciary determines the purpose and means of personal-data processing on the platform and is accountable for compliance with the DPDP Act.
Under section 2(j) of the DPDP Act, the Data Principal is you - the individual to whom the personal data relates. For tournament workspaces, the player roster you upload may include personal data of third parties (the players); in that case you act as the Data Fiduciary for that player data and ChessPD acts as your Data Processor under section 2(k).
You must have a lawful basis (consent, contract, legal obligation) to upload personal data of any third party. By uploading you confirm such basis exists.
We process your personal data on the following lawful bases under section 7 of the DPDP Act:
(a) Consent: when you create an account, you consent to the collection and use of your name, email, mobile number, and password hash for authentication and transactional communication. You may withdraw consent at any time by deleting your account (which deletes the associated data within thirty days).
(b) Performance of a contract: processing necessary to deliver the platform you have purchased, including order processing, credit-wallet accounting, prize-distribution computation, and PDF / Excel export generation.
(c) Legitimate use under section 7(b): processing necessary for the security of the platform (rate limiting, abuse detection, audit logging).
(d) Compliance with a legal obligation: retention of financial records (invoices, GST data) for the statutory period.
Account data: name, email, mobile, password hash, email-verification timestamp, optional Google account id.
Transactional data: order codes, bundle-pack purchases, UPI transaction ids, payment screenshots, wallet credit ledger.
Tournament data: tournament name, dates, location, prize-pool configuration, player roster, generated prize distributions.
Technical data: IP address, browser user-agent, request URL (web-server access logs).
We do not collect special-category data (sensitive personal data such as health, biometric, financial-card credentials, sexual orientation, religious beliefs, or caste) and we ask you not to upload any such data through the platform.
Under sections 11 to 14 of the DPDP Act you are entitled to:
(a) Right to access information about the personal data we hold about you (section 11). You can review most of this data on /account/profile and /account/security; for anything not visible there, write to the Grievance Officer.
(b) Right to correction and erasure (section 12). You can correct your name, email, mobile, and password from /account/profile and /account/security. To erase your account and all associated personal data, use the delete-account control on /account/security; deletion completes within thirty days.
(c) Right of grievance redressal (section 13). If you believe we have failed to comply with the DPDP Act, contact the Grievance Officer named in section 8 below. We will respond within thirty days.
(d) Right to nominate (section 14). You may nominate another individual to exercise your rights in the event of your death or incapacity. To register a nominee, write to the Grievance Officer with the nominee's name, relationship, and contact details; we will record the nomination on your account.
Personal data is stored on cloud infrastructure operated by Supabase (managed PostgreSQL + object storage) in a region within the European Union or India. We do not transfer personal data to any other country.
If the Central Government notifies under section 16 of the DPDP Act any restriction on cross-border transfers, we will reconfigure our infrastructure to comply within the prescribed time.
In the event of a personal-data breach affecting your account, we will notify you and the Data Protection Board of India in accordance with section 8(6) of the DPDP Act and any rules issued thereunder. Notification will include the nature of the breach, the data affected, the steps we have taken in response, and the steps you should take to protect yourself.
Under section 13(3) of the DPDP Act, we have appointed Sai Tarun as the Grievance Officer for the ChessPD platform.
Email: grievance@chesspd.com
Postal address: will be published once the operating-address registration is finalised.
Response time: within thirty days of receipt of a complaint, as required by the Act.
If you are not satisfied with the Grievance Officer's response, or if no response is received within the thirty-day window, you may file a complaint with the Data Protection Board of India under section 27 of the DPDP Act. The Board's contact details and complaint procedure will be published by the Central Government and are independent of the platform.
This statement is updated when the DPDP Act rules change or when our processing materially changes. Material changes will be notified to every active user by email at least seven days before they take effect.
Last updated: 12 June 2026.
0% complexity · 100% accuracy.
This is ChessPD.
Built to reach every chess player and arbiter, worldwide.
