Last updated: January 2025
1. Introduction
This Privacy Policy explains how nextround ("we", "us", or "our") collects, uses, and protects your personal information
when you use our chess tournament management platform. We are committed to protecting your privacy and complying with
applicable data protection laws, including the Swiss Federal Act on Data Protection (FADP) and the EU General Data
Protection Regulation (GDPR).
2. Data Controller
Thomas Tscherrig
In den Rütenen 7
8055 Zürich
Switzerland
Email: signet_kufe.37@icloud.com
3. Information We Collect
3.1 Account Information
When you register for an account, we collect:
- Username: Your chosen username for identification
- Email address: Used for account verification, password resets, and important notifications
- Password: Stored securely using industry-standard encryption (bcrypt hashing)
- Account creation date: When your account was created
- Email verification status: Whether your email has been verified
3.2 Tournament Data
When you create or manage tournaments, we collect:
- Tournament names, descriptions, and settings
- Player information (names, ratings, clubs, federations)
- Match results and pairings
- Tournament dates and venues
- Tournament logos (if uploaded)
3.3 Technical Data
We automatically collect certain technical information:
- Cookies: We use HTTP-only cookies for secure authentication
- Session data: To maintain your login session
- Server logs: Basic access logs for security and debugging purposes
4. How We Use Your Information
We use your personal information for the following purposes:
- Account Management: To create and manage your user account
- Authentication: To verify your identity and secure your account
- Email Verification: To confirm your email address is valid
- Password Recovery: To send password reset links when requested
- Service Provision: To provide tournament management features
- Communication: To respond to your inquiries through the contact form
- Security: To protect against unauthorized access and abuse
- Legal Compliance: To comply with applicable laws and regulations
5. Data Storage and Security
Your data is stored in a secure SQLite database on our servers. We implement appropriate
technical and organizational measures to protect your personal information:
- Passwords are encrypted using bcrypt hashing with salt
- Authentication cookies are HTTP-only and secure
- HTTPS encryption for data transmission (in production)
- Regular security updates and monitoring
- Access controls and rate limiting to prevent abuse
6. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Public Tournament Data: Tournament information you choose to share publicly (via share links) may be visible to others
- Legal Requirements: When required by law or to protect our legal rights
- Your Consent: When you explicitly consent to sharing your information
7. Your Rights
Under GDPR and Swiss data protection law, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw your consent at any time
To exercise these rights, please contact us at signet_kufe.37@icloud.com
8. Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained until you delete your account
- Verification Tokens: Expire after 24 hours
- Password Reset Tokens: Expire after 1 hour
- Tournament Data: Retained as long as the tournament exists
9. Cookies
We use cookies for the following purposes:
- Authentication Cookie: A secure, HTTP-only cookie that maintains your login session (expires after 7 days)
- Essential Cookies Only: We do not use tracking, advertising, or analytics cookies
You can disable cookies in your browser settings, but this will prevent you from logging in.
10. Third-Party Services
Currently, nextround does not use third-party services for analytics, advertising, or tracking.
Email services may use a configured SMTP provider for sending verification and password reset emails.
11. Children's Privacy
Our service is not intended for users under the age of 16. We do not knowingly collect personal information
from children. If you are a parent or guardian and believe your child has provided personal information,
please contact us to have it removed.
12. International Data Transfers
Your personal data may be transferred to and processed on servers that may be located outside your country of residence.
We take appropriate measures to ensure that your data is treated securely and in accordance with this Privacy Policy
and applicable data protection laws. By using our service, you consent to the transfer of your information as described
in this policy.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by
updating the "Last updated" date at the top of this policy. Your continued use of the service after
changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data,
please contact us at:
Email: signet_kufe.37@icloud.com
Address: In den Rütenen 7, 8055 Zürich, Switzerland
15. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint
with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority.
Swiss FDPIC:
Feldeggweg 1
3003 Bern, Switzerland
Website: www.edoeb.admin.ch