Skip to content

YiChess legal center

Policies for accounts, payments, privacy, fair play, and AI review.

Formal legal pages for YiChess, operated by Vistasense AI Technology Limited. Last updated May 31, 2026.

Privacy Policy

Last Updated: May 31, 2026

Product / brand: YiChess Product website: https://yichess.com Operator and seller-facing entity: Vistasense AI Technology Limited, a Hong Kong limited company, Company No. 80364727, Business Registration Certificate No. 80364727-000-05-26-8, registered address: Room 1602, 16/F, Wing On Centre, 111 Connaught Road Central, Hong Kong. Support: support@yichess.com

1. Overview

This Privacy Policy explains how Vistasense AI Technology Limited (“we”, “us” or “our”) collects, uses, discloses, stores and protects personal data in connection with YiChess.

Hangzhou Weishi Information Technology Co., Ltd. and other service providers may process certain data as technology, AI analysis, hosting, infrastructure, security, product support, email delivery, analytics, customer support, payment, compliance or professional service providers.

2. Controller / Operator

For the overseas product website and user-facing service, the primary operator is Vistasense AI Technology Limited. Depending on your location and the specific data flow, payment providers, Google, hosting providers and other third parties may act as independent controllers or processors under their own notices and terms.

3. Data We Collect

We may collect the following categories of data:

Account and Login Data

Email address, username or display name, password hash, login method, email verification status, password reset metadata, verification code metadata, magic link metadata, Google sign-in identifier, Google email, Google email verification status, Google profile name and profile image, account status, account creation date, linked login methods, consent records and security events.

We do not need to store plaintext email verification codes or plaintext passwords.

Learning and Product Usage Data

Course progress, lessons viewed, training exercises attempted, puzzles attempted, AI review requests, AI review outputs, game records submitted for analysis, learning reports, product settings, feature usage, subscription entitlements and AI review quota consumption.

Practice and Fair Play Data

If practice matches or play features are available, we may process match records, moves, timing information, room/session data, opponent identifiers, connection status, latency, disconnection events, game outcomes, fair play indicators, abuse reports and review results.

Payment and Subscription Data

Product purchased, plan, price, currency, tax status, order ID, subscription status, renewal status, entitlement records, refund status, chargeback status, payment provider, provider transaction identifiers and limited payment metadata. Full card numbers, wallet passwords and sensitive payment credentials are handled by payment providers and are not stored by us.

Support, Communications and Moderation Data

Customer support tickets, emails, chat messages, refund requests, complaints, appeals, moderation reports, evidence, account restrictions, support notes and communications with us.

Device, Log and Security Data

IP address or IP prefix, device type, browser type, operating system, user agent, language, approximate region, cookie identifiers, session identifiers, OAuth state/nonce, CSRF tokens, login attempts, rate-limit events, security logs, audit logs, crash logs and fraud prevention signals.

Cookies and Similar Technologies

We use cookies, local storage, session storage, SDK identifiers and server-side identifiers for login sessions, security, CSRF prevention, OAuth integrity, preferences, analytics and product improvement. See our Cookie Policy.

4. How We Use Data

We use personal data to:

  • create, verify, authenticate and secure accounts;
  • provide email login, password login, email code login, magic link login and Google sign-in;
  • provide lessons, training tools, AI review, course packs, learning reports and subscriptions;
  • provide auxiliary non-cash practice features if available;
  • process orders, subscriptions, renewals, cancellations, refunds, chargebacks, invoices, tax records and accounting records;
  • enforce Fair Play, prevent cheating, prevent fraud, prevent account takeover, investigate abuse and protect platform integrity;
  • respond to customer support, legal, privacy, billing and security requests;
  • monitor reliability, debug errors, improve performance and develop product features;
  • comply with legal, tax, accounting, sanctions, payment provider, security and recordkeeping obligations;
  • protect rights, safety and security of users, us, payment providers and third parties.

Where GDPR, UK GDPR or similar laws apply, we rely on one or more legal bases, including:

  • performance of contract, such as providing your account, paid products, subscriptions and support;
  • legitimate interests, such as platform security, fraud prevention, fair play enforcement, product improvement and business operations;
  • consent, such as optional cookies, optional marketing and certain optional integrations where required;
  • legal obligations, such as tax, accounting, payment, sanctions, consumer protection and regulatory obligations;
  • protection of vital interests or legal claims where relevant.

6. Google Sign-In

If you choose Sign in with Google, Google may process your authentication request and share limited account information with us. We use Google sign-in data only to authenticate you, create or link your account, secure your account, prevent abuse, provide support and comply with platform policies.

We do not sell Google sign-in data, use it for unrelated advertising, transfer it to unauthorized parties or use it to determine fair play violations without platform evidence.

7. Payment Providers

Payment providers such as Paddle, Stripe, banks, EMI partners or wallet providers may process transaction data under their own terms and privacy notices. Where Paddle acts as Merchant of Record or reseller, Paddle may independently process buyer, payment, tax, fraud, refund and chargeback data.

If Alipay, WeChat Pay or other wallet methods are made available through approved providers, the relevant provider may process wallet authentication, payment confirmation, refund, risk control and compliance data under its own terms.

8. Sharing and Service Providers

We may share data with:

  • Hangzhou Weishi Information Technology Co., Ltd. for technology, AI analysis, hosting support, product support, engineering, security and internal operations;
  • cloud hosting, database, storage, CDN, monitoring, email delivery, customer support, analytics, anti-fraud, security and developer service providers;
  • payment providers, tax calculation providers, accounting tools, banks, EMI partners and chargeback tools;
  • professional advisers, auditors, accountants, tax advisers, legal counsel and compliance consultants;
  • authorities, payment networks, dispute bodies or third parties where required by law or necessary to protect rights, safety, security and payment integrity.

We do not sell personal data to advertisers.

9. International Transfers

The platform is operated for international users and may use infrastructure, service providers or support teams in Hong Kong, Singapore, the United States, the European Economic Area, mainland China or other locations where we or our providers operate.

Where required, we use appropriate safeguards such as contractual protections, access controls, encryption, security measures, transfer impact assessments or other legally recognized mechanisms.

10. Retention

We keep personal data only as long as necessary for the purposes described in this Policy, including account operation, paid entitlement delivery, support, security, fraud prevention, fair play enforcement, tax, accounting, legal defense, chargebacks, disputes and compliance.

Account data may be deleted or anonymized after account deletion, subject to retention required for payment records, tax records, refund records, fraud prevention, fair play enforcement, chargebacks, security logs, legal claims and compliance.

11. Children and Minors

The platform is not intended for children under 13. Users under the age of majority must use the platform only with parent or guardian consent and supervision where required. We may restrict or delete accounts if we believe age requirements are not met.

12. Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, export or object to certain processing of your personal data, restrict processing, withdraw consent, opt out of certain cookies or marketing, request account deletion or lodge a complaint with a regulator.

You may contact us at privacy@yichess.com. We may need to verify your identity before fulfilling certain requests.

13. Security

We use technical and organizational measures designed to protect personal data, such as HTTPS, secure cookies, password hashing, limited access, role-based permissions, audit logs, CSRF protection, OAuth state/nonce validation, rate limiting, monitoring, backup and incident response processes.

No system is perfectly secure. You should keep your email account, passwords, devices and authentication methods secure.

14. Changes

We may update this Policy from time to time. If changes are material, we may provide notice or request renewed consent where required.

15. Contact

Privacy requests: privacy@yichess.com Support: support@yichess.com Security: security@yichess.com Legal: legal@yichess.com