Privacy Guardrails

High Standards of Integrity and Privacy: At Checkmate.live, we prioritize protecting sensitive information while maintaining a secure, fair, and enjoyable gaming environment. Our approach to handling biometric data from the KYC process and managing integrity scores reflects our unwavering commitment to upholding the highest standards of integrity and privacy.

Hashing Biometric Data for Privacy: When users submit their biometric data during KYC, we apply a hashing technique to ensure privacy. This transforms the original biometric information into a unique string of characters, making it impossible to reverse-engineer the original data. By storing only the hashed version, we significantly enhance the security of sensitive biometric information, safeguarding it even in the unlikely event of a data breach.

Handling Proof of Identity Data: We do not store proof of identity documents from the KYC provider. Our system verifies the necessary information and then discards the documents and detailed personal data. This approach reinforces user privacy by ensuring that no sensitive identification materials remain on our servers once the verification process is complete.

Integrity Score Management: User integrity scores are managed securely and updated in real-time. This ensures that scores are always current, accurately reflecting each player’s conduct and adherence to fair play standards. We use robust security measures to protect these scores, preserving the fairness and credibility of our gaming environment.

Benefits of Our Approach: This method strikes the right balance between user privacy and the need for platform security. By protecting sensitive information and managing integrity scores carefully, we maintain a trustworthy, transparent, and fair competitive landscape while ensuring that our users’ personal data is treated with the utmost care.

Your Privacy, Our Priority: How Checkmate.live Protects, Retains, and Deletes Your Data

At Checkmate.live, safeguarding your privacy while providing a secure, fair, and enjoyable gaming environment is at the heart of our operations. We comply with the EU’s General Data Protection Regulation (GDPR), the Australian Privacy Principles (APPs), and other global privacy standards, ensuring that data is handled responsibly, securely, and transparently.

Anonymous Play for Enhanced Privacy

Anonymous Usernames:

• Checkmate Live Players: No real names are required for general gameplay, casual tournaments, or most platform activities.

• FIDE Players: Real names and identity verification are required only for FIDE-affiliated events, in accordance with FIDE regulations. Identity checks are conducted via our secure Know-Your-Customer (KYC) provider, Sumsub.

This balanced approach allows players to enjoy a secure and anonymous experience while adhering to necessary regulatory standards where applicable.

Video Privacy and Retention Policy

1-to-1 Private Matches: No video is recorded for private matches, ensuring that your personal gaming sessions remain confidential.

Tournament Footage: Tournament footage may be recorded and retained for:

• Fair play reviews

• Dispute resolution

• Inclusion in Checkmate Live’s video library

By using Checkmate.live, players consent to the recording and retention of tournament footage as stated in our Terms of Service and Privacy Policy. This practice aligns with industry norms, enhancing community engagement and platform integrity.

Privacy: We’ve Got Your Back

No Kernel-Based Anti-Cheat: We maintain security and fairness without intrusive kernel-level or zero-ring monitoring. Your personal digital environment remains unaffected.

Web3 Wallet Integration: Your Web3 wallet may serve as a unique ID after KYC verification, aligning with Web3’s ethos of user privacy and control while ensuring regulatory compliance.

Quantum Avatars: Play anonymously with Quantum Avatars that safeguard your identity. If you join tournaments requiring transparency, you will follow fair play identification rules.

Core Data Protection Measures

Secure Data Vault System: Sensitive user data is stored in a robust data vault, providing an extra layer of protection against unauthorized access.

Data Hashing and Pseudonymization: Sensitive data, including biometric and identity information, is hashed (e.g., using SHA-256 with salting). This process complies with GDPR’s pseudonymization principles and enhances security by ensuring the original data cannot be reconstructed.

Encrypted Storage and Transmission: Data is encrypted at rest and in transit, ensuring end-to-end security.

Usercentrics Privacy Management: Usercentrics enables you to manage your privacy preferences, offering full control over data permissions and meeting GDPR’s transparency and consent requirements.

Restricted Access and User Permissions: Only authorized personnel can access user data, and solely for legitimate purposes such as compliance, fair play enforcement, or operational support.

Identity Verification and Compliance

KYC Process:

1. Light KYC (Basic Platform Use)

   • Information: Email address, country of residence, date of birth, sex, FIDE ID (optional for casual play, required for FIDE-rated games).

2. Full KYC (Advanced Features & High-Stakes Activities)

   • Information: Government-issued ID (for identity verification), proof of age, Anti-Money Laundering (AML) compliance data, and verification for FIDE ID synchronization.

Third-Party KYC Provider (Sumsub): All sensitive verification documents are processed securely by Sumsub. We do not store these documents on our servers.

• Sumsub Security Overview

Rationale for Data Retention Under GDPR

Legal and Regulatory Compliance: Data is retained as needed to meet obligations under GDPR, AML laws, and age verification requirements, ensuring compliance with financial, security, and anti-fraud regulations.

Fair Play and Platform Integrity: We retain integrity scores, gameplay records, identity verification data, and necessary tournament footage to ensure fair play, prevent match-fixing, and maintain historical accuracy of competition results.

User Support and Dispute Resolution: Retained data assists in resolving disputes, processing payouts, and providing effective operational support.

Data Minimization Practices

Retention Policies: User data is retained only as long as necessary for its intended purpose. After the retention period ends, data is securely deleted or anonymized.

Purpose Limitation: Data is collected and retained solely for legitimate, lawful purposes such as identity verification, compliance, and fair play maintenance.

Global Data Storage and GDPR Compliance

Server Locations: We store data securely in:

• Frankfurt, Germany (EU region for GDPR compliance)

• Singapore

• Mumbai, India

Data Sovereignty and Localization: Checkmate.live makes its best efforts to comply with local and international data protection regulations while being primarily governed by Australian law. Where necessary, we adapt to regional requirements by working with trusted KYC providers or implementing data localization measures, ensuring that we meet the evolving needs of our global user community.

Anti-Cheat and Fair Play Measures

AI Anti-Cheat System: Our AI system detects and prevents unfair practices, ensuring a level playing field.

Integrity Scores: We monitor and update player integrity scores in real-time, reflecting current conduct and adherence to fair play standards.

In-Game Video Monitoring: Tournament footage is retained for fair play reviews, with flagged footage stored only as necessary.

Commitment to GDPR Compliance

Checkmate.live combines advanced technologies, robust security measures, and strict adherence to regulatory standards. We adapt to market-specific requirements and incorporate state-of-the-art privacy solutions to ensure a user-centric, legally compliant platform.

Handling Biometric Data and Integrity Scores

Hashing Biometric Data: Biometric data collected during KYC is hashed, ensuring that the original biometric information cannot be reconstructed. This method protects against privacy breaches, even in the unlikely event of a data compromise.

Proof of Identity Data: We do not store proof of identity documents from the KYC provider. Once verification is complete, sensitive documents and detailed personal data are not retained on our servers.

Integrity Score Management: Integrity scores are securely updated and stored, ensuring that fairness and credibility remain central to the gaming experience.

Checkmate Live Account Deletion Policy

1. Introduction Checkmate Live respects user privacy and complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and related global standards. This Account Deletion Policy explains how personal information (PI) is managed when users request account deletion, as well as when certain data may be retained.

2. Requesting Account Deletion Users can request account deletion at any time by following in-platform instructions or contacting our Support team at [contact information].

3. Scope of Deletion Upon a valid deletion request, we remove all Personally Identifiable Information (PII) that directly identifies the user (e.g., name, email, payment info, profile images, non-required communication logs). However, if a player has registered a FIDE ID or a similar federation identifier, that identifier (not PII) will be retained and linked to a username to maintain competition integrity and historical accuracy.

4. Participation in Prize Tournaments and Regulatory Requirements If a user participated in prize tournaments, certain records may be kept to comply with:

• Australian state/territory gaming and wagering laws,

• The Competition and Consumer Act 2010 (Cth) and the Australian Consumer Law,

• Taxation and financial record-keeping requirements,

• International regulations where events are hosted. Only the data necessary for these obligations is retained, and it is securely disposed of or de-identified after the legally mandated period.

5. Justification for Retention Retaining federation identifiers and event results is standard in sporting and competitive contexts to preserve historical records and uphold fairness. No additional PII is retained beyond legal or operational necessity.

6. Enforcement of Bans and Platform Integrity Minimal non-PII data (e.g., hashed identifiers) may be retained to enforce bans and prevent previously banned users from rejoining, consistent with industry standards.

7. Legal and Regulatory Compliance Data may be retained to fulfill legal requirements (taxation, anti-fraud, gaming regulations). Retention periods meet Australian and relevant international standards.

8. Data Security and Protection All retained data is secured with industry-standard measures, encryption, and access controls, complying with APP 11 and other applicable regulations.

9. Transparency and Updates This policy is part of our broader Privacy Policy. We will notify users of any material changes and provide further details on retention periods upon request.

10. Contact and Disputes For questions or concerns, contact our Support team or DPO. If issues remain unresolved, users may contact the OAIC, relevant Australian authorities, or the appropriate authority where events are hosted.

11. Periodic Review We review and update this policy periodically to ensure continued compliance with legal requirements and industry standards.