Security Page


Introduction


Definitions

Security Page - the webpage located at www.chessleague.cc/security, listing information about security and the Security Policy of the Chess League

Security Policy - the collection of statements and clauses which form policies within the Security Page


Purpose of this Security Page

The purpose of this Security Page is to provide all social, procedural, network, and other technological details necessary in ensuring the safety and security of both our members and users of the Chess League websites. This page also contains statements and clauses that, when indicated as such, collectively make up our “Security Policy.”


Statement of Authority

While some of the information on this page is simply meant to be informative to the user, much of it constitutes our binding Security Policy, which we, the Chess League, are self-bound by. Regarding matters that are clearly outlined on this Security Page, this page has a superseding authority over any other portion of the Chess League website (including our Terms of Service and Privacy Policy), and over the word of any individual, regardless of their alleged association or affiliation with the Chess League. Regarding any matters which constitute our Security Policy, there are to be no “exceptions” to such policy, unless those exceptions are explicitly provided for on this page. Any indication that an individual who claims affiliation with the Chess League is dismissing or invalidating any part of the Security Policy on this page should act as an immediate red flag of fraudulent or unauthorized activity, regardless of the alleged “position” of the individual, and whether or not they claim to have the authority to act in opposition to such Security Policy.



Network


Domains

The following is an up-to-date list of all domains and subdomains owned by the Chess League. Three of them, call.chessleague.cc, play.chessleague.cc, and count-traffic.chessleague.cc, are used only for the creation and maintenance of redirect links. The rest are used in hosting web pages or files, except for chat.chessleague.cc, which is currently not being used, and member.chessleague.cc, which is used only for email.


chessleague.cc

dashboard.chessleague.cc

credentials.chessleague.cc

clients.chessleague.cc

cloud.chessleague.cc

chat.chessleague.cc

play.chessleague.cc

call.chessleague.cc

count-traffic.chessleague.cc

member.chessleague.cc

members.chessleague.cc


Websites

The following websites are owned and managed by the Chess League:


www.chessleague.cc (main site)

Pages located on cloud.chessleague.cc (for files and some webpages)

credentials.chessleague.cc (member sign in)

Pages located on dashboard.chessleague.cc (for members)

Pages located on chat.chessleague.com (for chat rooms only)



Email Addresses

The following email addresses are managed solely by the Chess League. Emails sent from these addresses are legitimate:


comschessleague@gmail.com (Automatic Replies)

comschessleague+canned.response@gmail.com (Automatic Replies)

chessleague@googlegroups.com (Email Subscriptions)

contact@chessleague.cc (General Inquiries)

membership@chessleague.cc (Membership)

connect@chessleague.cc (Partnerships)

joshbauer@chessleague.cc (Chess League Director - Josh Bauer)

season-updates@chessleague.cc (Season Updates)


Along with the above email addresses, which may be used by us to contact our members and other users, we provide an email address to each of our members, ending in @member.chessleague.cc. It’s important to note that this is an email address, not an email account. All emails sent to these addresses will be forwarded to the personal email account of the corresponding member. By default, these addresses are receive-only, meaning members can view emails sent to that address, but cannot reply as that address. An option exists to set the address as both a send and receive address, and members who wish to utilize this option and encouraged and welcome (click here for a step by step guide), but for the majority of members, contacting these email addresses will usually prompt a reply from a different email address - one owned by the member, and not the Chess League. In addition, there may be other addresses from which emails are sent, specifically when dealing with Google Groups. For example, chessleague+noreply@googlegroups.com and chessleague_flcs2019-2020@googlegroups.com are two varying addresses of chessleague@googlegroups.com. If you have any concern that the sender of an email is illegitimate, please report it to us, even if you're not sure.


Downloads

All file downloads are served either from our own site (generally cloud.chessleague.cc) or from Getspace, an online storage platform. We do not link directly to any automatic download from a third-party site (defined as any site where we do not control the file at the destination) without displaying a cautionary notice.


SSL Certificates

An SSL certificate (SSL standing for Secure Sockets Layer) is the piece of information about a website that lets your browser know it can be trusted. Sites with a valid SSL certificate start with an “https” whereas sites without one, or with one that is expired or configured incorrectly, start with an “http”. The “s” in the “https” stands for “secure,” and means that any information you send that site using input fields (like when you enter your contact information or fill out a form or survey, or when you give your credit card information to make a purchase) is encrypted. However, when the site begins with “http”, it means it site does not use encryption to transfer that data from your computer to the servers of our website, and as a result, any data you input and send may be visible in plain text to outsiders looking to exploit this fact during a short interval after clicking submit.


Our highest priority is to protect the information and privacy or our members and other users, from the fields provided upon sign-up for a membership, to any payment information provided during the purchase of a product or service, to the private chat rooms available to our members. If, during any of these or similar activities involving the input of information, you notice a warning in the URL Address bar of your browser which says “Not Secure,” we highly advise you to contact us immediately at contact@chessleague.cc, or if you are a member, at membership@chessleague.cc, so we can temporarily disable the site or page until the issue has been resolved.


The following domains should always be secure (beginning with “https” and not “http”):


chessleague.cc

dashboard.chessleague.cc

credentials.chessleague.cc

call.chessleague.cc

count-traffic.chessleague.cc


The following domains should always be secure, but are more prone to becoming insecure (losing the “s” in “https”) than the ones previously listed, since, unlike those previously listed, configuration and renewal is done manually, not automatically, and are hence more prone to human error.


cloud.chessleague.cc

chat.chessleague.cc


The following domains are either not secure (beginning with “http” instead of “https”) or not existent (meaning there is no website there):


content.chessleague.cc

member.chessleague.cc



Procedures


Password Reset

There may come a point in time where a member or user feels the need to reset a password to a platform or service provided by the Chess League, including passwords which limit viewing access to certain portions of the Chess League website, and also including passwords to third-party accounts issued to a member by the Chess League at some point during their membership. In either case, there is a system in place to ensure a high level of security when changing any such password or when setting it initially.


The first rule of thumb, in regards to security, when setting or resetting a password relating to the Chess League, is to understand that all user-passwords are stored as plain text in an online database owned by the Chess League. While an extremely high level of security has been deployed to ensure that anyone unauthorized does not obtain access to this database, the risk still exists, and accordingly, it is important that you do not reuse the same password that you have in place for any other personal account. In addition to not reusing your password, your password(s) must comply with our Credential Complexity Policy.


When you are ready to reset your password, copy and paste the below text into an email, using the same email account as the one you entered upon sign-up, with the subject line being “Password Reset” and the recipient being “membership@chessleague.cc”. Replace all areas outlined by brackets with your own information.


“Hello, I would like to reset my password for [specify account or usage of password]. Please reset it to the following:


[type new password, and omit the brackets if not they’re part of the password]


I verify that I am [your name], and that accordingly, I have the authority to perform the action stated above. My member ID is [your five-digit member ID].


Thank you.”


Upon receiving this email, we will change your password(s) if we are able to do so, and if not, we will inform you.


If for any reason you do not wish to transfer you new password to us via email, please indicate so in the email, simply by typing in the space where your password goes:

“{confidential}”

...including the parenthesis, but without the quotes, and we will reply to your email with the options available.


Private Link Reset

If at some point you would like to reset a private link URL that has been assigned to you, you may do so by emailing us at membership@chessleague.cc, and indicating the old link, along with a statement that you would like to reset that link. Unlike passwords, private links are not customizable, so we do not take such requests. Upon receiving this email, we will reset your link, and reply via the same email thread with your new link, as long as the link is to a page accessible just to you and not to, for example, an entire group of members. Usually this can be determined by examining the link. If the link contains your name, it’s likely unique to you, whereas if the link contains the name of a season, resource, etc, it’s likely accessible to others as well, in which case we may decide not to change the link.


We may change private links periodically on our own accord, in which case we will either send you the new link or provide a constant place for you to log in by other means to obtain that link at any time.


Update Member Information

If any of the information changes that you provide us on sign-up, especially if contact or other important information, you can inform us of this change by emailing us at membership@chessleague.cc, with the subject line: “Update Member Information”.


Parental Consent to Membership of a Child

If you are a parent looking to grant permission for your child (defined as an individual under the age of thirteen) to obtain a membership in the Chess League, please have your child begin the application process as they normally would, starting on our Membership page. After indicating that they are under thirteen years of age, they will be switched over to a form asking them for your (parent or legal guardian’s) first and last name, phone number, and email address. Upon receiving this information, we will send you an email, and if needed, give you a call asking for your permission to grant your child a membership and accordingly, collect and keep their information in our database.


For more information on our policy regarding membership of individuals under thirteen, please see our Advanced Parental Policy, the Use by Those Under Thirteen section of our Terms of Service, and the Children’s Privacy section of our Privacy Policy.



Policies

The below policies together make up the Chess League Security Policy. These policies, although potentially being applicable to users in some aspects, are specifically designed to dictate how the Chess League conducts any affairs that relate to the the exchange of currency or important information, especially when private or confidential, or to other matters that may affect the safety, security, or privacy of the members or other users of the Chess League.


First-Tell Update Policy

The First-Tell Update Policy pertains to the process by which the Chess League updates information regarding its members. The purpose of this policy is to equip members with an additional method of ensuring the legitimacy of anyone attempting to collect their private or sensitive information on behalf of the Chess League. The policy is as follows:

Chess League members reserve the right to ask what information the Chess League currently holds on them before updating that information by sharing new information with the Chess League. An exception applies to any situation where the individual accepting the role of a member is

reasonably perceived by the Chess League to be someone else impersonating that member or;

not using a channel of communication confirmed by the Chess League to be solely controlled by that member

The previous exceptions exist to ensure that no one other than the member themself is able to ask for and be given any information regarding the member otherwise not publicly accessible, especially when that information is sensitive or private.


Business Email Policy

In any situation where you find yourself communicating with the Chess League via email, you should be aware of our Business Email Policy, whose purpose is to enhance the security of both us and our members. The policy consists of the following restrictions of email use in regards to communication with the Chess League:

  1. For any issues regarding one’s membership, the Chess League, unless replying via the address to which an email was sent by the member, will utilize only the address membership@chessleague.cc. In the case that a member does send an email regarding their membership to an alternative Chess League email address, that email address is allowed to respond, but must forward the thread over to membership@chessleague.cc, and must not be used in support or any other activity that would not be possible to provide without privileged knowledge of the Chess League user-database or the membership of any specific individual. If however, the answer or other resolution can be provided without such privileged knowledge, as in, for example, if the answer to the question or comment of the member is one which does concern their membership, but is also outlined in the Chess League Terms of Service, or elsewhere on the website, or is something else that could be considered “common knowledge” in that it is publicly accessible, then that answer or resolution may be provided or offered by that alternative email address.

  2. In the case that the Chess League is requesting any sort of sensitive or private information (as defined by the Definition section of our Privacy Policy) from a member or other user, an official email address of the Chess League must be used (consisting of the addresses under Email Addresses higher up on this page) and when pertaining specifically to membership, the email address membership@chessleague.cc must be used. It is ill advised for any member to respond favorably or in compliance with any personal or unrecognized email address claiming to be associated with the Chess League, specifically in regards to the sharing of sensitive or private information. In the case of any such request by any such email address, it is recommended that you report the case to the Chess League by forwarding the email to any of the official email address listed under the Email Addresses on this page, but preferably membership@chessleague.cc or the official Chess League email address of the Chess League director.

  3. Any individual authorized to act on behalf of the Chess League must have their own Chess League email address, whose format is firstnamelastname@chessleague.cc. Additionally, the individual must be able to both send as and receive to that address.


Physical Mailing Policy

The Chess League currently has no permanent physical address. As a result, any mail you receive from the Chess League is being sent from the personal home or mailing address of someone who is associated or affiliated with the Chess League, but not the Chess League itself. As a result, you will under no circumstances be required to reply via mail, using the return address or any other address, to any mail you receive from the Chess League. Aside from not being required to, you are highly encouraged not to send mail to these addresses, especially if containing sensitive or private information. If you receive any mail from the Chess League for the purpose of identity verification, or for any other purpose which involves needing a response from the recipient of the mail, you are to respond by email (as will also be directed by the mail, if it was in fact legitimately sent by the Chess League) to contact@chessleague.cc, or if it pertains to your membership, to membership@chessleague.cc.


Private Phone Call Policy

The Chess League does not actively maintain the operation of corporate phones, and as a result, any phone calls that take place between/among employees and managers of the Chess League and between such employees and/or managers and users of the Chess League, utilize the personal phone lines and phone numbers of those who manage or are employed by the Chess League. As follows are the restrictions set in place to govern the use of such personal phones for corporate purposes, and to prevent the privacy or security of Chess League users from being compromised:

  1. Phone calls must not be sent by the Chess League outside of the hours 6:00 AM to 11:30 PM, as in the time zone of the recipient of the call, which is to be determined by any location data contained by the Chess League on the recipient. This does not include phone calls which start during this time but advance past this time, which are allowed. It also does not include calls made by a user to the Chess League outside of this time, which are also allowed. An exception is merited if the Chess League is calling a recipient within 5 minutes of the ending of a previous call with that recipient, regardless of who initiated the previous call, which is allowed. An exception is also merited if the call is an emergency. If this is the case, the words “This call is an emergency” must be used within the first two sentences of conversation (excluding introductory phrasing, like “hello,” etc) or within the first 30 seconds or conversation, whichever is sooner, even if it results in interrupting the recipient of the call. An emergency as it relates to an after-hour phone call is defined by any situation which, if not resolved in a time frame before 6:00 AM the next day, or if it can be solved during/after that time, but the phone call is not the only factor in resolving the emergency, and other substantially time consuming steps would need to be taken after the phone call to resolve the emergency, will have a likely outcome of property damage, emotional damage, injury, or death. It should be noted that digital assets are considered to be property. The resolution of the emergency must also in some way pertain to the after-hour call to the user.

  2. Phone calls are not to be recorded by the Chess League, unless the recipient has not only been notified, but also has consented to the recording of that call before the call has begun or immediately at the start of that call. Such consent expires as soon as the call is hung up and must be sought and acquired at the start of every call thereafter as well if those calls are to be recorded.

  3. Phone calls may only be made on behalf of the Chess League when they originate from a phone number listed on the Employee Locator page of the individual calling on behalf of the Chess League.

  4. The recipient of a phone call made by the Chess League has the right to be told exactly which person is calling them on behalf of the Chess League. If asked this question, the person calling on behalf of the Chess League must reply with at least their first and last name, their Chess League email address, and the URL of their Employee Locator page (starting with www.chessleague.cc/e-locator).

  5. The recipient of a phone call made by the Chess League, should they feel the need, has the right to insist the conversation be continued by email using the Chess League email address of the one calling them (ending in @chessleague.cc), or if a matter of membership, using the email address membership@chessleague.cc. Any individual authorized to call a member regarding their membership on behalf of the Chess League will have access to this email address. There are no exceptions to this fact.


Screen Sharing Policy

For security reasons, the Chess League does not provide nor allow for the use of video calls which utilize live screen sharing during any activity, included but not limited to, engaging in customer support, or performing any normal activity of the Chess League. If any two parties wish to engage in such activity (use of live screen sharing), they are prohibited from use of any Chess League resources or other forms of facilitation to do so by the Chess League, and must be in agreeance beforehand that such activity is being performed on the level of a personal favor or agreement, and not a company service. In the case that both (or if there are multiple, all) parties are in agreeance with this, no parties remain bound to this Security Policy or liable to the Terms of Service of the Chess League, since such activity is not being conducted within the Chess League, or by using any privileges obtained from association or affiliation with the Chess League.


Monetary Transfer Policy

To protect the financial well-being of our members and to avoid any unnecessary complications, we have enacted the following policy:

  1. All payments both to and from the Chess League for any product or service or for any refund or reparation are to be made only through one of the following methods (but depending on the specific circumstances, not all methods may be available):

    1. Cash

    2. Credit Card

    3. Debit Card

    4. Bank Check

    5. Direct Deposit

    6. Money Order

    7. PayPal

    8. Google Pay

    9. Any currency issued by the Chess League itself, including Chess League-specific gift cards, tickets, discount cards, etc, if possessed to the extent necessary, and if applicable to the product or service wished to be paid for

  2. Upon request, the Chess League is required to issue a receipt to a customer of any online product or service of the Chess League.

  3. Any outgoing payments of the Chess League, whether online or in person, must be documented in the Chess League Budget, and must include the total amount of money transferred, the intended recipient, the date of the transaction, the reason for the transaction, and if received by the recipient, how much of the allocated amount was actually received by the recipient, along with any balance still owed to that recipient.

  4. Regarding any transaction not fully fulfilled due to an error, whether that error was manual or automatic, it is the responsibility of the indebted party to fulfill the payment to the extent that the party to which the amount is owed received the amount in full. Unless the receiving party is notified of and agrees to any transaction fees, those fees are not to be deducted from the amount owed, and are to be paid by the indebted party if there is no reasonable alternative with which to fulfil the transaction without paying those fees. This includes federal and state taxes, and any fees imposed by any third-party payment processors.


Disguised / Undescribed / Misleading Link Policy

The Chess League often uses hyperlinks to link words and phrases to web pages, files, or other content on the internet. It is our policy not to link to any source in a way that is misleading or mysterious in nature. This includes not sufficiently providing enough background or context on the destination of the link to effectively allow a reasonable individual to be able to speculate, with a decent extent of accuracy, either the type of resource linked to or the owner/provider of the resource. If one of those two indications are not made reasonably clear by the context surrounding the hyper-link, the link is not to be posted onto any online platforms of the Chess League, including websites, files, or blogs, and is not to be used in any written channels of communication such as emails, text messages (when applicable), etc.


Controlled Redirect Policy

The Chess League website, blogs, emails and other forms of online content which utilizes written language along with a hyperlink ability, may contain some links to outside websites, files, or other content. In order to ensure safety of this process and relevance of that content, we have implemented the following procedure:

  1. All links to any site not owned by the Chess League, if embedded into a word or phrase and not shown as plain text, will be marginalized by a redirect link managed and controlled by the Chess League.

  2. All sites linked to by the Chess League that are not owned by the Chess League will be checked periodically, at an interval of no longer than once every three months, to ensure safety, relevance, and accuracy of that destination.


Advanced Parental Policy

In accordance with the Children's Online Privacy Protection Act, and with our Privacy Policy, we must have express permission from a parent if we wish to collect and store the information of any individual under the age of thirteen.

Because it’s necessary for us to have such information of our members, for multiple reasons (see the Summary of the Reasons Requiring Use of Your Information portion of our Privacy Policy), parental permission is required for any individual under the age of thirteen to obtain a membership. This advanced Parental Policy serves to protect the parental right to such decision by mandating the following:

  1. We must have initial written, or, if recorded, oral consent from a parent or legal guardian for any individual under the age of thirteen to obtain a membership.

  2. If we have reason to believe that an individual under thirteen has deceptively bypassed receiving parental consent to obtain a membership, we will pursue a more advanced assurance that actual parental consent has been granted until no reasonable doubt remains that parental consent has been granted. This includes, but is not limited to, requesting a phone call with the parent in place of or in addition to written consent via email, etc.

  3. If we have reason to believe that an individual has falsely indicated their age to be over thirteen, when in fact it is not, we will pursue more advanced methods of identity verification to ensure the individual is in good standing to be a member.

  4. If we find that an individual under the age of thirteen has falsely entered their age, we will take certain reasonable steps, even if we do not have the parent’s information on record, to find and notify the parent of this event. If the individual is still under thirteen at the time of this discovery, we will also immediately terminate the membership of the individual, per discontinued eligibility, and will uphold such termination until the individual is over the age of thirteen. The Chess League may also, at their sole discretion, prolong that termination for a period after, on the account of a violation of our Terms of Service.


Credential Complexity Policy

Members, upon participating in a season or other activity of the Chess League, are often issued passwords and private links for the purpose of restricting access to certain portions of our site or content to a specific member, group of members, or another type of user. When resetting your password, you are responsible for ensuring that the password meets the following requirements:

  1. Minimum length of eight characters is reached

  2. Both alphabetic and numeric characters are included

  3. The password is not easy to guess

We reserve the right, but not the obligation, to prevent your password from being changed to any string that does not meet those minimum requirements. Additionally, any and all passwords issued to you by the Chess League will meet those minimum requirements.


Data Access Policy

As explained in the Security and Access of Private Information portion of our Privacy Policy, we allow limited access to user information by third-party processors. In the interest of the security of our members, through the accountability of these third-party entities, we have this policy to mandate a thorough and up-to-date list be kept of all entities that have access to user information. Such list can be located here.


Domain Usage Policy

For the sake of security, we will always maintain an up to date list of all domains owned, managed, and/or used by the Chess League. This list of domains is located here on our Security Page at Domains. If you are taken to a page that claims to be the Chess League, but lies on any domain other than the ones listed here, there is a substantial risk that the site is not ours, and that entering any private or sensitive information on that site could result in that information being compromised.


Employee Locator Policy

Any Chess League employee, volunteer or other associate of the Chess League, if authorized to act on behalf of the Chess League, is to have an Employee Locator page on the Chess League website containing a minimum of the individual’s first and last name, Chess League email address (ending in @chessleague.cc, not @member.chessleague.cc) and all phone numbers they may potentially use on behalf of the Chess League (in order for phone numbers to be listed on this page, they must only be accessible to the individual, and access to and/or use of these phone numbers must not be shared). The Employee Locator page of Chess League employees can be searched for at www.chessleague.cc/e-locator.



Scams

Scams commonly take place by email or phone call, using a method known as impersonation, which simply means pretending to be somebody you’re not. When someone tries to scam you, they’re goal is usually to get you to disclose some sort of private information, like a credit card number or Social Security number. Scammers may then exploit the possession of this information themselves or may sell that information to those who wish to exploit it. In either case, such an event will likely result in an annoying, frustrating, and even devastating situation for the victim to take care of.


Identify a Scam

You will often be able to identify a scam by measuring it against the following criteria. If you answer “yes” to any of these questions, you are likely dealing with a scam, and should immediately contact us at contact@chessleague.cc, or if you’re a member, at membership@chessleague.cc:

  1. Is the individual claiming to be from the Chess League, and using an email address that looks similar to one used by the Chess League, but not identical? For example, membership@chessleaque.cc, membership@chessleauge.cc, or membership@chessleague.co.

  2. Is the individual asking for your private or sensitive information, but failing to be polite and transparent about why they need that information?

  3. Is the individual directing you to any website that claims to be operated by the Chess League but is not listed under our websites or domains?

  4. Is the individual disclaiming this Security Policy, stating that they are not bound to it for one reason or another, other than any exceptions specifically noted within this Security Policy?

  5. When questioned or approached about their legitimacy, does the individual act in a manner that is hostile or defensive, or do they intentionally ignore or disregard such questioning, or cease to communicate with you, rather than referring you directly to this security policy and to their Employee Locator page?


Report a Scam

Please report any perceived scams immediately to contact@chessleague.cc, or if you are a member, to membership@chessleague.cc, with “Scam Report” as the subject line. Please provide as much information as possible, including email addresses, dates and times, and conversation logs when legal and applicable. If the perceived scam took place using email, you may also forward the email directly to us. Reporting scams helps prevent others from enduring the same annoyances and/or hardships you have or someone you know has, and is a great way to help us in ensuring the safety and security of all our members and other users.


Contact Us

For questions or concerns about our Privacy Policy, please send us an email at: contact@chessleague.cc.


Site Version History

You may view past versions of this site here.