Anti-Fakes — Privacy Policy
Effective date: 2026-04-29 Last updated: 2026-06-07 Publisher: Hogan Sung (sole developer / hes.labs.dev) Contact: contact@heslabs.dev
This privacy policy explains how the Anti-Fakes mobile application (“the app”, “we”) collects, uses, shares, and stores your information. By installing and using the app you agree to this policy.
1. Who we are
Anti-Fakes is published by an individual developer (Hogan Sung) operating under the project name hes.labs.dev. There is no separate legal entity. Throughout this policy, “we” refers to that individual.
2. What the app does
Anti-Fakes is a real-news reasoning voice game. In production daily decks, the app uses real news excerpts; tutorial or internal fixtures may use clearly separated sample content. In each round, the app listens to the player’s spoken or typed reasoning, and an AI judge scores how well the player identified whether the excerpt’s reasoning is solid or shaky.
To make this work, the app:
- Asks for your permission before opening problem sets that send your voice audio, transcript, or typed answer to third-party AI services for scoring.
- Records short audio clips on device only while a round is active and the player chooses voice input.
- Sends the audio to a third-party speech-to-text service to convert it to text.
- If you explicitly enable Voice diagnostics, keeps a small subset of suspicious or user-flagged voice attempts for up to 14 days so we can debug speech recognition failures. If you decline, gameplay still works normally and the app does not retain raw audio after transcription.
- Sends the transcript or typed answer and the round’s excerpt to a third-party AI service that returns a numeric score plus brief feedback text.
- Stores anonymous gameplay events (daily mode, round duration, score, locale, app version, crash reports) so we can detect bugs and improve the game.
- Lets players optionally create a public result share link after a completed daily deck. Shared pages use only a sanitized score and daily-streak snapshot and do not include transcripts, answers, per-round score marks, private feedback, hidden judge context, or account identifiers.
- Lets players optionally link a Google or Apple account to keep progress across devices and delete their cloud progress from the Profile screen.
3. Data we collect
| Category | What | Source | Purpose |
|---|---|---|---|
| Voice recordings | Short microphone audio captured during voice rounds; if Voice diagnostics is enabled, only suspicious or user-flagged attempts may be uploaded temporarily | Captured locally during a round | Transcribed to text so the judge can score it; optional diagnostics help debug speech recognition failures |
| Voice transcripts | The text version of your spoken answer | Returned by the speech-to-text provider | Sent to the judge; stored briefly with the round result for review |
| Gameplay events | Round number, claim ID, daily mode, score, streak, locale, TTS on/off, selected topics, daily-challenge day index, session ID, app version, build channel, platform | Generated by your device while you play | Diagnose gameplay bugs, balance difficulty, measure engagement |
| Public result share snapshot (optional) | If you tap Share on a completed daily result: display name, deck/locale, daily mode, headline percent, question count, recent daily streak status, opaque share ID, and creation time | Created only when you request a public result link | Render the public result page and invitation link |
| Anonymous user ID | A random Firebase UID assigned the first time you open the app (not tied to any account, name, or email) | Firebase Authentication anonymous sign-in | Group your sessions together so we can debug per-user issues |
| Account link data (optional) | If you choose “Link Google” or “Link Apple”: provider ID, email address, and display name/full name if the provider returns it | Google Sign-In / Sign in with Apple via Firebase Authentication | Keep streaks and history tied to the same player across devices |
| Tester alias (optional) | A short nickname you type into the app yourself | Provided by you | Help us correlate feedback you send us with telemetry |
| Crash and performance data | Stack traces, device model, OS version, app version, frame timing | Firebase Crashlytics + Firebase Performance | Detect and fix crashes and slow paths |
| Device & install identifiers | Firebase Installation ID (FID), platform name, app version, and on Android the Google Advertising ID when available | Firebase SDKs | Required for Firebase services and app analytics to function |
| Player feedback | Optional thumbs-up / thumbs-down / written feedback you submit at the end of a round | Submitted by you | Improve judging quality and content |
The app does not collect:
- Your real name or email address unless you explicitly link a Google or Apple account for progress sync.
- Your phone number or postal address.
- Your contacts, calendar, photos, files, location, or any other sensors beyond the microphone.
- Advertising identifiers for ad targeting. On Android, Firebase Analytics may receive the Google Advertising ID for app analytics only; we do not use it to show or personalize ads.
- Payment information (the app is free, with no in-app purchases).
4. How we use your data
| Use | Data used |
|---|---|
| Score your in-game answers | Voice transcript, claim text |
| Show you your past results | Score, transcript, judge feedback |
| Show an optional public result page when you share | Sanitized share snapshot |
| Fix crashes and bugs | Crash reports, device info, app version |
| Decide whether your app is too old and needs a forced update | App version, build channel |
| Measure overall engagement (daily active users, completion rates) | Anonymous gameplay events |
| Sync progress across devices if you opt in | Account link data, anonymous user ID, score history |
| Reply to a bug report you send us | Tester alias + the events tied to it |
We do not use your data to:
- Build advertising profiles.
- Sell or rent it to anyone.
- Train third-party AI models. (See “Third parties” below for the contractual terms that bind our processors.)
- Publish your transcripts, typed answers, private feedback, hidden judge context, or account identifiers in shared result pages.
5. Third parties we share data with
The app cannot work without sending some data to the following processors. Each one is named here so you know exactly who gets what.
5.1 OpenAI (speech-to-text)
- What is sent: the ~15-second audio clip from a round, plus the locale tag (e.g.
en-US). - Why: to transcribe your speech into text using the Whisper model.
- Endpoint:
https://api.openai.com/v1/audio/transcriptionsover TLS. - Permission: the app asks before sending any voice audio to OpenAI. If you choose the typed-answer fallback, no audio is sent to OpenAI.
- Their terms: OpenAI’s API data usage policy (audio submitted via the API is not used to train OpenAI’s models). See openai.com/policies/api-data-usage-policies.
5.2 Google Firebase / Google Cloud (judging, hosting, analytics, crash reports)
We use Google Firebase as our entire backend. This means several Google services receive data:
- Firebase AI Logic / Vertex AI Gemini — receives the round’s claim text plus your transcript or typed answer after you give permission in the app; returns a score and short feedback. Google’s Vertex AI generative AI terms apply; data sent through Vertex AI is not used to train Google’s foundation models.
- Cloud Firestore — stores anonymous gameplay events, your round/session documents, optional public result share snapshots you create, and your optional feedback.
- Firebase Authentication — issues your anonymous user ID and, only if you opt in, stores the Google/Apple account link used for progress sync.
- Firebase Storage — hosts the gameplay content bundles your app downloads on launch. If Voice diagnostics is enabled, it may also store a diagnostic voice clip tied to your anonymous Firebase UID for up to 14 days.
- Firebase Analytics — receives basic event names, app instance identifiers, and on Android the Google Advertising ID when available, for app analytics only. We do not use it to show ads or personalize ads.
- Firebase Crashlytics — receives crash stack traces and device metadata when the app crashes.
- Firebase Performance Monitoring — receives anonymized timing samples for app startup and key screens.
- Firebase Remote Config — pushes feature flags and a “minimum supported version” number to your app. This is server-to-app only; nothing about you is sent up.
- Firebase App Check — verifies that requests to our backend come from a genuine, untampered build of the app. Uses Apple App Attest / Google Play Integrity tokens; no personal data.
Google’s privacy commitments for these services live at firebase.google.com/support/privacy and cloud.google.com/terms/cloud-privacy-notice.
5.3 The platform stores (Apple, Google)
When you install or update the app, Apple and Google process diagnostic and crash data per their own privacy policies. We do not control that.
6. How long we keep your data
| Data | Retention |
|---|---|
| Voice recording | Deleted from your device after transcription/app cleanup unless you enabled Voice diagnostics and the attempt was suspicious or user-flagged |
| Voice diagnostic recording (optional) | Stored in Firebase Storage for up to 14 days; you can delete outstanding diagnostic recordings from Settings & Privacy |
| Voice transcript | Stored in your local round history; copied to Firestore as part of the round document; retained indefinitely unless you request deletion |
| Round / session documents in Firestore | Retained indefinitely unless you request deletion |
| Public result share snapshot (optional) | Retained unless you request deletion; the share ID is opaque and the public payload excludes transcripts, answers, per-round score marks, per-axis breakdowns, total/max score, strong-answer counts, private feedback, hidden judge context, and account identifiers |
| Account link data | Retained until you delete your account/progress or ask us to delete it |
| Crash reports, performance traces | Retained for up to 90 days by Firebase, per Google’s defaults |
| Firebase Analytics events | Retained for up to 14 months, per Google’s defaults |
| Firebase Storage gameplay bundles | Indefinite; contains no personal data |
7. Children
Anti-Fakes is rated Teen / 13+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the app, please contact us and we will delete the associated anonymous data on request.
8. Your rights
You have the right to:
- Know what data we have about you (this policy lists every category; we do not collect anything else).
- Request deletion of all data tied to your anonymous user ID. Use Profile → Delete account in the app, or email us at contact@heslabs.dev; to identify your data by email, we’ll ask you for the Firebase UID shown in the app’s Profile/About area and we will delete all matching Firestore documents within 30 days.
- Turn off Voice diagnostics and delete outstanding diagnostic recordings in Settings & Privacy. Declining or turning this off does not block normal gameplay.
- Decline AI data sharing when the in-app prompt appears. If you decline, problem sets do not open and the app does not send audio, transcripts, or typed answers to OpenAI or Google Vertex AI. You can still open non-problem areas such as Profile, session review, skill trends, account controls, and Settings & Privacy.
- Stop participating at any time by uninstalling the app. Uninstalling stops further data collection but does not retroactively delete data already sent — use the deletion request above for that.
- Withdraw microphone permission in your device’s system settings at any time. The app will continue to launch; voice input will be unavailable, and you can use typed answers instead.
EU/UK residents: this policy is the legal basis for processing under GDPR Articles 6(1)(b) (performance of a contract — gameplay) and 6(1)(f) (legitimate interest — debugging and improving the app). California residents: the app does not “sell” or “share” your personal information as those terms are defined under CCPA / CPRA.
9. Security
- All network traffic between the app and our processors uses TLS / HTTPS.
- Audio recordings live in your device’s encrypted private app sandbox before transcription, except optional Voice diagnostics clips stored in Firebase Storage for short-term debugging.
- Backend writes go through Firebase App Check, so requests from a tampered or non-genuine app are rejected.
- We do not store account passwords. Optional Google/Apple linking uses the provider’s sign-in system through Firebase Authentication.
No system is perfectly secure. If you believe you’ve found a vulnerability, please email contact@heslabs.dev and give us a reasonable opportunity to fix it before public disclosure.
10. International transfers
Your data may be processed in the United States (OpenAI, Google) and other countries where Google operates regional data centers. By using the app you consent to those transfers. We rely on the standard contractual clauses of our processors where applicable.
11. Changes to this policy
If we change how the app collects or uses data, we will post an updated version of this page and bump the “Last updated” date at the top. Material changes will be announced in the app’s release notes for the next version.
12. Contact
Questions, deletion requests, or privacy concerns:
Hogan Sung — hes.labs.dev Email: contact@heslabs.dev