Privacy

Privacy Policy.

How FakeCheck processes personal data — under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU GDPR. In short: anonymous use, images are processed only for analysis and deleted after 24 hours at most, no ad trackers.

This translation is provided for convenience — the legally binding version is the German original.

Last updated: June 2026 · FakeCheck for iOS

01

Data controller

Connexa GmbH
Wilerstrasse 82
8370 Sirnach
Switzerland

UID: CHE-196.465.062
Privacy contact: [email protected]

02

Principles

  • Anonymous by default — FakeCheck works without registration, email, or phone number.
  • Data minimization — we collect only what’s needed for analysis and operation.
  • No ad trackers — no sharing with ad networks, no selling of data.
  • Short retention periods — checked images are automatically deleted after 24 hours at most.
03

Account & authentication

On first launch, the app automatically creates an anonymous account (Firebase Authentication, Google). A random user ID is generated — no name, email, or phone number. Optionally, you can link “Sign in with Apple” to use your account on multiple devices; in that case we process the email address provided by Apple (anonymized on request).

04

Checked images & links — the core of it

When you check an image or a link, the content is transmitted encrypted (TLS) to our servers (Google Cloud, region europe-west1, EU) and passed on from there to AI models for analysis:

  • OpenRouter Inc. (USA) — routes the request to multiple independent AI models that examine the image for traces of AI generation and manipulation. The transfer to the USA is based on the EU-US Data Privacy Framework or standard contractual clauses (SCCs). According to the provider’s privacy terms, no permanent storage takes place on its side.
  • Temporary storage — during analysis, the image is held in Google Cloud Storage (EU) and deleted by an automatic lifecycle rule after 24 hours at most.
  • Stored in your history — only the result (verdict, confidence, indicators, sources). No images.

Don’t check images you have no rights to, or that contain sensitive data of third parties, if the person concerned hasn’t consented.

05

What data we store

  • Anonymous user ID — Firebase UID, plus your Apple ID link where applicable.
  • Check history — your most recent verdicts (verdict, confidence, indicators, sources), without images.
  • Usage counters — weekly/daily counters for the free quota and fair-use limits.
  • Purchase status — whether Pro/Lifetime is active and remaining credits (payment processing itself is handled entirely by Apple).
  • Invite code — your 6-character code and whether a code has been redeemed.
  • Settings — e.g. push on/off, analysis mode, language.
06

Services we use

FakeCheck uses Firebase (Google LLC) with servers in the EU (europe-west1/west3), under a data processing agreement (DPA) and standard contractual clauses:

  • Authentication — anonymous account, optional “Sign in with Apple”.
  • Firestore & Cloud Storage — history, settings, temporary image storage (24 h).
  • Cloud Functions — runs the analysis server-side.
  • Cloud Messaging (FCM) — push notifications, only with your consent.
  • Analytics & Crashlytics — pseudonymized usage statistics and crash reports to improve the app.
  • Remote Config & App Check — configuration and protection of our APIs against abuse (Apple device attestation).

In addition: OpenRouter Inc. (USA) for the AI analysis (see section 04) and Apple Inc. for processing purchases and subscriptions.

07

Push notifications

Push notifications (e.g. “Your verdict is ready”) are optional and delivered via Apple/FCM only after your explicit consent. You can disable them anytime in the iOS Settings or in the app.

08

Retention periods

  • Checked images — 24 hours at most (automatic deletion).
  • History & account — until you delete your account.
  • Counters & technical logs — 30 days.
09

Your rights

You have the right to access, rectification, erasure, restriction of processing, objection, and data portability. The fastest way: Settings → About → Delete Account in the app — all server data is removed within 30 days (see Delete account). For anything else: [email protected] — we reply within 30 days.

You can lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch.

10

Data security

All transmissions are TLS-encrypted. Access to our APIs is protected by Firebase App Check (Apple device attestation), so only the genuine app can make requests. Access to production data is restricted to the necessary minimum.

11

Changes to this policy

We update this policy when the app or the legal situation changes. The current version is always available at this address and in the app under Settings → About → Privacy.