Privacy Policy
Last updated: April 5, 2026
This privacy policy describes how Truth-Check (hereinafter "we", "our" or "the Service") collects, uses, stores and protects your personal data when you use our mobile application and our website truth-check.com, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).
1. Data Controller
- Publisher: Ben Azogui, sole proprietorship (SIREN 811 981 596)
- Address: 17B Avenue Jean Jaurès, 94100 Saint-Maur-des-Fossés, France
- Email: [email protected]
2. Data We Collect
2.1 Account Data
- Email address and unique identifier (UID) via Firebase Authentication
- Authentication method used (Google, Apple, email/password)
- Account creation date
2.2 Certificate Data
- Captured photos and videos: only a low-resolution version is stored (the original photo/video is never kept)
- For videos: extracted frames as an animated WebP (the raw video is never stored)
- Metadata: date, time, GPS coordinates (latitude/longitude), device model, resolution
- User-provided information: owner name, email, address, notes
- Audio transcription (for video certificates, via OpenAI Whisper)
2.3 Payment Data
- Payments are processed exclusively by Stripe (web/Android) and Apple (iOS). We do not collect or store any banking or credit card data.
- We only retain: Stripe customer ID, subscription ID, subscribed plan, and current period end date.
2.4 Technical Data
- Connection logs and security logs
- Device information (model, operating system)
- Technical cookies required for the service to operate (Firebase session)
3. Why We Collect Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the certification service (creation, storage, verification of certificates) | Performance of contract (Art. 6.1.b) |
| Manage your account and subscriptions | Performance of contract (Art. 6.1.b) |
| Process payments via Stripe and Apple | Performance of contract (Art. 6.1.b) |
| Ensure security and prevent fraud | Legitimate interest (Art. 6.1.f) |
| Comply with our legal and tax obligations | Legal obligation (Art. 6.1.c) |
| Analyze service usage and improve it | Consent (Art. 6.1.a) |
4. Subprocessors and Third-Party Services
We use the following subprocessors to operate the service:
| Service | Role | Location |
|---|---|---|
| Firebase (Google Cloud) | Authentication, database, file storage | EU (eur3: Belgium & Netherlands) |
| Vercel | Website and API hosting | United States |
| Stripe | Payment processing (web/Android) | United States / EU |
| Apple | In-app purchases (iOS) | United States |
| OpenAI | Video audio transcription (Whisper) | United States |
Data transfers to the United States are governed by the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses (SCCs) in accordance with the GDPR.
5. Storage and Security
- Your data is stored in Firebase Firestore and Firebase Storage, hosted in the European region eur3 (EU multi-region: Belgium & Netherlands).
- All communications are encrypted in transit (HTTPS/TLS) and at rest.
- Certificate protection passwords are stored as salted hashes (SHA-256). We cannot read them.
- Data access is restricted to only the systems required for the service to operate.
6. Data Retention
- Account data: retained as long as the account is active. Deleted within 30 days of an account deletion request.
- Certificates: retained until their expiration date or until deleted by the user. Deletion is permanent and irreversible.
- Payment data: subscription identifiers are retained for the duration of the contractual relationship, then archived in accordance with tax obligations (6 years).
- Technical logs: retained for a maximum of 12 months.
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request the deletion of your data ("right to be forgotten"). You can also delete your account directly from the app.
- Right to restriction: restrict the processing of your data in certain cases.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on our legitimate interest.
- Right to withdraw consent: at any time, for processing based on consent.
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
You may also file a complaint with the CNIL (French Data Protection Authority — Commission Nationale de l'Informatique et des Libertés): www.cnil.fr.
8. Cookies
Our website only uses technical cookies essential for the service to operate:
- Firebase Authentication session cookie (maintaining login)
- Stripe cookies (securing payments)
No advertising or tracking cookies are used. If analytics cookies are deployed in the future, your prior consent will be requested.
9. Protection of Minors
Truth-Check is not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with data, please contact us so that we can delete it.
10. Changes to This Policy
We reserve the right to modify this privacy policy at any time. In the event of a substantial change, we will notify you by email or via a notification in the app. The date of the last update is shown at the top of this page.
11. Contact
For any questions regarding this policy or your personal data:
- Email: [email protected]
- Address: 17B Avenue Jean Jaurès, 94100 Saint-Maur-des-Fossés, France
