Privacy Policy

Video URLs

When you paste or input a video link to check it.

User Reports and Disputes

If you choose to report or dispute a video's AI detection status, we collect:

• The video URL
• Video ID (if available)
• Username associated with the video (for example, TikTok, Instagram, or Facebook handle)
• Your vote (for example, report as AI or dispute the AI status)
• If you choose "It Is AI", any optional reasons you select (e.g. "Unnatural facial movement", "Lip sync looks off")

Swipe Mode Votes

When you participate in the review queue ("Swipe Mode") on the iOS app or at ledgerapp.app/play, we collect:

• Your vote on each item (AI or Real)
• Evidence tags you select (e.g. "Lips don't match", "Lighting off")
• Interaction data used to assess and improve detection quality

Uploaded Videos

When you submit a video through the upload-to-earn feature, we collect:

• The video URL and extracted video ID
• The associated username (if available)
• Your framing of the video (whether you believe it is AI or real)
• Your user ID as the uploader

Account Information

When you sign in or create an account:

• Email address when you sign up with email/password, sign in with Google, or sign in with Apple.
• Account identifier we use Supabase Auth to create and identify your account (e.g. a unique user ID). This is used to link your votes and reports to your account, enforce one vote per video per account, support "Report account" eligibility (e.g. after a minimum number of video ratings), and for trust and anti-abuse purposes.
• Username a randomly generated display name is assigned to your account when you sign up. This username is visible within the App (e.g. in your profile) and is not derived from any personal information.

We do not collect your name or profile picture unless you sign in with Google or Apple and that information is provided by the sign-in provider; we use it only to display your account in the App (e.g. email in the profile panel).

Waitlist and Email Sign-Up

When you join the waitlist or use a referral or access code on our website, we collect:

• Your email address
• Platform preference (iOS or Android), if provided
• Referral source (whether you signed up via a referral link, and if so, the referring email)
• Unsubscribe status if you opt out of communications

We use this information only to manage waitlist access, send access codes, and process referrals. We use Resend to deliver these emails.

Push Notification Tokens

If you enable push notifications, we collect:

• Your device token, which is a unique identifier assigned by Apple Push Notification service (APNs) to deliver notifications to your device.
• This token is stored alongside your user ID and is used solely to send you notifications (e.g. credibility updates, activity reminders).
• You can disable push notifications at any time through your device settings, which will stop all notifications. Tokens for unregistered devices are automatically removed.

Video Check Analytics

• Video URLs checked
• Video IDs
• Usernames (when available)
• Platform (TikTok, Instagram, or Facebook)
• AI detection result and confidence score
• Detection source (e.g. account-level flag, community votes)
• Timestamps of checks
• Whether the check came from the iOS app or web platform

Web Analytics

On our website (ledgerapp.app), we use Vercel Analytics to collect anonymous usage data, such as page views, referrer information, and general device/browser type. This data does not identify you individually and is governed by Vercel's privacy policy.

Device Information

Basic technical information needed for the Service to function reliably (for example, OS version, app version, browser type, and similar non-sensitive data).

IP Address (Hashed)

When you submit reports, disputes, or video checks, your IP address is received by our backend and immediately hashed using SHA-256 with a salt for privacy protection.

Your IP address is hashed immediately on receipt using SHA-256 with a salt. The resulting pseudonymous identifier -- not your raw IP -- is stored for rate limiting and anti-abuse. Under some privacy frameworks, pseudonymous data may still constitute personal data.

When you are signed in, your activity may also be associated with your account identifier (user ID) for the same purposes.

Performance of a contract (Art. 6(1)(b))

Account creation and authentication, linking votes and reports to your account, enforcing per-account usage rules, and delivering features you have specifically requested (such as video checks and Swipe Mode participation).

Legitimate interests (Art. 6(1)(f))

Analytics and service improvement, anti-abuse and rate limiting, trust scoring, and operating the comment analysis feature. Our legitimate interests in these activities are to maintain a high-quality and abuse-resistant service. These interests do not override your rights -- see Section 10 for your right to object.

Consent (Art. 6(1)(a))

Push notifications (iOS) and waitlist/email communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal obligation (Art. 6(1)(c))

Where we are required to process or retain data to comply with applicable law.

Run the AI detection service

Check videos against our database of known or community-reported AI-generated content.

Support community reporting and votes

Let users report or rate AI detection results through both Check Mode and Swipe Mode and improve detection accuracy.

Support account features

Link votes and reports to your account when signed in, prevent duplicate ratings per video per account, and determine eligibility for features such as "Report account" (e.g. after a minimum number of video ratings).

Analytics and service improvement

Understand how the App is used, which platforms and content types are most common, and improve detection and user experience.

Build and improve detection datasets

We aggregate and analyze votes, evidence tags, and interaction data contributed through Swipe Mode to build and improve AI detection datasets used to operate and improve the Service. This data is processed in aggregate or pseudonymous form. This is covered by the intellectual property license you grant in our Terms of Service.

Security, abuse prevention, and rate limiting

Prevent spam and abuse using hashed IP-based identifiers, account identifiers, and rate limits.

Account data (email, user ID, username)

Retained while your account is active, plus up to 90 days following account deletion.

Votes, reports, and evidence tags

Retained while your account is active. Aggregated and anonymized vote data may be retained indefinitely for dataset and service improvement purposes.

Video check analytics

Retained for up to 24 months.

Hashed IP identifiers (rate limiting)

Retained for minutes to hours subject to automatic expiry.

Push notification tokens

Retained until you unregister notifications or delete your account.

Waitlist email addresses

Retained until you unsubscribe, or for up to 12 months after access is granted.

Service Providers

With third-party providers that help us operate the Service (including backend infrastructure, authentication, web hosting, analytics, and email delivery). Each provider processes data only as needed for their specific function and is bound by appropriate data processing terms.

Email Delivery

With Resend to deliver waitlist, referral, and access code emails. Only the recipient email address and email content are shared.

Legal or Safety Requirements

If required to comply with applicable law, regulation, legal process, or government request, or to protect our rights, property, or safety and that of our users.

Supabase

For backend infrastructure, authentication (email/password, Google, and Apple sign-in), data storage, and serverless edge functions. Supabase's handling of data is governed by its own privacy policy.

Vercel

We host our web platform on Vercel and use Vercel Analytics to collect anonymous usage data (page views, general traffic patterns). No personally identifying information is collected by Vercel Analytics. Vercel's data practices are governed by its own privacy policy.

Infrastructure Providers

We use third-party providers for hosting, rate limiting, caching, and backend processing. These providers access data only as needed to deliver specific features and are bound by appropriate data processing agreements. No raw personal data is shared beyond what is required for each service to function.

Resend

We use Resend for transactional email delivery (waitlist confirmations, access codes, referral emails). Your email address is shared with Resend solely to deliver these messages.

Google

When you choose "Sign in with Google," Google's authentication and data practices apply. We receive only the information Google provides for your account (e.g. email, and optionally name and profile picture if you consent).

Apple

When you choose "Sign in with Apple," Apple's authentication and data practices apply. We receive your email address (or an Apple-generated relay address if you choose to hide your email). No other personal information is collected through Apple Sign In.

Apple Push Notification service (APNs)

We use APNs to deliver push notifications to iOS devices. Your device token is sent to Apple's servers to route notifications. Apple's handling of push notification data is governed by its own privacy policy.

Access (Art. 15)

Request a copy of the personal data we hold about you.

Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Erasure (Art. 17)

Request deletion of your personal data. We will action this request unless we are required to retain the data under one of the specific grounds in Article 17(3) (for example, compliance with a legal obligation or establishment/exercise/defence of legal claims).

Restriction of processing (Art. 18)

Request that we restrict processing of your data in certain circumstances (for example, while you contest its accuracy).

Data portability (Art. 20)

Receive personal data you have provided to us in a structured, commonly used, machine-readable format, and transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Right to object (Art. 21)

Object to processing based on legitimate interests (Art. 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or the processing is for the establishment, exercise, or defence of legal claims.

Rights related to automated decision-making (Art. 22)

See Section 5.

Right to withdraw consent

Where processing is based on consent, you may withdraw at any time. Withdrawal does not affect the lawfulness of prior processing.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In the EU, this is your national data protection authority. In the UK, this is the Information Commissioner's Office (ico.org.uk).

Opt-out

You may stop using the Service at any time to prevent further data collection.

Push notifications

Disable at any time through your iOS device settings.

Waitlist emails

Unsubscribe via the link in any email we send.

Account deletion

Contact info@ledgerapp.app to request account deletion.

Right to know

Request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.

Right to delete

Request deletion of personal information we have collected, subject to certain exceptions.

Right to correct

Request correction of inaccurate personal information.

Right to opt out of sale or sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

Right to limit use of sensitive personal information

We do not collect sensitive personal information as defined by CPRA beyond what is necessary to provide the Service.

Non-discrimination

We will not discriminate against you for exercising these rights.