How After Hours: Truth handles your data.
After Hours: Truth is a party game. We collect the minimum we need to make accounts and rooms work between devices: a Firebase account ID, an optional display name, prompt-game state, custom packs you author, and short-lived presence pings. No advertising, no analytics for ad targeting, no selling data.
Who runs the app
The app is published and operated by Rudolf Satek (a sole developer). Contact: aitools@satek.pro.
What we collect and why
Two reasons we collect anything: to identify you across launches (so you keep the same profile and your custom packs), and to run multiplayer rooms (so other players in your room see you and the table state stays consistent).
- Account ID. When you tap Sign in with Apple, Apple gives the app an opaque identifier and (only if you choose to share) your name. We do not receive your Apple ID email unless you share it. When you tap Continue as guest, Firebase Authentication assigns a random anonymous identifier instead. Either way, an identifier is what every other piece of data is keyed on.
- Display name. If Apple shares your name with us at sign-in, we store it. You can edit or clear it at any time from the profile screen (person icon on the Setup screen). Other players in your room see this name.
- Age-confirmation flag. A boolean confirming you have stated you are 18 or over. The app gates the "spicy" tier of prompts behind this. We do not store any age value, just the yes/no flag tied to your account.
- Custom packs you author. When you create a truth pack or a dare pack via the My Packs screen, the title, language, and the prompts you wrote are stored in your private Firestore subcollection (
userPacks/{your-id}/packs/). Only you can read or write here. - Pack snapshots when you share. If you tap the share icon on one of your packs, the app generates an unguessable 12-character token and writes a copy of that pack to a public-by-token path (
sharedPacks/{token}). Anyone who receives that link can fetch the snapshot and import a copy. The original stays yours; the snapshot is a frozen copy. You can later delete the snapshot from inside the pack editor. - Multiplayer auto-share. When you host a multiplayer room and your selected packs include any custom pack you authored, the app auto-publishes a snapshot of those packs to
sharedPacks/{token}so the joiners can read them. Before this happens, the app shows you a confirmation alert with the names of the packs about to become public. You can cancel from that alert. Already-shared packs reuse their existing token rather than minting a new one. - Room membership. When you host or join a room, your account ID and display name are written to the room document so other members of that room see you in the lobby.
- Game-session state. While a multiplayer session is in progress, the app records which prompts were drawn (truth or dare), whose turn was active, what each player's vote was, and whether the turn was passed, answered, or had a randomizer outcome. This is needed for every device in the session to render the same game state.
- Presence pings. Every ~15 seconds during a multiplayer session, the app writes a timestamp to your presence record so other players can tell if you are still connected. When you tap Leave session, an explicit "left" marker is written immediately.
That is everything stored about you on our side.
Pack sharing — what's public and what's private
Custom packs come in two states:
- Private (default). A pack you create starts at
userPacks/{your-id}/packs/{pack-id}. Only requests authenticated as your account can read it. Other players see nothing here. - Shared. Once you share a pack — either explicitly via the share icon, or implicitly by including it in a multiplayer room you host — a snapshot of that pack is written to
sharedPacks/{token}. The token is a randomly generated 12-character string (not derivable from your account or the pack id). Anyone with that token can read the snapshot. There is no public listing of shared packs; the only way to find one is to have the link.
If you delete a shared pack from the editor, both the source pack and the public snapshot are removed. If you delete your account (see below), every shared snapshot you own is removed before the account is deleted.
App-to-app links
The app registers the custom URL scheme afterhours://. Tapping a link of the form afterhours://pack/{token} from anywhere on your device opens the app and shows an "Import this pack?" confirmation. If you tap Import, the app fetches the public snapshot (above) and saves a copy into your private subcollection. Your name and account id are not sent to the original author when you import — they only see that someone fetched the snapshot, which is anonymous.
What we do not collect
- No advertising identifiers.
- No tracking across other apps or websites.
- No location data.
- No photos, contacts, microphone, camera, or health data.
- No payment information (the app is free; if that changes we will update this policy first).
- No analytics SDK is wired in. If we add Firebase Crashlytics later for crash diagnostics, this policy will be updated to declare it.
Where it is stored
Account, profile, room, session, and pack data is stored in Google's Firebase services (Firebase Authentication and Cloud Firestore). Firebase data centers handle the physical storage. Firebase's own privacy practices are published at firebase.google.com/support/privacy.
Sign in with Apple is handled by Apple. Their privacy practices are at apple.com/legal/privacy.
Who we share it with
- Other players in your room. When you join a room, the other members can see your display name and what you do in that session (votes, prompt outcomes).
- Anyone holding a share link. When you mint a share link for a pack — explicitly or implicitly — anyone with that link can read the snapshot. They cannot see who else has the link, and they cannot tell that you authored it unless you signed the pack title with your name.
- Google (Firebase). As our backend provider. Google does not access this data for its own purposes beyond providing the service.
- Apple. For Sign in with Apple, as their service requires.
We do not sell data and we do not share it with advertisers, brokers, or third parties for marketing.
How long we keep it
- Profile and account data: kept until you delete your account (see below) or until 24 months of inactivity, whichever comes first.
- Custom packs: kept until you delete them, or until you delete your account.
- Shared pack snapshots: kept until you delete them or your account. We do not garbage-collect orphaned snapshots automatically — if you delete your account, the deletion flow walks the list and removes them.
- Room and session data: ephemeral. Rooms remain in Firestore after the session ends but are not surfaced anywhere; we periodically purge inactive rooms.
- Presence and vote records: tied to a session. Removed when the session itself is removed.
Your rights
You can:
- See your data. Email aitools@satek.pro from the address tied to your Apple ID and we will export what we have on you within 30 days.
- Correct your data. Display name is editable from the profile screen in the app. Pack content is editable from the pack editor. For anything else, email us.
- Delete your account from inside the app. Open the profile screen (person icon on Setup), scroll to Danger Zone, tap Delete account, and confirm. The flow tears down your custom packs (private and shared), your profile, and your sign-in account. The truth/dare deck content stays — only your stuff goes. There is no undo.
- Delete by email if the in-app flow fails. If for some reason the in-app deletion can't complete (e.g. a corrupted session), email aitools@satek.pro with your account identifier and we will delete within 30 days.
- Withdraw consent. Stop using the app and request deletion. Sign in with Apple can also be revoked from your iPhone Settings → Apple ID → Sign-In & Security → Sign in with Apple.
If you are in the EU, EEA, or UK, you also have rights under GDPR including data portability and lodging a complaint with your local data protection authority. Slovak users: the relevant authority is the Úrad na ochranu osobných údajov SR (dataprotection.gov.sk).
Children
This app contains adult-oriented content (alcohol references, suggestive prompts) and is rated 17+ on the App Store. It is not directed at, designed for, or intended to be used by children under 17. The "spicy" prompt tier additionally requires an 18+ self-confirmation before it can be enabled. We do not knowingly collect data from anyone under 17. If we learn we have, we will delete it.
Security
All traffic between the app and Firebase is encrypted in transit (TLS). Authentication tokens are stored in the iOS Keychain. Firestore access is restricted by security rules that scope reads and writes to the requesting user — for example, you cannot read another user's userPacks/ subcollection, and only the pack owner can delete a shared snapshot they minted.
Changes to this policy
If we change what data is collected or how it is used, we will update this page with a new effective date. Material changes will also be flagged inside the app on next launch.