01 Introduction
Welcome to Dissent ("we", "us", "our"). Dissent is a social debate application where users post opinions ("takes"), vote on them, challenge each other to debates, and build a reputation through a ranking system.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data. It applies to the Dissent mobile application available on Android and iOS, and any related services.
We are committed to protecting your privacy in accordance with:
- The EU General Data Protection Regulation (GDPR) (Regulation 2016/679)
- The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
If you have any questions, contact us at incdissent@gmail.com.
02 Who We Are (Data Controller)
Dissent is the data controller responsible for your personal data.
03 Age Requirement
Dissent is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at incdissent@gmail.com and we will delete it promptly.
Users between 13 and 16 in the EU/UK may require parental or guardian consent depending on applicable national law.
04 What Data We Collect
4.1 Data you provide directly
| Data | Why we collect it |
|---|---|
| Email address | Used for account authentication via Firebase Auth |
| Google account identifier | If you sign in with Google (OAuth) |
| Apple account identifier | If you sign in with Apple (OAuth) |
| Username | Your unique public identifier on Dissent |
| Display name | Your publicly visible name |
| Profile photo | Uploaded avatar image (stored in Firebase Storage) |
| Bio | Optional short profile description |
| Takes (posts) | The opinion content you choose to publish |
| Battle responses | Your debate content in head-to-head challenges |
4.2 Data generated by your use of the app
| Data | Why we collect it |
|---|---|
| Vote history | Records which takes and battles you have voted on |
| Reactions & saved takes | Emoji reactions and bookmarked takes |
| Follow relationships | Who you follow and who follows you |
| Reputation points & badges | Calculated from your activity |
| Battle results | Used for leaderboard and reputation system |
| Privacy setting | Controls visibility of your content |
| Flagged content | Used to moderate objectionable behavior, protect our community, and enforce our Content Policy |
4.3 Data collected automatically
| Data | Why we collect it |
|---|---|
| Push notification token (FCM) | To send you in-app push notifications (never exposed publicly) |
| App crash reports | Collected via Firebase Crashlytics to identify and fix bugs |
| App usage analytics | Collected via Firebase Analytics to understand feature usage |
| Device type, OS version | Collected automatically by Firebase Analytics and Crashlytics |
| Approximate location (country) | Derived from IP by Firebase Analytics for aggregate analytics only |
4.4 Data we do NOT collect
- Precise GPS location
- Contacts or address book
- Microphone or camera data (other than photos you explicitly choose to upload)
- Payment information (there are currently no in-app purchases)
05 Legal Basis for Processing (GDPR / UK GDPR)
| Processing activity | Legal basis |
|---|---|
| Creating and managing your account | Contract (Art. 6(1)(b)) โ necessary to provide the service |
| Authenticating your identity | Contract (Art. 6(1)(b)) |
| Publishing takes and battle content | Contract (Art. 6(1)(b)) |
| Sending push notifications | Legitimate interests (Art. 6(1)(f)) โ you can opt out in device settings |
| Firebase Analytics | Legitimate interests (Art. 6(1)(f)) โ improving app performance |
| Firebase Crashlytics | Legitimate interests (Art. 6(1)(f)) โ identifying and fixing issues |
| Leaderboard and reputation | Contract (Art. 6(1)(b)) โ core feature of the service |
| Moderation and flagged content | Legal obligation / Legitimate interests (Art. 6(1)(c) and (f)) |
| Complying with legal requests | Legal obligation (Art. 6(1)(c)) |
06 How We Use Your Data
We use your data to:
- Create and maintain your Dissent account
- Display your profile, takes, and activity to other users (subject to your privacy settings)
- Enable you to participate in debates, votes, reactions, and follows
- Calculate your reputation score, weekly points, and badges
- Send you push notifications about challenges, battle results, followers, and leaderboard events
- Analyse app usage to improve features and performance (Firebase Analytics)
- Identify and resolve technical issues (Firebase Crashlytics)
- Enforce our Content Policy and respond to reports of harmful content
- Comply with applicable laws and legal obligations
07 Public vs. Private Data
| Content | Who can see it |
|---|---|
| Takes (public account) | All signed-in users |
| Takes (private account) | Only your approved followers |
| Battle content (Arena) | All signed-in users |
| Username, display name, bio, avatar | All signed-in users |
| Reputation score, wins, losses, badges | All signed-in users |
| Your vote history | Private โ never exposed publicly |
| Your FCM push token | Private โ stored in a private collection |
| Your email address | Private โ never shown to other users |
You can switch your account between public and private at any time in the app settings. When you switch to private, all your takes are immediately hidden from non-followers.
08 Data Sharing and Third Parties
We do not sell your personal data. We share data only in the following circumstances.
8.1 Firebase / Google (Infrastructure)
Dissent is built on Google Firebase. The following Firebase services process your data:
| Service | Purpose |
|---|---|
| Firebase Authentication | Identity and sign-in management |
| Cloud Firestore | Database storing profiles, takes, battles, notifications |
| Firebase Storage | Storing profile avatar images |
| Firebase Cloud Messaging | Delivering push notifications |
| Firebase Analytics | App usage analytics |
| Firebase Crashlytics | Crash reporting |
Google acts as a data processor on our behalf. Data may be processed on servers in the US and other countries where Google operates. Transfers outside the EU/UK are protected by Google's Standard Contractual Clauses (SCCs).
8.2 Sign-in Providers
If you sign in with Google or Apple, those providers authenticate your identity. We receive only a unique identifier and optionally your name and email. We do not receive your password.
- Google: policies.google.com/privacy
- Apple: apple.com/legal/privacy
8.3 Legal Disclosure
We may disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Dissent, our users, or the public.
8.4 Business Transfers
In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
09 Data Retention
| Data type | Retention period |
|---|---|
| Account and profile data | Retained while account is active; deleted within 30 days of account deletion |
| Takes, comments, battle content | Deleted when you delete a take, or upon account deletion |
| Vote history, reactions, saved takes | Deleted upon account deletion |
| Follow relationships | Deleted upon account deletion |
| Push notification tokens | Deleted upon account deletion or new token registration |
| Analytics data (Firebase) | Up to 14 months for user-level data (Google's standard) |
| Crash reports (Crashlytics) | 90 days (Firebase Crashlytics default) |
10 Account Deletion
You can permanently delete your Dissent account directly inside the app:
- Go to Settings
- Tap Delete Account
- Confirm deletion
Upon deletion, your account, profile, all takes, comments, battle history, notifications, follow relationships, saved content, and push notification token are permanently and automatically deleted. This action is irreversible. You do not need to email us to delete your account.
11 Your Rights Under GDPR / UK GDPR
| Right | What it means |
|---|---|
| Right of access (Art. 15) | Request a copy of all personal data we hold about you |
| Right to rectification (Art. 16) | Update your username, display name, bio, and avatar directly in the app |
| Right to erasure (Art. 17) | Delete your account and all associated data in-app at any time |
| Right to restriction (Art. 18) | Request we limit how we use your data in certain circumstances |
| Right to portability (Art. 20) | Request a copy of your data in a machine-readable format |
| Right to object (Art. 21) | Object to processing based on legitimate interests (e.g. analytics) |
| Automated decisions (Art. 22) | We do not make solely automated decisions that significantly affect you |
To exercise any of these rights (except account deletion, which you can do in-app), contact us at incdissent@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority:
12 Push Notifications
We use Firebase Cloud Messaging to send you push notifications about:
- New challenge requests received
- Battle results
- New followers
- Leaderboard events (e.g. weekly champion)
You can disable push notifications at any time in your device's system settings:
- iOS: Settings โ Notifications โ Dissent
- Android: Settings โ Apps โ Dissent โ Notifications
13 Analytics and Crash Reporting
Firebase Analytics collects anonymised usage data (screens viewed, features used, session duration, device type, OS version, country). This data is aggregated and used only to improve the app. It does not identify you personally.
Firebase Crashlytics automatically collects crash reports when the app encounters an error. These reports include device information, OS version, and a stack trace. They do not include your personal content (takes, messages, etc.).
You can opt out of Analytics data collection on Android via your device's Google settings. On iOS, you can limit ad tracking in Privacy settings.
14 Security
We take appropriate technical and organisational measures to protect your personal data, including:
- All data is transmitted over HTTPS / TLS
- Firebase Security Rules restrict all Firestore and Storage access
- FCM tokens are stored in a private Firestore collection not readable by other users
- Vote history is never exposed publicly
- Release builds use code obfuscation (ProGuard/R8)
- Android backup is disabled to prevent data extraction via backup flows
Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at incdissent@gmail.com.
15 Cookies and Tracking
The Dissent mobile app does not use browser cookies. Firebase Analytics and Crashlytics use device identifiers (such as the Android Advertising ID or Apple IDFA) for analytics purposes. You can reset or opt out of these identifiers in your device settings.
16 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via in-app notification. Your continued use of the app after changes are posted constitutes your acceptance of the updated policy.
17 Contact Us
For any privacy-related questions, requests, or complaints, please reach out. We aim to respond to all requests within 30 days.