Prepare App Checkup materials without oversharing.
You can start with screenshots, URLs, SDK list, store copy, and app description. Code upload is optional. HatchCheck only needs launch-review materials for the first paid App Checkup. Selected config files can improve the Agent Fix Pack, but production secrets should not be uploaded.
Do not upload credentials, private signing material, keystore files, customer data, production secrets, or real demo passwords.
Required
- app name and description
- platforms
- launch timeline
- privacy policy URL or draft
- support URL
- screenshots of main flows
- account/login explanation
- payment model explanation
- SDK/services list
- reviewer access plan
Recommended
- App Store listing draft
- Google Play listing draft
- Apple App Privacy screenshots/draft
- Google Data Safety screenshots/draft
- account deletion screenshot/path
- account deletion URL
- backend health URL
- Apple review notes draft
- Google Play app access instructions draft
- Google closed testing status
- rejection message if applicable
Optional selected files
- selected config files only
- pubspec.yaml
- package.json
- Info.plist
- PrivacyInfo.xcprivacy
- AndroidManifest.xml
- build.gradle
- README
- .env.example only
Unsafe / do not upload
- private keys
- certificates
- signing certificates
- signing credentials
- keystore files
- production .env files
- service account keys
- production secrets
- customer data
- real demo passwords
- unnecessary full repo access
Upload-light copy
You can start with screenshots, URLs, SDK list, store copy, and app description. Code upload is optional. The Agent Fix Pack can still describe the task, acceptance criteria, and rescan evidence even when HatchCheck has not inspected code.
You can keep demo credentials local and paste them into review notes later. HatchCheck does not need to store demo credentials to generate most findings.