24Crush Daily anonymous match

Privacy Policy

Effective Date: February 17, 2026  |  Last Updated: April 6, 2026

Crushsoft (크러쉬소프트, "we," "us," or "our") operates the 24Crush mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App. By creating an account, you agree to this Privacy Policy.

We are committed to protecting your privacy. This policy applies to all users of the 24Crush App in the United States.

1. Information We Collect

A. Information You Provide Directly

  • Account Information: Email address, login credentials — used for account creation, authentication, and communication.
  • Profile Information: Display name, birth date, gender, photos (2-6), bio, job title, school, height — used for profile display and matching with other users.
  • Lifestyle Preferences: Relationship goals, drinking/smoking habits, fitness, education, religion, kids preference, zodiac, languages, pets, interests — used for profile display and matching filters.
  • Matching Preferences: Distance range, age range, gender preference, advanced filters — used for filtering potential matches.
  • User-Generated Content: Chat messages, reports, block actions — used for communication, safety, and moderation.
  • Payment Information: Apple In-App Purchase transaction IDs (we do NOT directly collect credit card numbers; all payments are processed by Apple) — used for subscription management.

B. Information Collected Automatically

  • Location Data: GPS coordinates (latitude/longitude) — used for showing distance to other users, location-based matching, and reverse geocoding to display city/state.
  • Device Information: Device model, operating system version, app version — used for push notifications, troubleshooting, and compatibility.
  • Device Identifiers: APNs push token, device ID — used for delivering push notifications and multi-device session management.
  • Usage Data: Swipe actions, like/pass history, match records, login timestamps — used for app functionality and improving recommendations.

C. Information from Third Parties

  • Apple Sign-In: Email, unique Apple identifier — used for account creation/login.
  • Google Sign-In: Email, unique Google identifier — used for account creation/login.
  • Facebook Login: Email, unique Facebook identifier — used for account creation/login.
  • Apple App Store: Subscription status, transaction details — used for premium subscription management.

D. Sensitive Information

We collect certain sensitive personal information, including:

  • Precise geolocation (GPS coordinates) — used solely for distance-based matching features.
  • Photos and facial imagery — profile photos are publicly visible to other users; verification selfies are used solely for identity verification and are deleted immediately after processing.
  • Religious affiliation, sexual orientation (gender preference) — provided voluntarily by you for profile and matching purposes.

2. How We Use Your Information

We use your personal information for the following purposes:

  1. Providing Core Services: Creating your profile, showing you to potential matches, calculating distances, facilitating matches and conversations.
  2. Authentication & Security: Verifying your identity via OAuth providers, managing login sessions, detecting fraud and abuse.
  3. Photo Verification: Using facial recognition technology (AWS Rekognition) to verify that your profile photos match your real appearance. Selfie images are deleted immediately after verification.
  4. Push Notifications: Sending you alerts about new matches, messages, likes, and blind match updates.
  5. Location Services: Displaying approximate distances between users, showing your city/state on your profile, matching you with nearby users.
  6. Subscription Management: Processing and verifying Apple In-App Purchases, managing premium features.
  7. Safety & Moderation: Reviewing reports, enforcing community guidelines, suspending or banning accounts that violate our Terms.
  8. Improving Our Services: Understanding usage patterns to improve the matching experience (aggregated, non-identifying data only).

3. How We Share Your Information

A. With Other Users

Your profile information (display name, age, photos, bio, lifestyle details, approximate location) is visible to other users as part of the matching experience. Your email address, birth date, exact GPS coordinates, and device information are never shared with other users.

B. With Service Providers (Third Parties)

  • Amazon Web Services (AWS): Profile photos, verification selfies — for cloud storage (S3), content delivery (CloudFront), facial verification (Rekognition). Data processed in US (us-west-2).
  • Apple Inc.: Device push tokens, notification content, transaction IDs — for push notifications (APNs) and subscription verification (App Store). Data processed in US.
  • Google LLC: Google OAuth token (login only) — for authentication. Data processed in US.
  • Meta Platforms (Facebook): Facebook OAuth token (login only) — for authentication. Data processed in US.
  • OpenStreetMap / Nominatim: Approximate GPS coordinates (rounded to ~5km) — for reverse geocoding (converting coordinates to city/state name). Public API.

C. We Do NOT:

  • Sell your personal information to third parties.
  • Share your data for third-party advertising or cross-app tracking purposes.
  • Use any third-party analytics SDKs (e.g., Firebase Analytics, Mixpanel, Amplitude).
  • Share your precise location with other users (only approximate distance is shown).

D. Legal Disclosures

We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Retention

  • Account & Profile Data: Until you delete your account. Soft delete immediately; data purged after 30-day recovery window.
  • Photos: Until you remove them or delete your account. Deleted from S3 storage upon removal.
  • Verification Selfies: Deleted immediately after verification. Automatically purged from S3 after processing.
  • Location (GPS coordinates): Overwritten on each update; no history stored. Removed when account is deleted.
  • Location Name (city/state): Until next location update or account deletion.
  • Push Notification Tokens: Auto-expired after 90 days of inactivity; deleted 30 days after expiration.
  • Authentication Tokens: Access tokens: 1 hour; Refresh tokens: 14 days. Auto-expired.
  • Swipe & Match History: Until account deletion.
  • Chat Messages: Per chat service retention policy. Deleted when match is unmatched or account deleted.
  • Subscription Records: Retained indefinitely for financial audit compliance.
  • Reports & Moderation Records: Retained indefinitely for safety purposes.

5. Your Rights

A. United States

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  1. Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.
  2. Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).
  3. Right to Correct: You may request correction of inaccurate personal information.
  4. Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising. No opt-out is required.
  5. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  6. Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (e.g., precise geolocation, religious beliefs) to what is necessary for providing our services.

All U.S. Residents

Regardless of your state of residence:

  • You can access your profile data at any time through the App (Profile > My Profile).
  • You can correct your data by editing your profile in the App.
  • You can delete your account through the App (Profile > Settings > Delete Account), or by contacting us at the email below.
  • You can withdraw consent for push notifications through your device settings.
  • You can withdraw consent for location access through your device settings.

How to Exercise Your Rights

To submit a privacy request, contact us at:

We will verify your identity and respond to your request within 45 days, as required by applicable law.

B. Republic of Korea (개인정보보호법 / PIPA)

If you are a resident of the Republic of Korea, the following applies under the Personal Information Protection Act (PIPA):

Personal Information Processing

  • We collect and use your personal information only for the purposes stated in this Privacy Policy (see Section 1 and Section 2).
  • We retain your personal information for the periods described in Section 4. Upon expiration, personal information is promptly destroyed.
  • Personal information is destroyed by deleting electronic files using methods that prevent recovery, and by shredding or incinerating physical documents.

Outsourced Processing (위탁)

We outsource the processing of personal information to the following service providers:

  • Amazon Web Services, Inc. — Cloud hosting, photo storage, facial verification (US region)
  • Apple Inc. — Push notifications, subscription payment processing
  • Google LLC — Authentication (Google Sign-In)
  • Meta Platforms, Inc. — Authentication (Facebook Login)

International Data Transfer

Your personal information is transferred to and processed in the United States. We ensure appropriate safeguards are in place, including encryption in transit and at rest, access controls, and contractual obligations with service providers.

Your Rights

As a data subject under PIPA, you have the right to:

  1. Access your personal information.
  2. Correct inaccurate or incomplete information.
  3. Delete your personal information, subject to legal retention requirements.
  4. Suspend processing of your personal information.

You may exercise these rights through the App or by contacting us at crushai.team@gmail.com. We will respond within 10 days as required by law.

Personal Information Protection Officer

C. Japan (個人情報保護法 / APPI)

If you are a resident of Japan, the following applies under the Act on the Protection of Personal Information (APPI):

  • Purpose of Use: Your personal information is used solely for the purposes stated in Section 2 of this Privacy Policy.
  • Third-Party Provision: We do not provide your personal information to third parties without your consent, except as required by law or as described in Section 3.
  • Cross-Border Transfer: Your personal information is transferred to and processed in the United States by the service providers listed in Section 3. We take appropriate measures to ensure the protection of your information.
  • Your Rights: You may request disclosure, correction, deletion, or suspension of use of your personal information by contacting us at crushai.team@gmail.com. We will respond without delay after verifying your identity.

D. Canada (PIPEDA)

If you are a resident of Canada, the following applies under the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • Consent: By creating an account, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent at any time by deleting your account.
  • Purpose: We collect personal information only for the purposes identified in Section 2.
  • Access and Correction: You have the right to access your personal information held by us and to request corrections. Contact us at crushai.team@gmail.com.
  • Complaints: If you have concerns about our privacy practices, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption in transit (HTTPS/TLS for all communications)
  • Password hashing (bcrypt)
  • Token hashing (SHA-256 for refresh tokens; plaintext never stored)
  • AWS infrastructure security (encrypted storage, access controls)
  • Role-based access controls for admin functions
  • Rate limiting on sensitive operations (verification attempts, login)

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at crushai.team@gmail.com.

7. Children's Privacy

24Crush is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a user under 18, we will delete that account and associated data promptly. If you believe a minor is using our App, please contact us at crushai.team@gmail.com.

This policy complies with the U.S. Children's Online Privacy Protection Act (COPPA), the Republic of Korea's Personal Information Protection Act (which restricts collection of information from children under 14 without parental consent), and Japan's APPI (which provides additional protections for minors under 16).

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and updating the "Last Updated" date above. Your continued use of the App after such changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy: