Privacy Policy
Last updated: 2026 · Krush
Krush is a double opt-in "secret crush" service. This policy explains what we collect, why,
and your rights. We built Krush so that nobody can see who you like unless it is mutual —
privacy is the core of the product, not an afterthought.
What we collect
- Your phone number — used only to verify you and to match you. It is stored as a
one-way hash (HMAC), not as the raw number. We cannot read your crushes from our database.
- A display name you choose — shown to another person only after a mutual match.
- Your likes and matches — a like points at a hashed number, never a readable one.
- Messages you send in a matched chat.
- Basic technical data (IP address, timestamps) for security and abuse prevention.
How verification works
We use Google Firebase Phone Authentication to send your one-time verification code by SMS.
Google processes your number to deliver that SMS. See Google's privacy terms for details.
What we never do
- We never reveal who likes you unless you like them back too.
- We never send anything to people who are not on Krush.
- We never sell your data.
Your rights (incl. India DPDP Act, 2023)
You can request access to, correction of, or deletion of your data at any time by
emailing privacy@krush.example. We will delete your
account, likes, matches, and messages on request.
Age
Krush is only for people aged 18 and over.
Contact
privacy@krush.example
← Back to Krush