App Privacy Policy

Canonical URL: https://crushedge.com/app-privacy-policy
Publisher: CrushEdge
Contact: https://crushedge.com/contact-us/
Last updated: 2026-05-04

Table of Contents

  1. Who We Are
  2. Scope
  3. Data We Collect
  4. How We Use Your Data
  5. Legal Basis for Processing (GDPR)
  6. How Long We Keep Your Data
  7. How We Protect Your Data
  8. Third-Party Services
  9. International Transfers
  10. Your Rights

Your Rights Under GDPR (EEA / UK)
Your Rights Under CCPA (California)
All Other Users

  1. Children’s Privacy (COPPA)
  2. Data Breach Notification
  3. Changes to This Policy
  4. Contact Us

1. Who We Are

CrushEdge is an independent Android app developer. We build simple, privacy-respecting mobile applications for everyday use. This privacy policy applies universally across all apps we publish on Google Play and any other distribution channels, now and in the future.

Publisher name: CrushEdge
Website: https://crushedge.com
Privacy contact: https://crushedge.com/contact-us/

2. Scope

This policy covers all apps published by CrushEdge on Google Play or any other platform — current and future — unless a separate, explicitly stated policy is provided for a specific app.

By installing or using any CrushEdge app, you agree to the practices described in this policy.

3. Data We Collect

We apply a minimum data principle: we collect only what is strictly necessary for an app to function. The nature of data collected depends on the type of app:

Apps That Relay Data Through a Server (e.g. messaging or communication apps)

These apps require a server to deliver content between devices. For such apps we may collect:

Data Purpose
Anonymous device identifier (UUID)A randomly generated unique ID created on first launch. Not linked to your name, email, phone number, or any government-issued identifier. Used solely to route data to the correct device.
Display name & avatarA name and avatar chosen freely by the user. Stored on our server only to identify the device within its private group. No real name is required.
Messages, images, and voice messagesContent sent between paired devices. Relayed through our server and deleted automatically after delivery or within 72 hours, whichever comes first.
Push notification token (FCM)A token issued by Google Firebase, used solely to deliver push notifications when new content arrives. Never used for advertising or analytics.

We do not collect: real names, email addresses, phone numbers, location data, device contacts, browsing history, or any behavioural analytics.

On-Device Utility Apps (e.g. file tools, productivity apps)

These apps process all data entirely on your device. They transmit nothing to CrushEdge servers or any third-party server. We collect no personal data through these apps.

What We Never Collect — Across All Apps

Regardless of app type, CrushEdge never collects:

  • Advertising identifiers or ad-tracking data
  • Precise or approximate location
  • Device contacts or call logs
  • Biometric data
  • Financial or payment information
  • Health or medical information
  • Sensitive personal identifiers (passport, national ID, tax number, etc.)

4. How We Use Your Data

We use the data we collect only for the following purposes:

Purpose Data Used
Delivering content between devices Anonymous UUID, messages, images, voice messages, push token
Displaying the correct identity within a private groupDisplay name, avatar
Sending push notifications for new contentPush notification token (FCM)
Server security and abuse preventionAnonymous UUID (rate limiting only)

We do not use your data for:

  • Advertising or ad targeting
  • Selling to or sharing with third parties
  • Profiling or behavioural analytics
  • Machine learning model training
  • Any purpose beyond those listed above

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom (UK), we process personal data only where we have a valid legal basis under GDPR / UK GDPR.

Processing ActivityLegal Basis
Routing and delivering content between devicesContract performance — necessary to provide the service the user has chosen to use (Art. 6(1)(b) GDPR)
Storing display name and avatar within a private groupContract performance — necessary to identify devices within the private group (Art. 6(1)(b) GDPR) | | Sending push notifications
Sending push notificationsLegitimate interests — delivering the core real-time notification feature of the app (Art. 6(1)(f) GDPR). Data is minimal and anonymous; notifications can be disabled in your device settings at any time.
Abuse prevention and rate limitingLegitimate interests — protecting the integrity and availability of our service (Art. 6(1)(f) GDPR)

No special category data (Art. 9 GDPR) is collected by any CrushEdge app.

We do not use automated decision-making or profiling as defined in Art. 22 GDPR.

6. How Long We Keep Your Data

We retain data for the shortest time necessary:

Data Retention Period
Messages, images, and voice messages (server-side)Automatically deleted within 72 hours of storage, or immediately upon confirmed delivery to all recipients — whichever comes first
Push notification tokenRetained while the device is active in a group. Deleted when the device is removed or on request.
Anonymous device UUIDetained while the device is part of an active group. Deleted on request or after 90 days of inactivity.
Display name & avatarRetained while the device is part of an active group. Deleted on request or after 90 days of inactivity.
Files processed by on-device utility appsever transmitted to our servers. No server-side retention.

Local copies of any content on your device are under your sole control and subject to your device’s own storage management.

7. How We Protect Your Data

We take reasonable and appropriate technical and organisational measures to protect your data:

  • Encryption in transit — all communication between our apps and our server uses TLS 1.2+ (HTTPS). No data is ever sent over unencrypted connections.
  • Tenant isolation — all server data is logically isolated per group. No user or group can access another group’s data.
  • No persistent content logs — we do not retain server logs that contain message or file content.
  • Minimal attack surface — our server holds only the minimum data required for delivery, and deletes it promptly on schedule.
  • No third-party data sharing — we never sell, rent, licence, or share your data with third parties for any commercial purpose.

Despite these measures, no method of transmission or storage over the internet is 100% secure. We will notify affected users in the event of a data breach in accordance with Section 12.

8. Third-Party Services

Our apps may use the following third-party services. Each operates under its own privacy policy, which we encourage you to review.

Service Purpose Privacy Policy
Google Firebase Cloud Messaging (FCM)Push notification delivery (messaging apps only)https://policies.google.com/privacy
Google Play ServicesApp distribution and updateshttps://policies.google.com/privacy

We do not integrate any of the following into our apps:

  • Advertising SDKs (e.g. AdMob, Meta Audience Network)
  • Analytics SDKs (e.g. Google Analytics, Firebase Analytics, Mixpanel)
  • Crash-reporting services (e.g. Crashlytics, Sentry)
  • Social login SDKs (e.g. Google Sign-In, Facebook Login)

9. International Transfers

Our server infrastructure is located in the European Union (EU). Data processed by Google Firebase (FCM) may be transferred to and stored in the United States or other countries by Google LLC under Google’s standard contractual clauses and applicable privacy frameworks.

For EEA/UK users: Google’s international transfer mechanisms provide safeguards consistent with GDPR Chapter V requirements. Details are available at https://policies.google.com/privacy/frameworks.

For all other users: by using a CrushEdge app you acknowledge that your data may be processed in the EU and, in the limited case of FCM, in the United States.

10. Your Rights

Your Rights Under GDPR (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under GDPR / UK GDPR:

Right Description
Right of access (Art. 15) Request a copy of the personal data we hold about you
Right to rectification (Art. 16)Request correction of inaccurate data
Right to erasure (Art. 17)Request deletion of your data (“right to be forgotten”)
Right to restriction of processing (Art. 18)Request that we limit how we use your data
Right to data portability (Art. 20)Request your data in a structured, machine-readable format
Right to object (Art. 21)Object to processing based on legitimate interests
Right to withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior processing
Right to lodge a complaintComplain to your national data protection supervisory authority

How to exercise your rights: Visit our contact page at https://crushedge.com/contact-us/ and include the subject “GDPR Data Request”. We will respond within 30 days. Because we hold only an anonymous UUID (not your name or email), please include the app name and approximate date of first use so we can locate your record.

Supervisory authorities: EEA users may contact their national DPA — a full list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users may contact the Information Commissioner’s Office (ICO) at https://ico.org.uk.

Your Rights Under CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) / CPRA grants you the following rights:

  • Right to know — the categories and specific pieces of personal information collected about you.
  • Right to delete — request deletion of personal information we have collected.
  • Right to opt-out of sale — we do not sell personal information. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise your California rights, visit https://crushedge.com/contact-us/ and include the subject “CCPA Request”.

All Other Users

Regardless of your location, you may always:

  • Request deletion of your data via https://crushedge.com/contact-us/.
  • Trigger automatic deletion by uninstalling the app — all server-side data associated with your device is purged within 72 hours.
  • Disable push notifications at any time in your device’s system settings.

11. Children’s Privacy (COPPA)

Our apps are not directed to children under the age of 13 as sole, unsupervised users.

Some CrushEdge apps are specifically designed to be installed and configured by a parent or guardian on behalf of their family. In those cases:

  • The parent or guardian controls who participates and what is shared.
  • We do not knowingly collect personally identifiable information from children. Any data collected (such as an anonymous UUID or a chosen display name) is managed by the parent.
  • If you believe a child has provided personal information through one of our apps without parental consent, please contact us at https://crushedge.com/contact-us/ and we will delete it promptly.

Our on-device utility apps collect no personal data at all, posing no child privacy risk.

This policy is consistent with the U.S. Children’s Online Privacy Protection Act (COPPA) and Google Play’s Families Policy.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, CrushEdge will:

  1. Notify the relevant supervisory authority (where required by GDPR Art. 33) within 72 hours of becoming aware of the breach.
  2. Notify affected users without undue delay (where required by GDPR Art. 34) via an in-app notice and/or an update to this policy page.
  3. Document the breach internally, including its nature, scope, and the remedial actions taken.

Because we retain minimal data and delete it on a short schedule, the potential impact of any breach is significantly limited by design.

13. Changes to This Policy

When we update this policy:

  • The “Last updated” date at the top of this page will be revised.
  • For material changes (changes that significantly affect your rights or the data we collect), we will provide notice via an in-app prompt or Google Play update notes.
  • Continued use of any CrushEdge app after a material change constitutes acceptance of the updated policy.

All CrushEdge apps — current and future — are automatically covered by the latest version of this policy at the canonical URL:

https://crushedge.com/app-privacy-policy

Previous versions of this policy are available on request via https://crushedge.com/contact-us/.

14. Contact Us

For any privacy-related questions, data requests, or complaints:

CrushEdge
Contact: https://crushedge.com/contact-us/
Website: https://crushedge.com
Privacy policy: https://crushedge.com/app-privacy-policy

We aim to respond to all enquiries within 30 days.

This document was last reviewed and approved on 2026-05-04.