Data We Collect and Why
We follow a strict data-minimization principle — we only collect what is directly necessary to provide the Crave service.
Account and Profile Information
When you create a Crave account, you provide:
- Name, age, gender, and dating preferences (interested_in_genders)
- Bio and prompt answers
- Turn-ons (required to complete your profile)
- Height (optional)
- Connection intents — what you are looking for
- Profile audio clip (optional)
- Email address — via direct sign-up or Google Sign-In (OAuth)
- Country, locality, and manually selected map location
Purpose: To create and display your profile to other users and enable matching. Private preferences (stored in user_private) are never visible to other users.
Photos — Android Photo Picker
Crave uses the Android Photo Picker exclusively. We never request READ_EXTERNAL_STORAGE, READ_MEDIA_IMAGES, CAMERA, or any broad gallery permission. You manually select only the photos you wish to share.
Microphone and Voice Notes (RECORD_AUDIO)
Crave allows you to send voice notes in chat and record an optional profile audio clip. The RECORD_AUDIO permission is used exclusively for this.
- Microphone is activated only when you press and hold the record button
- We never access the microphone passively or in the background
- Before the microphone permission is requested, an in-app disclosure screen is shown explaining exactly how RECORD_AUDIO is used.
- Voice recordings are encrypted in transit (TLS) and stored on Supabase solely to deliver the message or display your profile audio
- Audio content is checked via AWS for harmful or violating content
- We do not transcribe, analyse, sell, or use audio data for advertising
Location — Manual Selection Only
Crave does not use GPS. We do not request ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION permissions at any point.
You manually select a preferred city or area on a map (Google Maps). We store your country_code, locality, and approximate coordinates for proximity-based matching. Your precise coordinates are never displayed to other users.
Push Notifications (POST_NOTIFICATIONS)
We use Firebase Cloud Messaging (FCM) to send push notifications when you receive a match or message. This permission is requested at runtime — you can deny or revoke it at any time in your device Settings. We do not use push notifications for advertising.
In-App Purchases and Subscriptions
Crave uses a Freemium model with optional premium subscriptions and one-time purchases. All payments are processed by Google Play Billing. Subscription status is managed via RevenueCat.
- We store: subscription tier, purchase history, product ID, and transaction timestamps
- We never collect, see, or store raw credit card numbers or financial account details
- Refund events and subscription lifecycle events are logged for accounting and legal compliance
Crash Reports and Analytics
We use Firebase Crashlytics to detect app crashes and Firebase Analytics to understand feature usage. This data is aggregated and anonymised — it is never linked to your personal identity for advertising or sold to third parties.
Content Moderation Data
To keep Crave safe, we collect: user reports, moderation actions (warn / suspend / ban) with reasons and timestamps, AWS Rekognition results per photo, appeal submissions, and ban history. This data is retained for safety and legal compliance and is never shared publicly or used for advertising.
Usage and Behavioural Data
We collect daily usage data (swipes, likes, matches, messages) to enforce fair-use tier limits, prevent abuse, and improve the app. This data is tied to your account but is not sold or shared with advertisers.
Android Permissions
The following permissions are declared in the Crave AndroidManifest. No other permissions are requested.
Google Play Data Safety
This section maps directly to the Data Safety form in Google Play Console.
| Data Type | Collected? | Purpose / Notes |
|---|---|---|
| Name | Yes | Profile display. Visible to other users. |
| Email address | Yes | Account auth and support. Not shown to other users. |
| User IDs | Yes | Account management and matching. |
| Age | Yes | Age verification (18+) and matching filters. |
| Gender & preferences | Yes | Profile display and discovery matching. |
| Turn-ons | Yes — required | Required profile field. Displayed on profile to matches. |
| Height | Yes — optional | Displayed on profile if provided. |
| Photos | Yes — user selects | Profile display. Moderated via AWS Rekognition before shown to others. |
| Audio recordings | Yes — user initiates | Voice notes and profile audio. Moderated via AWS. |
| Approximate location | Yes — manually set | Proximity-based matching. No GPS used. |
| In-app purchase history | Yes | Grant premium features. Legal and accounting compliance. |
| App interactions | Yes | Swipe and match history for tier limits and analytics. |
| Crash logs | Yes | Bug fixing via Firebase Crashlytics. Anonymised. |
| Biometric data | No | On-device face detection only — no data extracted or stored. |
| Precise GPS location | No | Not requested. Never collected. |
| Contacts | No | Not requested or accessed. |
| Device files / gallery | No | Photo Picker used — no gallery access granted. |
- Data encrypted in transit: Yes — all data uses HTTPS / TLS.
- Data used for tracking or advertising: No.
- Users can request deletion: Yes — Settings → Delete Account in-app.
- Biometric data collected: No.
Who We Share Your Data With
We do not sell your personal data. We only share data with the following trusted service providers, strictly to operate Crave.
Legal and Corporate Sharing
We may disclose your data to law enforcement, courts, or regulators when legally required, or when necessary to protect the safety of our users. In the event of a merger or acquisition, your data may be transferred — you will be notified in advance.
Content Moderation
Crave uses automated and human-reviewed moderation to maintain a safe environment for all users.
Image Moderation — AWS Rekognition
Every photo uploaded is automatically reviewed before it becomes visible to anyone. Rekognition returns content labels (Explicit Nudity, Violence, Hate Symbols, etc.) and a confidence score:
- Confidence > 90%: Photo is automatically rejected
- Confidence 60–90%: Photo is queued for human review
- Confidence < 60%: Photo is approved
Rejected photos are not shown to other users. You will be notified and may submit an appeal.
Text and Audio Moderation
Bios, prompt answers, and profile audio are subject to content review to detect hate speech, harassment, explicit content, and policy violations. Audio without approval is not surfaced to other users.
User Reports, Blocking, and Unmatching
Any user can report another user via the in-app report flow. Reports are stored and reviewed by our moderation team. The reported user will not know who reported them. Reports may result in a warning, temporary suspension, or permanent ban depending on severity.
Users have the ability to block or unmatch with any other user at any time to immediately prevent further communication and hide their profile.
Moderation Actions and Appeals
If your account is actioned (warned, suspended, or banned), you will receive an in-app notification with the reason.You may submit an appeal through the app or via ourSupport Centre. Appeals are reviewed by a human moderator and the outcome will be communicated within a reasonable timeframe. Moderation records are retained for legal compliance and are never shared publicly.
Your Rights and Choices
Access and Correction
You can view and edit your profile information at any time within the app — name, bio, photos, preferences, and location.
Account Deletion
You can permanently delete your account at Settings → Delete Account. Upon confirmation:
You can also request account deletion via our Support Centre if you no longer have access to the app.- Your profile immediately disappears from the app and discovery
- Personal data, matches, chat history, voice notes, and photos are permanently deleted from active databases
- Basic transaction logs and moderation records may be retained for a limited period as required by law
- Anonymised, aggregated analytics data may be retained indefinitely as it cannot identify you
Notification Control
Disable push notifications at any time in Settings → Apps → Crave → Notifications on your device.
Withdrawal of Consent
You may withdraw consent for data processing at any time by deleting your account. This does not affect the lawfulness of processing that occurred before withdrawal.
Data Portability
You may request a copy of your personal data by contacting help.cryptpeach@gmail.com. We will respond within 30 days.
Right to Object
To object to any type of data processing, contact us at help.cryptpeach@gmail.com. We will assess and respond within 30 days.
Data Retention
We retain different categories of data for different periods based on purpose and legal requirements.
Security
- All data in transit is encrypted using TLS / HTTPS
- Data at rest on Supabase is encrypted at the storage layer
- Firebase Auth is used for secure session management and authentication
- API keys and secrets are never stored in the app binary or source code
- The app is built with code minification and shrinking enabled for release builds
- Content moderation removes harmful material before it reaches other users
While we implement industry-standard security practices, no system is 100% immune to breaches. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
Age Restriction (18+)
Crave is strictly for adults aged 18 and over. This is enforced at the database level. We do not knowingly collect or process personal data from anyone under 18.
If we become aware that a minor has created an account, we will immediately terminate the account and permanently delete all associated data. If you believe a minor is using Crave, please report this to help.cryptpeach@gmail.com immediately.
International Users
GDPR and CCPA
If you are located in the European Economic Area, your data is processed under GDPR. The legal basis for processing your profile data (including sensitive preferences) is your explicit consent given at account creation (Art. 6(1)(a) and Art. 9(2)(a) GDPR). You may withdraw consent at any time by deleting your account.
If you are a California resident, you have rights under the CCPA including the right to know what data we collect, the right to delete it, and the right to opt out of sale (we do not sell your data). Contact help.cryptpeach@gmail.com to exercise these rights.
Crave is operated by Cryptpeach. Your data may be transferred to and processed in countries other than your country of residence, including countries where data protection laws may differ from your own. By using Crave, you consent to this transfer.
We take appropriate steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
Changes to This Policy
We may update this Privacy Policy as Crave evolves or as legal requirements change. When we make material changes, we will:
- Update the Effective Date at the top of this document
- Send an in-app notification to all active users
- Post the updated policy at the URL listed in the Google Play store listing
Continued use of the app after changes are posted constitutes your acceptance of the updated policy. If you do not agree to an updated policy, you should delete your account.
Contact Us
If you have any questions, data access requests, deletion requests, or appeals, please contact us. We aim to respond to all privacy-related requests within 30 days.
Get in Touch
We are here to help with any privacy question or data request. You can also submit requests directly through our Support Centre.
help.cryptpeach@gmail.com