Can Crush
Privacy Policy
Back to Home

Privacy Policy

Last updated: May 9, 2026

Can Crush LLC (“Can Crush,” “we,” “our,” or “us”) operates the Can Crush mobile application and the website at cancrush.ai (together, the “Services”). This Privacy Policy explains what data we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it.

If you do not agree with this policy, please do not use the Services.

1. What We Collect

Account information

When you create an account, we collect the email address associated with your Apple ID, Google account, or passkey, along with the username and country you choose during onboarding. We do not store passwords for Sign in with Apple or Google sign-in — the identity is verified by Apple or Google. If you create a password account directly with Can Crush, we store only a salted hash of your password (we never store the plaintext).

Submission images

When you measure a crushed can, the app captures a photo of the crushed can next to a standard payment or ID card used as a scale reference. Before any photo leaves your device, the card region is masked in-memory by the app so that card pixel data is never captured, transmitted, or stored. The masked image and the can measurement (diameter and confidence score) are sent to our servers for use in your results history and leaderboards.

Game and usage data

We collect data generated by your use of the Services, including measurement results, leaderboard placement, badges and streaks, Can Crush STOMP scores, competition and challenge participation, friend connections, and content you report or that is reported about you.

Device and technical data

We collect technical data needed to operate the app, including device model, operating system version, app version, language and locale settings, time zone, and IP address. We use push notification tokens (Apple Push Notification service or Firebase Cloud Messaging) to deliver notifications you have opted into.

Location

If you grant location permission, we use your device’s coarse location to support regional and country-scoped leaderboards and the Tailgate proximity feature. You can revoke location permission at any time in your device settings; the Services will continue to work without it, with regional features disabled.

Analytics and crash data

We use Firebase Analytics (Google) to understand aggregate app usage and Firebase Crashlytics to receive crash and error reports. These tools collect device identifiers, app and OS versions, and event timing. We do not link Firebase identifiers to your name or contact information.

Advertising

The app displays ads through Google AdMob. AdMob may collect device advertising identifiers (such as the iOS IDFA or Android Advertising ID) and use them to show relevant ads, subject to your device’s tracking-permission settings. You can manage advertising preferences and opt out of personalized ads in your device settings.

2. How We Use Your Data

We process the data described above to:

  • Provide measurement, leaderboards, competitions, friends, and other core features;
  • Authenticate you and keep your account secure;
  • Send transactional email (such as password resets) and notifications you have opted into;
  • Detect and prevent fraud, abuse, and policy violations;
  • Improve product quality through aggregate analytics and crash reports;
  • Comply with legal obligations and enforce our Terms of Service.

3. Who We Share Data With

We share data only with service providers who help us operate the Services and only to the extent needed for that operation. These include:

  • Microsoft Azure — application hosting, database, and image storage;
  • Google Firebase — analytics, crash reporting, and Cloud Messaging push delivery to Android devices;
  • Apple Push Notification service — push delivery to iOS devices;
  • Google AdMob — in-app advertising;
  • Resend — transactional email delivery (password resets and similar);
  • Cloudflare — DNS, edge caching, and the cancrush.ai website.

We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.

We may disclose data when required by law, when responding to lawful subpoenas or court orders, when needed to protect the rights, property, or safety of Can Crush or others, or in connection with a merger, acquisition, or sale of assets (in which case the acquiring party will be bound by this policy or one with equivalent protections).

4. International Data Transfer

Our infrastructure is hosted in the United States. If you access the Services from outside the United States, your data will be transferred to and processed in the United States, which may have different data-protection laws than your country.

5. Data Retention

We retain account and content data for as long as your account is active and as needed to operate the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we delete or de-identify associated data within 24 hours, subject to limited retention required for security, fraud prevention, or legal compliance. See our Account Deletion page for full details.

6. Your Rights

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal data we hold about you;
  • Correction — ask us to correct inaccurate or incomplete data;
  • Deletion — ask us to delete your account and personal data;
  • Portability — request a machine-readable copy of your data;
  • Objection / restriction — object to or restrict certain processing.

You can exercise the deletion right directly inside the app (Profile → Account Settings → Delete Account) or via our Account Deletion page. For other rights, email [email protected].

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights. EU and UK residents have additional rights under the GDPR and UK GDPR, including a right to lodge a complaint with your local supervisory authority.

7. Children’s Privacy

Can Crush is rated for users aged 13 and older and is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact [email protected] and we will delete it.

8. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest in Azure, password hashing, scoped access tokens with short lifetimes, and role-based access controls for our team. No system is perfectly secure, and we encourage you to use a strong, unique password (or, better, Sign in with Apple, Google, or a passkey).

9. Changes To This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be communicated through an in-app notice or email when reasonably possible.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].

Can Crush LLC

Home Terms of Service Account Deletion Support