Effective Date: January 31, 2026
Controller: Homie Lab Inc. ("RUSH," "we," "us," or "our")
Primary Contact: privacy@feeltherush.app
Mailing Address: Toronto, Ontario, Canada
RUSH is built for a community that often has to think carefully about privacy. This Policy explains what we collect, why we collect it, when we share it, and the choices you have.
Quick Read
- RUSH is an adults-only service.
- Some profile fields are sensitive and always optional.
- We do not show exact GPS coordinates to other users.
- We do not sell personal data.
- You can request access, correction, deletion, and other rights depending on your location.
1. Scope
This Privacy Policy applies to the RUSH mobile application, the feeltherush.app website, and related services (collectively, the "Service"). It is intended to cover users in the European Union, European Economic Area, United Kingdom, United States, Canada, and other jurisdictions where RUSH is available.
2. Information We Collect
Information You Provide
| Category | Examples | Why We Use It |
|---|---|---|
| Account identifiers | Email address, phone number, Sign in with Apple or Google credentials, authentication tokens | Account creation, login, recovery |
| Profile information | Display name, age or date of birth, photos, bio, height, body type, preferences | Profile creation, matching, discovery |
| Sensitive profile data | Sexual orientation, sexuality-related preferences, HIV status, relationship status | Optional profile display and matching preferences |
| Communications | Messages, media shared in chat, report submissions | Service delivery, safety, moderation |
| Payment confirmations | Platform-level purchase confirmations from Apple or Google | Subscription status and entitlement management |
Information Collected Automatically
| Category | Examples | Why We Use It |
|---|---|---|
| Location data | GPS-derived location processed into approximate distance or map placement, IP-derived location | Nearby discovery, Right Now, fraud prevention |
| Device information | Device model, OS version, app version, device identifiers, advertising ID | Reliability, analytics, troubleshooting, abuse prevention |
| Usage data | Features used, session duration, in-app navigation, interactions | Product improvement and analytics |
| Technical logs | IP address, crash logs, timestamps, error reports | Security, debugging, abuse detection |
Information From Third Parties
We may receive:
- basic profile information from social login providers if you choose Sign in with Apple or Google; and
- campaign or attribution information from analytics and marketing partners.
3. Sensitive Personal Data
RUSH may process sensitive personal data, including:
- sexual orientation;
- sexual preferences or interests; and
- HIV status, if you choose to disclose it.
These fields are optional. You decide whether to fill them in and, where applicable, how visible they are to others.
Legal Basis for Sensitive Data
Where required by law, including under GDPR Article 9, we rely on your explicit consent when you choose to provide sensitive data and make it visible within the Service.
How We Protect Sensitive Data
- Sensitive fields are not shared with advertisers for targeting.
- You can edit or delete these fields at any time.
- We use encryption in transit and storage controls designed to protect this data.
4. Legal Bases for Processing
Where GDPR or similar laws apply, we may process personal data under the following bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of a contract |
| Profile display and in-app discovery | Performance of a contract |
| Sensitive profile display | Explicit consent |
| Location-based features | Legitimate interests and, where required, consent |
| Safety scanning and moderation | Legitimate interests |
| Analytics and product improvement | Legitimate interests or consent, depending on jurisdiction |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
| Security and fraud prevention | Legitimate interests |
5. Location Practices
How Location Is Used
We use location data to support:
- approximate distance indicators;
- nearby discovery;
- the Right Now feature; and
- security or abuse-prevention checks.
Privacy Protections
- Other users see approximate location, not exact coordinates.
- Displayed position may be fuzzed or randomized within a minimum radius.
- Uploaded photos may have EXIF location metadata removed before storage.
- Users may hide from Right Now while continuing to use other parts of the Service.
Users in Sensitive Jurisdictions
If you are in a region where LGBTQ+ identity may create legal or personal risk, you should exercise extra caution. Product controls can reduce risk, but they cannot eliminate it entirely.
6. Messaging
Messages and attachments may be stored on our systems to enable the Service.
- Messages are generally stored server-side for sync and reliability.
- Data in transit is protected with TLS.
- Stored data is protected using infrastructure-level security controls.
- End-to-end encryption is not currently implemented.
- Messages and attachments may be reviewed where necessary for safety, moderation, legal compliance, or support.
For retention details, see Section 12 below.
7. Automated Processing and Moderation
Photo Scanning
We may use automated tools such as AWS Rekognition to scan uploaded images for:
- prohibited content;
- public nudity policy violations; and
- safety threats.
Text and Behavioral Signals
We may use automated systems to help detect:
- grooming patterns;
- threats of violence;
- fraud indicators; and
- spam.
Human Review
Automated systems are used to flag or prioritize content. Final moderation decisions that have significant impact are not intended to rely solely on automation without human review.
8. Cookies and Tracking Technologies
We use cookies, pixels, SDKs, and similar technologies for website functionality, analytics, and attribution. See our separate Cookie Notice for full details.
In short:
- essential tools support the website;
- analytics help us improve the product; and
- attribution tools help us understand marketing performance.
We do not sell personal data.
9. How We Use Personal Data
We may use personal data to:
- create and maintain accounts;
- authenticate users;
- display profiles and support discovery features;
- provide approximate location-based features;
- enforce safety rules and investigate abuse;
- moderate content;
- operate customer support;
- analyze product usage and improve the Service;
- send marketing messages when allowed; and
- comply with law or respond to valid legal requests.
10. How We Share Data
Service Providers
We share data with service providers that process data on our behalf.
| Provider | Role | Typical Data Shared |
|---|---|---|
| Supabase | Hosting, database, storage | Core service data |
| AWS Rekognition | Image safety scanning | Uploaded images submitted for scanning |
| Segment | Analytics | Usage events and pseudonymous identifiers |
| Meta Ads | Attribution | Conversion-related advertising identifiers and events |
| AppsFlyer | Attribution | Install and campaign attribution data |
| Google Maps Platform | Location services | Approximate coordinates, where needed |
Other Users
Depending on your settings and use of the Service, other users may see:
- your profile information;
- your profile and shared photos;
- your approximate location; and
- messages you send them.
Legal and Safety Disclosures
We may disclose information:
- in response to valid legal process;
- to help prevent imminent harm;
- where required for child safety reporting;
- to investigate serious criminal conduct; or
- to protect the rights, safety, or security of users, RUSH, or others.
Where legally permitted, we may challenge broad requests and notify affected users.
Sale of Data
We do not sell personal data.
11. International Transfers
RUSH infrastructure and vendors may process data in the United States and other countries.
Where required by law, cross-border transfers may rely on:
- Standard Contractual Clauses;
- contractual protections with processors; and
- additional technical or organizational safeguards.
Questions about international transfers can be sent to privacy@feeltherush.app.
12. Data Retention
We retain data for as long as needed for the Service, safety, legal compliance, and legitimate business purposes.
| Data Type | Typical Retention |
|---|---|
| Active account data | Life of the account |
| Messages | Until deletion, subject to retention schedules |
| Photos | Until deletion, subject to retention schedules |
| Reports and moderation records | Up to 2 years |
| IP and device logs | About 90 days |
| Analytics data | May be aggregated or de-identified over time |
Account Deletion
When you delete your account:
- your profile may be hidden promptly;
- some data may remain during a restoration grace period or backup cycle; and
- residual data may be deleted over time according to backup, legal, and safety retention schedules.
13. Your Rights
Rights Available to Most Users
You may have the ability to:
- access your data;
- correct inaccurate information;
- delete your account and associated data;
- download a copy of certain data; and
- manage visibility settings for sensitive fields.
Additional Rights for Users in the EU, EEA, and UK
Where applicable, you may also have rights to:
- withdraw consent;
- object to certain processing;
- restrict processing; and
- complain to your local supervisory authority.
Additional Rights for California Residents
California residents may have rights to:
- know what categories of personal information we collect and use;
- request deletion;
- request correction;
- opt out of sale or sharing, where applicable; and
- receive non-discriminatory treatment when exercising privacy rights.
RUSH does not sell personal information.
Canadian Users
Canadian users may request access to personal information and challenge its accuracy under applicable law.
How to Exercise Rights
- Use in-app controls where available.
- Email privacy@feeltherush.app.
We may need to verify your identity before fulfilling a request.
14. Security
We use technical and organizational safeguards designed to protect personal data, including:
- encryption in transit;
- infrastructure-level access controls;
- authentication and authorization safeguards;
- rate limiting and abuse-prevention measures;
- photo metadata stripping where appropriate; and
- employee access controls and training.
No system is perfectly secure. We cannot guarantee absolute security.
Breach Notification
If a data breach requires notice under applicable law, we will provide notice to regulators and affected users as required.
15. Age Restriction
RUSH is strictly for adults 18 and older.
- We do not knowingly allow minors on the Service.
- If we learn that an account belongs to someone under 18, we may remove the account and associated data.
- Illegal content involving minors may be reported to NCMEC or law enforcement as required.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be communicated through the app, by email, or on the website.
Continued use of RUSH after an update means you accept the revised Policy.
17. Contact
- Privacy: privacy@feeltherush.app
- Legal: legal@feeltherush.app
- Support: support@feeltherush.app
Phone: +1 (647) 684-0908
Mailing Address:
Homie Lab Inc.
517 Richmond St East Suite 1015
Toronto, ON M5A 1R4
Canada
Last Updated: January 31, 2026