Privacy Policy

Last Updated: February 2026

This Privacy Policy describes how Brush Social L.L.C., doing business as Brush ("we," "us," or "our"), collects, uses, and protects your information. Privacy isn't just a feature — it's our foundation.

Our Core Privacy Principles

  • We minimize location data; precise coordinates are discarded after proximity check
  • All connections require mutual consent
  • All data encrypted in transit and at rest
  • We never sell data or show ads
  • You can delete your account and data anytime, except where we are legally required to retain information (e.g., after a report to authorities)

Information We Collect

What We Collect:

  • Profile Information: Name, age, interests you choose to share
  • Venue Data: Temporary detection of users within the same venue
  • Interactions: Mutual matches and messages (encrypted)
  • Connection and safety data: IP address and date/time of access when necessary for safety, fraud prevention, and legal compliance. U.S. law requires us to collect and, in certain circumstances, preserve this information for reporting and evidence preservation (see Legal Compliance & Evidence Preservation below).

What We DON'T Collect:

  • Precise GPS coordinates or location history
  • Movement patterns or tracking data
  • Contact lists or social media connections

How Proximity Works

Brush uses privacy-preserving proximity detection:

  • We compute presence within venue zones, not exact coordinates
  • Proximity data expires after 30 minutes of inactivity
  • No location history is ever stored or accessible
  • You control when proximity detection is active

Legal Compliance & Evidence Preservation

Under U.S. federal law, including the REPORT Act of 2024, we are required to report certain illegal content to the National Center for Missing & Exploited Children (NCMEC) CyberTipline and to preserve evidence when we do. When we discover and report such material, we must retain the following for at least one year:

  • The reported content
  • User identity (username, account email)
  • Connection logs (IP address, date, time, time zone)
  • Account registration date and, if applicable, payment information
  • Captions, comments, or messages associated with the reported material

This preserved data is stored in accordance with federal guidelines (including NIST-based security standards), encrypted, and accessible only to authorized personnel for legal and compliance purposes. We may retain this data beyond the required period where we believe it is necessary to combat online exploitation.

Safety & Law Enforcement Disclosures

Brush is legally required under 18 U.S.C. § 2258A and the REPORT Act to disclose personal information and user content to the National Center for Missing & Exploited Children (NCMEC) if we become aware of child sexual abuse material (CSAM), child sex trafficking, or online enticement of minors. These disclosures are mandatory and do not require your consent.

When we file a report with the NCMEC CyberTipline, we may share: account identifiers (username, email, account creation date); connection logs (IP address, date/time stamps and time zone); the reported content (images or communications); and device metadata (browser or device identifiers). This information assists in victim identification and criminal investigation.

NCMEC reviews every report and makes it available to appropriate law enforcement agencies. We may also disclose your personal information directly to law enforcement in response to a subpoena, court order, or search warrant, or if we believe in good faith that disclosure is necessary to prevent imminent physical harm.

Federal law requires us to preserve data related to an NCMEC report for at least one year. During this period, we will not delete that data even if you close your account or request deletion. This overrides any general right to deletion you may have (e.g., under GDPR or CCPA) with respect to that reported matter.

Data Security

  • All data encrypted in transit and at rest
  • Industry-standard security protocols
  • Regular security audits and updates
  • Immediate notification of any breaches

Your Rights

You have complete control over your data:

  • Access: Request all data we have about you
  • Correction: Update any information
  • Deletion: Request permanent removal of your data, except where we are legally required to retain it (e.g., after a report to NCMEC or law enforcement)
  • Portability: Export your data anytime
  • Opt-out: Control all privacy settings

Third-Party Services

We use minimal third-party services:

  • Firebase for secure infrastructure (Google)
  • No advertising networks or data brokers
  • When required by law, we disclose information to NCMEC and law enforcement (see Safety & Law Enforcement Disclosures above)

Contact Us

Questions about privacy? We're here to help:

Email: legal@brush.social

Changes to This Policy

We'll notify you of any significant changes via email and in-app notifications. Your continued use after changes means acceptance of the updated policy.