CrushOn.AI

Waarschuwing: *Privacy niet inbegrepen bij dit product

CrushOn.AI

Beoordelingsdatum: 7 februari 2024

|
|

Mozilla zegt

|
Mensen stemden op: Heel griezelig

Hang on! CrushOn features some really disturbing content front-and-center. Please take care before clicking.

CrushOn.AI's brand of AI chat companions are animated characters. You can even design your own! A quick browse through their catalog shows that art imitates life though since you'll see some familiar faces. That means if you've ever longed for a spicy chat with Sailor Moon, Sonic the Hedgehog, Ghostface (from the Scream movies), or a muscular man with a pyramid for a head, your long wait is over. Unfortunately, before you can let those DMs fly you'll have to navigate a very confusing and sketchy web of websites that make it pretty much impossible to figure out what is legitimate. There's its empty App Store page, a fake chatbot competitor's page that links to CrushOn instead, and a "CrushOn pro" page that links to a totally different NSFW chatbot. Then there's the fact that its Google Play Store page links to Apple's user agreement instead of their own. Huh? All that plus three dings from us and creepy content upfront means *Privacy (definitely) Not Included with CrushOn.AI.

Wat kan er gebeuren als er iets misgaat?

That head spinning feeling we got from doing a little digging into CrushOn? A deeper dive did not help. CrushOn'sp Privacy Policy shows they collect some really sensitive data -- including information about your mental and physical health -- and can share it or use it for their own business and commercial purposes. When they're not giving it away, we’re worried your data could be breached since we can't confirm CrushOn meets our Minimum Security Standards.

Another thing: CrushOn’s chatbots seem like they're set up to violate the app’s terms and community standards. So we can’t help but wonder who will be held responsible if your conversation goes into “forbidden territory”... Seems like it might be on you. So though making up your own character and striking up a conversation with them sounds like a cool idea, we cannot recommend it -- CrushOn.AI likely comes with *Privacy Not Included.

Here's something we think all users should know before they fire up CrushOn. It looks like there's a huge gap between the fine print of the Community Guidelines and Terms of Use and what seems to be really going on on the app and website. On the first page of their NSFW AI chat partners on its website, CrushOn shows characters with images and descriptions that suggest *disturbing things*. But many of those *disturbing things* are explicitly against CrushOn’s community guidelines. And then when you open a chat, there’s a little disclaimer that says “Everything AI says is made up! Please follow your local laws. You are not allowed to chat about underage, suicide, or criminal topics.” But right below that there’s a character intro paragraph that sometimes includes descriptions of those off-limits topics right off the bat. It's confusing, feels misleading, and, coupled with the mouse-trap maze of real and fake websites associated with CrushOn, makes us question whether this service can be trusted with sensitive information at all.

And that's worrisome because CrushOn can collect a LOT of sensitive personal information about you. Aside from account information like your contact and financial information, CrushOn can collect audio and visual data (like voicemails and other recordings), information about your device or browser (like IP address), location data, and identity data (like your race, ethnicity, age, and gender) and biometric data (like images of your face, keystroke patterns, and recordings of your voice). Yikes! CrushOn can also collect a surprising amount of health data. Really. "Health data" is mentioned 23 times in the privacy policy. That information can include "Individual health conditions, treatment, diseases, or diagnosis; Social, psychological, behavioral, and medical interventions; Use of prescribed medication; Gender-affirming care information; Reproductive or sexual health information;" and more. What on earth? At this rate, CrushOn could know more about you than your real life loved ones.

How do they even get that information? Let us count the ways. The privacy policy lists chats and character creation as a source of personal and health information. It also says both can be used to “train AI models” and for that vague catch all, “Business Purposes”. We do not like the sound of that. CrushOn can also collect personal data automatically from your device and from third parties (like social media and service providers). And CrushOn can use all those kinds of personal information for “Commercial Purposes'' which includes ads and marketing according to the privacy policy. Wow! It’s weird that CrushOn’s privacy policy seems to understand that your NSFW chats might have really sensitive information in them but doesn't seem to treat that data differently in any way. That’s a bold move, CrushOn. Oh and did we mention that CrushOn can “create and infer” data about you, based on what else they know about you? Those can be used for “Commercial Purposes” and “Business Purposes” too.

Not gonna lie, this all painting a really bad picture for the privacy of CrushOn. But we also have some security concerns. We can't determine whether any of this super sensitive information is encrypted and whether CrushOn has a way of managing security vulnerabilities. That’s scary because it means there’s a much bigger risk that your information could be leaked by mistake or breached by bad actors. And on the topic of other parties getting access to your data, CrushOn also says they can share your personal information (potentially including that health information!) with third parties (like vendors, service providers, and for “Legal Disclosure”) and with affiliates (like their parent company Peekaboo Tech Inc. also Peekaboo Tech Ltd. and Peekaboo Game Ltd.). That’s a heck of a lot of potential privacy problems!

All this opens up a can of worries. We're worried (just like CrushOn seems to be) that humans could take the disturbing things the chatbots might say to heart. And we're worried about what the chatbots might say in the first place -- especially to minors. Which brings us to another worry. Yes the privacy policy says users have to be over 18, but all users have to do to "prove" they are is check a box. And like we mentioned earlier, we're worried about who will be left holding the bag if your chat goes off the rails from what's technically allowed by the Community Guidelines (which you implicitly agree to as part of the Terms of Use). Because, the thing is, even though the terms say that you give CrushOn permission to use (or "reproduce, distribute, prepare derivative works of, display, publish, broadcast, perform, make, use, import, offer to sell, sell...") the content you submit, ultimately you are still "solely responsible for Your own User Submissions and the consequences of posting or publishing them".

And "CrushOn will fully cooperate with any law enforcement authorities or court order requesting or directing CrushOn to disclose the identity of anyone violating these [terms of use].". There is also a lot of talk in those terms about CrushOn not being legally responsible if anything bad happens as a result of you using the service. Specifically, it says "IN NO EVENT SHALL THE CRUSHON PARTIES, APPLE, OR GOOGLE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER RESULTING FROM THE SERVICE". And that, well, yeah that worries us too because sometimes bad things do happen as a result of romantic AI chatbot conversations.

What's the worst that could happen with CrushOn? We're worried that the DIY-nature of the CrushOn's romantic AI chatbots might encourage users to let their freak flags fly --- which, don't get us wrong, there is absolutely nothing wrong with that. Our concern is that in the course of flying your lovely freak flag, you could reveal very personal and vulnerable information to a company we're concerned doesn't have the best privacy, security, and AI transparency practices. Meaning, all those chats you had with Pyramid Head Guy that detail your desire to raid King Tut's Tomb naked could be used against you, either because it gets leaked by mistake or shared for marketing purposes. We're not sure you want to see those ads.

Tips om uzelf te beschermen

  • Do not say anything containing sensitive information in your conversation with your AI partner.
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
  • Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
  • Do not share sensitive data through the app.
  • Do not give access to your photos and video or camera.
  • Do not log in using third-party accounts.
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
  • Do not say anything containing sensitive information in your conversation with AI partner.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (ex. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Kan het me bespioneren? informatie

Camera

Apparaat: Niet beschikbaar

App: Nee

Microfoon

Apparaat: Niet beschikbaar

App: Nee

Volgt locatie

Apparaat: Niet beschikbaar

App: Ja

Wat is er nodig om u aan te melden?

Google, Apple and Discord sign-up available

Welke gegevens verzamelt het bedrijf?

Hoe gebruikt het bedrijf deze gegevens?

We ding this product as it may collect extensive amount of health data and other highly sensitive data, and share it; also as it allows third party data controllers get access to your personal information for advertisement purposes, and s it uses your user content and identity data on social media platforms.

Privacy policy

"We may use Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes. We do not sell or “share” Payment Data or Health Data or use it for Business Purposes not permitted under applicable law."

"To provide our Service, we may collect and use information that is defined as personal information under applicable privacy laws <...> We collect and use the following categories of Personal Information (note, specific Personal Information elements are examples and may change):
<...>
Consumer Health Data - Personal information linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status as defined under the Washington My Health My Data Act and other Consumer Health Data Privacy laws. <...>"

"We and certain third parties use Personal Information to further our commercial or economic interests <...> depending on the context of collection and your rights and choices.

Online Marketing - we may engage in online advertising on our Service <...> to increase engagement on our platform and help more people discover the ultimate AI crush experience. This form of advertising involves various parties and services providers, including third party data controllers, engaged in the use of Personal Information to deliver and tailor ads you see.

These parties may collect Personal Information such as unique IDs, IP addresses, device information, OS/browser type, and other similar data, as well as information about the ads you see and view, to develop and assess aspects of a profile about you to deliver more relevant advertisements and offers, to determine whether and how ads you see are effective, and to enable and assess advertisements you see from us on other sites. These third parties may augment your profile with demographic and other preferences data derived from these observations, and may also track whether you view, interact with, and how often you have seen an ad, or whether you complete a purchase for a good or service you were shown in an advertisement. These parties may be able to identify you across sites, devices, and over time. You can control how these third parties use your data, and the ads you see on these platforms, using the tools described in the your Rights and Choices section below.
<...>
Marketing Communications - We may send you marketing and promotional communications pursuant to applicable laws. These communications may be personalized based on your user profile."

"We use Identity Data, Contact Data, and User Content you post or with which you interact (e.g. comments and social media posts, etc.) on social media platforms, such as TikTok, Reddit, Discord, Twitter, and Telegram.

We use this Personal Information for our Business Purposes and Commercial Purposes.

Posts may be public, or reposted on our Service. Content you provide may be publicly-available when you post it on our Service, or in some cases, if you reference, engage, or tag our official social media accounts on social media platforms."

CONSUMER HEALTH DATA PRIVACY POLICY

"We collect Consumer Health Data from various sources, which include: from you; collected automatically; from service providers; from social media platforms; and data we create and infer."

CrushOn uses sensitive health data "to facilitate your chat experience, monitor your chat for safety and appropriate content, and for our Business Purposes. We may use User Content from character chats to train our AI models."

"We may share the following categories of Consumer Health Data with third parties and specific affiliates:

Individual health conditions, treatment, diseases, or diagnosis;
Social, psychological, behavioral, and medical interventions;
Use of prescribed medication;
Gender-affirming care information;
Reproductive or sexual health information;
Data that identifies a consumer seeking “health care services” as defined under Washington’s My Health My Data Act, also referred to as “Identity Data;”
Any information that we or our respective processor, uses to associate or identify you with data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning), also referred to as “Inference Data;” and
Biometric Data as defined under the MHMDA."

"We may share Consumer Health Data with the following categories of third-party recipients: Vendors and Service Providers; Legal Disclosure."

"We may share Consumer Health Data with the following Affiliates: Peekaboo Tech Ltd., Peekaboo Tech Inc., Peekaboo Game Ltd.."

Data Trackers Found
We discovered 45 trackers within 1 minute of use, including sending data to Doubleclick (marketing tracker).

Hoe kunt u uw gegevens beheren?

Not all users can exercise their data subject rights.

Privacy policy

"Applicable law may grant you rights in your Personal Information. These rights vary based on your location and state/country of residence and may be limited by or subject to our own rights in your Personal Information. You may submit requests to exercise rights you may have by contacting us at [email protected].

Note: we are able to fulfill rights requests regarding Personal Information that we control or use. We may not have access to or control over Personal Information controlled by third parties. Please contact the third party directly to exercise your rights in third party-controlled information."

"Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

Right to Confirm/Access/Know - Up to twice annually, you have the right to (a) confirm whether we are collecting, sharing, or selling your Consumer Health Data"

Right to Delete - You have the right to request deletion of the Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties."

"We retain Personal Information for so long as it is reasonably necessary to achieve the relevant purposes described in this Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of use. We generally consider the following factors when we determine how long to retain data (without limitation):

Retention periods established under applicable law;
Industry best practices;
Whether the purpose of use is reasonably likely to justify further use;
Risks to individual privacy in continued use;
Applicable data protection impact assessments;
IT systems design considerations/limitations; and
The costs associated with continued use, retention, and deletion.

We will review retention periods periodically and may pseudonymized or anonymize data held for longer periods."

"Other Use of Personal Information - If we use Personal Information in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it."

Hoe staat het bedrijf bekend als het gaat om het beschermen van gebruikersgegevens?

Gemiddeld

No known data breaches discovered in the last three years.

Privacyinformatie voor kinderen

"Although we want as many people as possible to discover the ultimate AI crush experience, you must be at least 18 years old to use crushon.ai.

Crushon does not knowingly collect any Personal Information about or market to children, minors, or anyone under the age of 18. If we become aware that a child, minor, or anyone under the age of 18 has registered with us and/or provided us with Personal Information, we will take steps to terminate that person’s registration and promptly delete any such Personal Information if required by law."

Kan dit product offline worden gebruikt?

Nee

Gebruikersvriendelijke privacy-informatie?

Nee

Koppelingen naar privacy-informatie

Voldoet dit product aan onze minimale beveiligingsnormen? informatie

Nee

Versleuteling

Kan niet bepalen

We cannot confirm encryption at rest and in transit for this app.

Sterk wachtwoord

Niet beschikbaar

Beveiligingsupdates

Ja

Beheert kwetsbaarheden

Kan niet bepalen

Privacybeleid

Ja

Gebruikt het product AI? informatie

Ja

We cannot confirm if the AI used by this product is trustworthy, because there is little or no public information on how the AI works and what user controls exist to make the product safe. We also found disturbing themes in the app's content. In addition, we are concerned about the potential for user manipulation from this app as the app collects sensitive personal information, can use that data to train to AI models, and users have little to no control over those AI algorithms.

Users can create their own chatbots or interact with those created by other users/creators of the app. The platform has lots of harmful content, which is easily accessible.

Is deze AI onbetrouwbaar?

Ja

Wat voor soort beslissingen neemt de AI over u of voor u?

Is het bedrijf transparant over hoe de AI werkt?

Nee

We found no documentation or policies that explain how this product's AI works.

Heeft de gebruiker controle over de AI-functies?

Nee

At the moment of writing this review, CrushOn.AI used the web page chai-ai.app to invite people enter CrushOn. Under FAQ it reads “Is Chai AI safe? Chai AI strives to provide a safe and enjoyable experience for users, but like any online platform, users should remain vigilant and use it responsibly.” However, the content of CrushOn includes themes including underage topics, sexual, emotional and physical abuse, and other potentially disturbing topics.
*Privacy niet inbegrepen

Dieper duiken

  • 5 Things You Must Not Share With AI Chatbots
    Make Use Of Koppeling opent in een nieuw tabblad
  • AI girlfriends are ruining an entire generation of men
    The Hill Koppeling opent in een nieuw tabblad
  • ‘Cyber-Heartbreak’ and Privacy Risks: The Perils of Dating an AI
    Rolling Stone Koppeling opent in een nieuw tabblad
  • AI-Human Romances Are Flourishing—And This Is Just the Beginning
    Time Koppeling opent in een nieuw tabblad

Opmerkingen

Hebt u een opmerking? Laat het ons weten.