arrow_back Blog
product

Why We Don't Track Location: Our Privacy Promise

By I'm Okay Team ·

Most family-safety apps track location. We don’t.

This is a deliberate choice, and it shapes almost everything else about how I’m Okay works. We get asked about it constantly — by users, by reviewers, by would-be acquirers — so this is the long answer.

The promise

I’m Okay collects two things:

  1. The email addresses of contacts you explicitly add (so we can notify them if you miss a check-in)
  2. Timestamps of your check-ins

That’s the full list. Notably absent: anything about you personally. I’m Okay has no sign-up — no email, no password, no account. The app identifies you with an anonymous, per-device identifier. We don’t know your name. We don’t have your email. We can’t, on our own, link your check-ins to a real-world identity.

We don’t collect:

  • Your location, ever
  • Your health data
  • Your phone’s accelerometer, gyroscope, or sensor data
  • Your contacts beyond the 1–3 you explicitly add
  • Your browsing history or app usage
  • Your photos, microphone, or camera
  • Any “behavior analytics” or “patterns of use”

If a feature would require us to start collecting something on this list, we won’t build it.

Why this matters

There are three reasons we made the no-data-collection choice, in roughly the order they came up during design.

1. Surveillance changes the relationship

A daily check-in app sits in a sensitive emotional space: between an aging parent and an adult child. The whole point of the app is to relieve anxiety on both sides — the parent’s “I want to be independent” anxiety and the child’s “I want to know they’re okay” anxiety.

The moment the app starts collecting more than the minimum, that emotional balance tips. The parent feels watched. The child has more data to obsessively interpret. The app, instead of providing relief, becomes a new source of unease.

A check-in app should make the relationship easier, not more surveilled. That’s only possible if the app collects almost nothing.

2. Data you don’t have can’t be misused

Every byte of data a company collects is a future liability. Breaches happen. Acquisitions happen. Subpoenas happen. Internal mistakes happen.

A 2022 study by IBM and Ponemon found the average cost of a data breach was $4.35M. That number is going up. And cost to the company isn’t the only metric — for users, the cost of having their movements, health data, and routines exposed in a breach is genuinely bad.

The simplest defense is: don’t collect it in the first place. We can’t lose what we don’t have. We can’t be subpoenaed for what we don’t have. We can’t be tempted to monetize what we don’t have.

3. We don’t want the business model that requires data

Once a company collects user data at scale, the gravitational pull toward monetizing it is enormous. Even companies that started with good intentions tend to drift. Location data, in particular, is hugely valuable to advertisers, retailers, and data brokers.

We don’t want to be in that business. We want to be a small, focused product with a sustainable subscription model: users who want advanced features can subscribe via the App Store at a low monthly rate (current pricing on the App Store), we provide a useful service, we own no surveillance machinery, we owe no advertisers anything.

This is only possible if we never start collecting the data in the first place.

What we lose by not tracking location

The trade-off is real. Without location data, I’m Okay can’t:

  • Tell you whether your parent is home or out
  • Detect if they’ve left an unusual area
  • Confirm they made it to the doctor’s appointment
  • Notify you if they’ve been at a hospital for an hour

If you genuinely need those features, Life360 and similar apps exist and they do them well. We’re not trying to be them.

What I’m Okay does instead is answer the simplest version of “is my parent okay today?” — using one daily tap as a yes/no signal. That’s a much smaller question than “where is my parent right now?”, but it turns out to be the one most families actually want answered.

What about “fall detection” and similar features?

We’ve been asked to add fall detection, sleep tracking, heart rate monitoring, and other sensor-based features. We’ve declined all of them.

Reasoning:

  • Fall detection requires accelerometer data, which means continuous background processing and potentially false positives that erode trust in the entire system.
  • Sleep tracking requires the user to wear something to bed, which is a step most independent seniors won’t take consistently.
  • Heart rate monitoring duplicates what an Apple Watch does for users who want it, and adds zero value on a phone where you can’t actually measure heart rate accurately.

These features sound good in marketing copy and rarely deliver in practice. They also require more data collection, more battery use, more sensors — exactly the things we’re trying to avoid.

If you want fall detection, the Apple Watch is excellent. If you want sleep tracking, dedicated sleep apps exist. I’m Okay stays focused on the one thing it does well: the daily check-in.

What about analytics? Don’t you need to know how people use the app?

A little. We use minimal Apple-provided analytics (anonymous, aggregated, opt-out) to understand things like crash rates and which OS versions to support. We don’t use Google Analytics, Mixpanel, Amplitude, Facebook SDK, or any third-party analytics tools in the app.

The marketing website (this site) does use Google Analytics 4 for traffic measurement, because we need to understand what content is useful. We’ve configured it to not collect IP addresses or any identifying data beyond standard aggregated metrics.

This is the bare minimum to operate. We treat it as a debt — useful for now, candidate for removal later.

Our “Just in Case” feature is the opposite of surveillance

If you’ve used I’m Okay’s Just in Case feature, you might wonder how it squares with our privacy stance.

Just in Case lets you write a private message that’s sent to your trusted contact only if you stop checking in for an extended period (2, 3, or 5 missed days, your choice). It’s an opt-in, user-written message — like a sealed letter that opens itself only under a specific condition.

This is the opposite of surveillance:

  • The message is yours, written by you, never read by us.
  • It’s encrypted at rest.
  • The trigger condition is set by you.
  • You’re notified before any message is ever sent (so you can cancel if you’re just on vacation).

This kind of feature is only possible when we’re not also doing background surveillance — there’s no tension because we never started.

How we handle the data we do have

The two things we store (contacts’ emails, check-in timestamps) are:

  • Encrypted in transit (HTTPS for all API calls)
  • Encrypted at rest (database-level encryption on our backend)
  • Never sold or shared with third parties for any purpose
  • Deleted on request within 30 days of a data-deletion request (no account to close, since there’s no account in the first place)
  • Not used for advertising (we don’t run ads)

The data is processed on cloud infrastructure (AWS in this case) which means our hosting provider has theoretical access — same as any modern web service. We don’t view this as ideal, but it’s a pragmatic compromise. The data is minimal enough that even if our entire database leaked, the practical harm would be limited to spam to your contacts’ email addresses.

What we hope this changes

We’re a small product. We don’t expect to single-handedly shift the family-safety category. But we do want to demonstrate something to other builders in this space:

You can build a useful family-safety product without collecting location, health, or behavior data. You can sustain it on a small subscription. You can ship it without a venture-backed surveillance business model.

Whether or not other companies follow, this is the product we want to use ourselves — and what we hope our parents would use too.

Frequently asked questions

Can you prove you’re not collecting location data? Not in the absolute sense — you’d need to audit our codebase and infrastructure. But you can check: I’m Okay doesn’t request the iOS Location permission. iOS itself enforces that an app cannot access location without the permission popup. If we wanted to start tracking location, we’d have to ask for permission in a visible OS-level dialog. So at minimum: until you see that dialog, you can be confident location data is not flowing.

What if someone subpoenas you? We’d comply with a valid legal request, as any US-based company must. But what we can hand over is limited to the data we have: email addresses and check-in timestamps. We have no location history, no contacts list (beyond the 1–3 you explicitly added), no message content (the Just in Case message is encrypted and we don’t store it in plaintext).

Will you ever add tracking features? No. The no-tracking stance is in our Terms of Service and we’d consider it a material change to the product if we ever wanted to depart from it. If you ever see I’m Okay adding location, health, or behavior tracking, you should treat it as a different product.

What if you’re acquired? The same data-minimization commitment would need to carry over. We’ve structured this as a non-negotiable part of the product, not a marketing claim. Practically, since we don’t have any of that data, an acquirer would have nothing to monetize even if they wanted to.

Don’t most users want more features? Some do. We’ve made peace with not being for them. There’s a real market for surveillance-heavy family apps and they’re well-funded. We’re targeting the much smaller (but real) audience of users — and families — who want the opposite.

We believe privacy isn’t a feature you bolt on. It’s a starting constraint that shapes everything else. I’m Okay is what a daily check-in app looks like when privacy is the constraint that comes first.

If that resonates, we’d love you to try it — free for 1 contact, no GPS, no monitoring.

#privacy#design philosophy#data minimalism

Related articles