When you tap “share location” in most family apps, your phone sends your latitude, longitude, address, and a handful of identifying details to a server. That server stores it. Sometimes it sells it. (See our story for how we found out.)
VeraMap doesn’t work that way, and not because we promised it wouldn’t. Because the math won’t let it.
The shape of one location update
When your phone sends a location update to our server, it looks like this:
uid: a3f8…c12d
ts: 1748921847
payload: T6q+Kkm6uuwZuq8mLSjiV97yKr99jFASmoC98aExmFx…That’s it. The payload is encrypted on your phone using a key that lives only on
your phone and your loop members’ phones. We don’t have the key. We can’t decrypt
the payload. We can’t read your location.
What we deliberately keep in plain text
Two fields: battery percentage and a “critical battery” flag. We need those in plain text so we can fire a “low battery — they may go dark soon” alert to your loop without having to decrypt anything. Nothing else.
What this means in practice
- No address. We don’t know where you are.
- No movement history. We can’t reconstruct where you’ve been.
- No patterns. We can’t tell you visit a doctor every Tuesday.
- Nothing to sell. There’s no product here for a data broker.
- Nothing to steal. A breach of our database hands an attacker random bytes.
The trade-off: server-side filtering, geofencing, and distance-based dedupe are impossible. We don’t think that’s a trade-off — we think that’s the point.
The full picture of what we collect (and what we cannot) is in our Privacy Policy.