FamilyTracking
Every plan, always on

Your map is nobody else's business. Here's the machinery.

Location data is among the most sensitive data a family produces. This page explains — in plain language — how FamilyTracking encrypts it, who can and cannot see it, how deletion works, and the business-model choice that makes the rest credible.

Get the free app All features

The business model is the privacy policy

Start with the foundation: FamilyTracking makes money one way — subscriptions. We do not sell location data, do not share it with data brokers, and run no advertising, so there is no second customer whose interests compete with yours. Every privacy promise downstream of this is credible because the incentive to break it doesn't exist in our P&L.

Free-plan families are included in that promise in full. The free tier is funded by Premium families, not by anyone's data.

Encryption, in transit and at rest

Every location fix, message and account detail travels between your phone and our servers over TLS — the same transport encryption protecting your banking. At rest on our infrastructure, data is encrypted again, with keys managed separately from the data they protect, so a stolen disk is a brick.

Access inside the company is need-to-know and audited: support staff see account metadata to help you, never your map. Routine location access by employees is not a thing that exists here.

Phone encrypts & sends Encrypted at rest Circle members only
TLS in transit, encryption at rest, a hand-built visibility list — and no second customer.

Who can see your location

Exactly the members of your Circles — the people you invited or whose invitations you accepted — and no one else. There are no public profiles, no user search, no 'nearby' features, no analytics partners receiving coordinates. The visibility list for your location is a list you built by hand, person by person.

Within that, you keep granular control: pause sharing anytime (shown honestly as paused), per-Circle settings if you're in several, and history retention bounded by your plan — old data is permanently deleted as it ages out, not archived.

Deletion that means deletion

Delete a day of history, a date range, or your entire account from the app, and the data is removed from our production systems immediately and from rolling backups within 30 days — not soft-hidden, removed. No support ticket, no retention dark patterns, no exit interview.

We also publish what we provide under legal process (the minimum the law requires, with a preference for user notification where lawful) in our privacy policy — the legally complete version of this page. If anything here and there ever disagree, the policy governs and we've made an error worth telling us about.

Consent is the architecture

Finally, the design choice that defines the product: there is no covert mode. Every person on a map installed the app, accepted an invitation, and can see who sees them. A persistent indicator shows when sharing is active. We refuse the 'track them secretly' market entirely — not only as ethics but as engineering, because systems built on consent get to be simple, auditable and worth trusting. Tools that promise secret tracking of adults are, bluntly, stalkerware; we think families deserve better, and we built it.

What this means in practice

  • No ad ecosystem exposure. Your coordinates never feed an advertising profile — ours or anyone's.
  • No broker resale. The location-data brokerage industry simply has no pipe into this product.
  • Breach-resistant storage. Encrypted at rest with separated keys: stolen hardware yields ciphertext.
  • Teen-credible transparency. 'See exactly who sees you' is why privacy-aware teens accept the app at all.
  • A real delete button. Leave anytime and take the data with you — the door is genuinely unlocked.

Stronger together: pairings worth enabling

No FamilyTracking feature lives alone — this one gets noticeably better next to the right neighbors:

  • Private family Circles. The Circle model is the visibility layer this page's encryption protects — membership by explicit yes, isolation between groups.
  • Cross-platform support. One privacy architecture on both platforms: no 'the Android version is less private' asterisks.
  • About us. The business-model commitment behind these protections — subscriptions only, no second customer — is the company's founding story.

The bottom line

Privacy pages usually exist to be linked and unread; this one is the product's actual foundation. The summary worth retaining: your map is encrypted twice, visible to a list you built by hand, deletable for real, and never for sale — because subscriptions mean there's no second customer to serve. The consent architecture isn't a settings choice but the absence of any covert capability to misconfigure. If you evaluate family apps on one axis, make it this page and its equivalents elsewhere; everything else a locator does is downstream of whether you can trust where the data goes.

How to get our privacy protections on your phone

  1. Install FamilyTracking free from Google Play (Android 8.0+) or the App Store (iOS 14+).
  2. Create a Circle and invite your family with the code the app gives you.
  3. Nothing to enable — encryption and consent controls are always on, every plan. Review your sharing under Settings → Privacy anytime.

Full walkthrough with screenshots: download & setup guide.

Google Play App Store

FAQ

Privacy — your questions answered

Does FamilyTracking sell location data?

No — not to advertisers, not to data brokers, not 'anonymized', not ever. Subscriptions are the entire business model, which is precisely what makes the promise enforceable by incentive as well as policy.

How is my data encrypted?

TLS for everything in transit between your phone and our servers, and encryption at rest on our infrastructure with keys managed separately from the data. A stolen disk without keys is unreadable.

Can FamilyTracking employees see my family's map?

No — internal access is need-to-know and audited. Support staff work with account metadata to assist you; routine employee access to location data does not exist as a capability.

Who exactly can see my location?

The members of Circles you joined, full stop. No public profiles, no search, no nearby-users features, no third-party analytics receiving coordinates. You built the visibility list by hand.

What happens when I delete my history or account?

Immediate removal from production systems and removal from rolling backups within 30 days — actual deletion, not hiding. It's self-serve from the app, with no retention tricks.

Can someone track me secretly with this app?

No. Membership requires installing and accepting on your own device, a persistent indicator shows active sharing, and pausing displays honestly as paused. We refuse covert tracking as both an ethical and an architectural decision.

What do you hand over to law enforcement?

The minimum lawful process requires, with a preference for notifying users where legally permitted. Specifics live in the privacy policy, which is the governing document.

Is the free plan's privacy worse?

No — encryption, consent architecture, no-sale policy and deletion rights are identical on every plan. Free families are funded by Premium subscriptions, not by data.

Do you use my data to train AI or for analytics?

Location data is not used for advertising or sold for any purpose. Aggregated, non-identifying service metrics (like crash rates of the app itself) inform engineering; your family's map is not a dataset we mine.

Where can I read the full legal version?

The privacy policy covers retention schedules, legal process, regional rights (GDPR and similar) and definitions. This page is the honest summary; that one is the contract.

Has FamilyTracking been independently audited?

[Replace with your real status: e.g., annual third-party penetration testing and a published summary, or a roadmap commitment.] We also run a responsible-disclosure program at security@familytracking.app.

What's your data-breach commitment?

Notification to affected users and authorities within statutory windows (72 hours under GDPR), in plain language, with what was affected and what we're doing — the policy details the procedure.

Trust is the feature everything else runs on

Encryption and consent are on for every plan, every Circle, always. Read the policy, then draw your map.

Download FamilyTracking Next feature: live location tracking →