Effective date: May 30, 2026 · Last updated: June 12, 2026
The short version
Kymber is built to share your location only when you decide to — never silently, never in the background. We don't track your movements or keep a continuous trail of where you've been.
When you share live, your location streams to your chosen contacts only while that session is active, and that live stream is deleted when the session ends. The individual points you choose to send — a one-time location ping, the final point of a share, or a point attached to a letter — are kept for a limited time so they stay viewable in your history, then deleted automatically.
Kymber also lets you send short letters and meet-up plans to your trusted contacts. We store that content only to deliver it, and it is removed when it self-destructs, expires, is deleted, or after a short backstop period — whichever comes first.
We use anonymous sign-in, so you don't create an account or password. (You can optionally turn on backup with Google Sign-In so your account can be recovered on a new phone — nothing is backed up unless you explicitly choose otherwise.) We don't sell your data, we don't show ads, and we don't track you over time. This page explains exactly what Kymber collects, why, and how to delete it.
Who we are
This Privacy Policy describes how the Kymber mobile application ("Kymber," "we," "us") handles your information. Kymber is a privacy-first location-sharing and safety app that lets you share your live location with trusted contacts you choose — triggered by you calling a trusted contact from within Kymber, an in-app request, an SOS broadcast, a meet-up you arrange, or a short letter you send.
Kymber is operated by Todd Eastland. If you have questions about this policy or your data, contact us at theast.qa@gmail.com.
What we collect
Information you provide
Your display name — the name shown to your trusted contacts. When you reach out to someone first (a request, ping, meet-up invite, or letter), your name — and your phone number, so they can recognize and add you back — may be shown to that person even if they haven't added you yet. You are choosing to identify yourself by reaching out.
Your phone number — used so your trusted contacts can recognize and match with you. We do not verify your phone number, and we do not use it to send you SMS messages.
Your trusted contacts — the names and phone numbers you enter for the people you want to share with. Kymber does not read your device's address book; you add contacts yourself. If you use the optional "choose from contacts" picker, Android returns only the single contact you tap (name and number) — Kymber never scans or uploads your address book and does not request the READ_CONTACTS permission.
Letters, meet-up details, and reactions — the optional message text, titles, meeting place labels, notes, and emoji reactions you choose to send. See Letters, meet-ups & user content.
Location data
Live location during a share — collected only while a live share is active that you have started or accepted: a sharing session, an SOS, a meet-up live-share, or a live location you chose to attach to an "I'm on my way" letter. It is streamed live to the contacts in that session, and the live stream is deleted when the session ends. We do not store the continuous path you traveled. See How location works below.
Individual location points you send — when you send a one-time location ping, attach your location to a letter, or when a live share ends, Kymber stores a single location point (a snapshot, not a path) so it stays viewable in your history or in the letter you sent. These points are kept only for a limited time and then deleted automatically — see Retention & deletion.
Information collected automatically
Push notification token — a token from Firebase Cloud Messaging so we can notify you of incoming share requests, shared locations, meet-up activity, letters, and SOS alerts.
Basic technical data — our backend provider (Google Firebase) processes standard technical information such as IP address and device/connection data to operate the service and keep it secure.
Purchase status — whether you have made an optional purchase (such as the unlimited-contacts upgrade), so we can enable the right features. Payments are handled by Google Play (see Payments).
How location works Privacy-first
Location is the heart of Kymber, so we want to be precise about it:
Only when you act. Kymber accesses your precise location only during a sharing session, SOS, or meet-up that you start or accept, when you send a one-time location ping or attach your location to a letter, or when you choose to share live location with an "I'm on my way" letter (which runs and stops like any other live share). There is no background or continuous location tracking, and Kymber does not request the "all the time" background-location permission.
No movement trail. We never store a continuous record of where you've been. During a live share, your coordinates are streamed to your chosen contacts in real time and the live stream is deleted when the session ends.
SOS responders. If you tap "I'm on my way" to someone's SOS, you may choose to share your own live location back to the person in distress so they can see how close help is. That reverse stream works just like any other live share — it runs only while the SOS is active, you can stop it at any time, and it is deleted when the SOS ends.
Some single points are stored, briefly. A location ping, a point attached to a letter, and the final point of an ended share are saved as single snapshots — not paths — so the recipient and your own history can display them.
Limited retention. Ping points are deleted automatically after 30 days. A share's final point is kept with your share history and removed when you delete your data, or after 90 days — whichever comes first. A point attached to a letter is removed with that letter (see Retention & deletion).
Shared locations are never turned into addresses. Kymber does not convert the locations you share into street addresses. When you tap to open a location in maps, the coordinates are handed to your device's maps app, which performs any lookup. One narrow exception exists when you arrange a meet-up: if you paste or type a street address or place name to position the meeting pin, that text is sent to our server and forwarded to Google's Geocoding service solely to find the spot on the map. We do not store the text you typed — only the resulting pin, and the place label you wrote yourself, are saved with the meet-up. (Coordinates, Plus Codes, and map links are resolved on your device and never reach our servers.)
Last-viewed cache stays on your device. The most recently viewed location may be cached on your phone for convenience. That on-device cache is separate from the stored points above and is not uploaded to us.
Letters, meet-ups & user content You're in control
Beyond location, Kymber lets you send a few kinds of short, optional content to the trusted contacts you choose. This content is sent only to the specific people you select — Kymber has no public feeds, profiles, groups, or strangers.
Letters ("Envelopes"). You can send a contact a short letter — an optional title and message, in a color you pick, with options to send it anonymously, to keep the content off the lock-screen notification, to have it self-destruct when it's opened, or to have it expire on its own after a time you choose. A letter's content is stored on our backend only to deliver it to the recipient; the notification itself never carries the message body. The recipient can read, delete, or keep a copy of a letter; you can optionally keep a copy in your own history and be told once when it has been opened. Some quick responses (like "I'm on my way!") let you optionally include your live location, which works like any other live share — you can stop it at any time.
Meet-ups. When you arrange a meet-up, the meeting place (a label and/or coordinates you provide), the time, and any note you add are shared with the contacts you invite, along with each person's response (accepting, declining, "on my way," or "running late").
Reactions. You can respond to a location ping with a single emoji, which is shown to the person who sent it.
Acceptable use. Because letters and meet-up notes are content you write, you are responsible for what you send, and you agree not to use Kymber to send unlawful, abusive, harassing, or otherwise objectionable content. You can stop receiving content from a person by declining or removing them as a contact. To report a concern about content sent to you, contact us at theast.qa@gmail.com.
How we use information
To let you share your live location with the trusted contacts you choose, when triggered by you calling a contact from within Kymber, an in-app request, an SOS, or a meet-up.
To deliver the location points you send (pings, letter attachments) and the final point of an ended share, and to keep them viewable in your history for a limited time.
To deliver the letters, meet-up plans, responses, and reactions you choose to send to the specific contacts you select.
To match in-app requests against your trusted contacts, and to show your name to a person you reach out to so they can identify and add you back.
To deliver push notifications for requests, shared locations, meet-up activity, letters, and SOS alerts.
To keep an active sharing session running reliably via a foreground service with a persistent notification.
To enable optional purchased features and verify your entitlement.
To operate, maintain, secure, and troubleshoot the service.
We do not use your information for advertising, and we do not sell or rent it.
Who we share information with
The trusted contacts you choose — when you start or accept a share, send a ping, send an SOS, arrange a meet-up, or send a letter, the relevant information (your location, name, and any content you wrote) is shared with those specific people.
Service providers — we use Google Firebase (Firestore, Realtime Database, Cloud Functions, Cloud Messaging, and Authentication — anonymous by default; Google Sign-In if you enable backup) as our backend, which processes data on our behalf. See Google's Firebase Privacy and Security information.
Google Play Billing — processes any purchases. See Payments.
Google Maps — when you open a location in maps, Google's maps app or service handles it under Google's Privacy Policy. If you paste or type an address while arranging a meet-up, that address text is forwarded to Google's Geocoding service (via our server, so the lookup is never tied to a key on your device) solely to place the meeting pin.
Legal requirements — we may disclose information if required by law or to protect safety, rights, or property.
App permissions
Kymber requests only the permissions it needs for the features above:
Precise & approximate location (while in use only)
Used to share your location during an active session, SOS, or meet-up, and to capture a point when you send a ping or attach your location to a letter. Kymber does not request background location.
Notifications
To show share requests, shared locations, meet-up activity, letters, SOS alerts, and the persistent "sharing now" notification.
Foreground service (location)
Keeps a sharing session alive while you're sharing, with a visible ongoing notification.
Optional backup & account recovery Opt-in only
By default, Kymber keeps no way to recover your account: if you lose your phone or uninstall the app, your notes, history, and contacts are gone for good. If you prefer a safety net, you can optionally turn on backup — during setup or later from the Privacy screen. Nothing described in this section happens unless you explicitly choose it.
What turning it on does. Backup links your Kymber account to your Google account using Google Sign-In. Linking stores your Google account identifier (your email address) with Firebase Authentication so you — and only you — can sign back in and recover the same account on a new phone.
What is backed up. A small copy of the keepsakes and settings that normally live only on your phone: your saved notes, letters you chose to keep a copy of, your saved meet-up templates and quick actions, your history view settings, and your theme. The app data already on our servers (your profile, contacts, and recent history) recovers automatically with your account.
What is never backed up. Your app-lock PIN never leaves your device. A Silent SOS leaves no trace anywhere, including in your backup.
How long it's kept. Your backup is kept until you turn backup off or delete your data. Turning backup off deletes the backup immediately and unlinks your Google account.
Data retention & deletion
Live location stream is deleted when the live share ends — whether it was a sharing session, an SOS, a meet-up live-share, or a live location attached to a letter.
Location pings (single points) are deleted automatically after 30 days.
A share's final location point is kept with your share history and deleted when you delete your data, or after 90 days — whichever comes first.
Letters are removed when they self-destruct on opening, when their timer expires, when the recipient deletes them, or after a backstop of 30 days — whichever comes first. A "letter opened" receipt, if you asked to be notified, is removed on the same backstop. The optional copy you keep in your own history stays on your device.
Meet-ups that are completed are kept with your history for up to 90 days; meet-ups that are active or cancelled are removed after about 7 days.
Sharing history otherwise records who you shared with and when, alongside the limited location points described above.
Your profile and contacts are retained while you use Kymber so the app can function.
Your optional backup (if you turned backup on) is kept until you turn backup off or delete your data; turning it off deletes the backup immediately and unlinks your Google account.
Deleting your data. You can delete your Kymber data at any time from within the app, on the Privacy screen, using the two-step delete option. This permanently removes your profile, contacts, sharing sessions, requests, pings, stored location points, meet-ups, letters, and SOS records from our systems. Permanent We may retain reports about possible abuse or safety violations, and limited related information, for as long as we need to review them and keep people safe. Because Kymber uses anonymous sign-in, this in-app action is the way to delete your data; there is no separate account to look up. If you enabled backup, deleting your data also deletes your backup and unlinks your Google account. If you no longer have the app installed: reinstall and recover your account (if you enabled backup), then delete from the Privacy screen — or email us at theast.qa@gmail.com from your linked Google address and we will delete your account and data for you.
Security
Data is encrypted in transit using industry-standard TLS. Access to your data is governed by server-side security rules so that only you and the contacts you share with can see a session's location or a letter you sent. Kymber never has a password of its own to be stolen or leaked: sign-in is anonymous by default, and if you enable backup, authentication is handled by Google Sign-In — your Google password is never seen or stored by Kymber. No method of transmission or storage is ever completely secure, but we work to protect your information.
Payments
Kymber may offer optional purchases, such as a one-time upgrade to add more trusted contacts. SOS and core safety features are always free, regardless of any purchase.
Purchases are processed by Google Play Billing. Kymber does not receive or store your card or payment details — Google handles payment processing under Google's Privacy Policy. We receive only your purchase/entitlement status.
Children
Kymber is not directed to children under 13 and is intended for users aged 13 and older. We do not knowingly collect information from children under 13. If you believe a child has provided us information, contact us at theast.qa@gmail.com and we will delete it.
Where your data is processed
Kymber's backend runs on Google Firebase infrastructure, with data processed and stored on servers located in the United States. By using Kymber, you understand your information may be processed in the United States, which may have data-protection laws different from those in your country.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll revise the "Last updated" date above, and significant changes may be communicated in the app. Continued use of Kymber after an update means you accept the revised policy.