Kin

Is Truly Private Check-In Possible?

A

AJ, Founder @ JouleWorx

May 7, 2026·9 Minute Read

The question I kept asking myself while building Kin, and why the answer is more complicated than it sounds.

TL;DR: Most safety apps solve a safety problem by handing you a surveillance one. Four mechanics create that feeling. Continuous streams, asymmetric visibility, punished silence, permanent records. None are accidental. They are design choices made in service of a data business. Building against them is possible. It is also the hardest product decision you make repeatedly.

I've been sitting with this question for a while. Not as a thought experiment, but as a design constraint.

When I started building Kin, I kept describing it as a "privacy-first check-in app." People nodded. It sounded right. But one evening I asked myself the harder version of the question: is that actually possible? Can you build something that helps people stay safe without creating the infrastructure for surveillance? Or is that a contradiction baked into the idea itself?

I don't think it is. But the answer is more nuanced than most safety apps, including the well-intentioned ones, are willing to admit.

The Feeling Has a Name

Most of us have felt it. You open a location-sharing app and you can see someone's exact coordinates, their battery percentage, when they last moved, and whether they're at home or in transit. It's useful. It's also unsettling, even when you're the one being watched, even when you chose to be watched.

That feeling isn't irrational. It's a signal.

What you're experiencing is the difference between being safe and being observed. They're not the same thing. One is about your wellbeing. The other is about data: who holds it, when they can access it, and whether your silence is treated as information. The big safety apps conflate these two things by design, because if observation is the product, conflation is the business model.

Where the Surveillance Feeling Actually Comes From

I spent a long time trying to identify exactly what triggers it. It isn't any single feature. It's four mechanics working together, and each one compounds the others.

The first is the continuous stream. You are being watched even when nothing is wrong. The app doesn't wait for you to need help; it collects your location constantly, just in case. The cost of that "just in case" is that you're never not being tracked.[1]

The second is asymmetric visibility. The person watching can look at any time. The person being watched has no control over when that happens. This is the structural dynamic of surveillance: not the content, but the power imbalance.[2]

The third is what I'd call punished silence, and it bothers me more than the others. In most safety apps, if you don't respond, something escalates: an alert fires, your location is auto-shared, someone is notified. Silence is treated as a problem. But silence isn't distress. Sometimes people just don't want to respond. Building a consequence into non-response is coercive by design.

The fourth is permanent records. Your location history exists somewhere on a server, often in a jurisdiction you've never thought about, as a log of where you've been. That log can be sold, subpoenaed, or leaked.[3][4][5]

None of these are necessary for safety. They're choices, made in service of a data business rather than a safety mission.

The Honest Tension

Here's where I have to be fair to the harder question.

You can design an app that avoids all four of those mechanics. That's what I'm trying to do with Kin. No background tracking. No continuous stream. No auto-escalation on silence. No location logs.

But the technology being private doesn't fully solve the problem. Because the surveillance feeling doesn't only come from the app. It also comes from the relationship. A controlling partner or an anxious parent can use even the most restrained check-in system as a tool for pressure. The app can't fix a power imbalance between people. No code can.[6][7]

What the app can do is refuse to be complicit in it. That's a real distinction.

What "Private" Actually Means in This Context

The word "private" gets applied too loosely to safety tech. It usually means one of two things: the data is encrypted, so third parties can't read it, or the company doesn't sell your data, so you're not the product. Both matter. Neither is sufficient.

The more useful definition, the one I'm designing toward, is this: privacy is consent and control over information flow. Not zero information. Consented, intentional, ephemeral information.[8]

Think about what happens when you call someone to say you landed safely. That's not a privacy violation. They now know where you are. But you chose to share it, they can't access that information at any other time, it doesn't persist anywhere, and no third party was in the room.

Kin is trying to be the digital equivalent of that phone call. A signal you choose to send, to people you've chosen to trust, that disappears after it's received. The content of your check-in is encrypted end-to-end and purged once delivered. Minimal routing data, like sender, recipient, and timestamp, is held briefly for delivery, then deleted. Not zero information, but consented, bounded, intentional information.

Kin uses your phone number for sign-up, the same way Signal, WhatsApp, and Telegram do, to confirm you're a real person and prevent spam. The number is verified through a standard auth provider; we don't store it in our own database, we don't link it to your check-ins, and it isn't shared.

That's a completely different thing from surveillance. The distinction just requires you to build it in from the start, not bolt it on as a privacy policy after the architecture is already extractive.

Why This Is Actually Hard to Build

The honest answer is that most apps don't make these choices because the opposite choices are easier, technically and commercially.

Continuous location streams are simpler to implement than event-driven signals. Background data collection is cheaper than building explicit consent flows. Location history is valuable to advertisers. Escalation-on-silence creates engagement that keeps people opening the app.[9]

Every surveillance mechanic I described above is also a growth mechanic. That's why they're so common. Not because the founders were malicious, but because the incentives pointed in one direction and nobody pushed back hard enough.

Building against those incentives, and staying there as the product scales, is a daily decision, not a one-time architecture choice. The pressure to add just one more feature (read receipts, location history, push-on-silence) will be constant. Staying minimal is the hardest product decision you make repeatedly.

So, Is It Possible?

Yes. But only if you're willing to accept what you're giving up.

You're giving up the convenience of always knowing. You're giving up the data exhaust that makes the business model easy. You're giving up the engagement loops that keep users coming back involuntarily.

What you're left with is something that only works if people want to use it. A tool that earns presence rather than harvesting it. Something people pick up because they feel like it, because they want to reach out, because they care about someone and want them to know it, not because an algorithm decided it was time.

That's a harder product to build. It's also the only version I'm interested in making.

Early Access

Kin is in early access.

If this is a feeling you recognize, we'd love to have you with us from the beginning.

Sources

1. Scientific American: "How GPS Tracking of Teens 24/7 Impacts Parent-Child Relationships" (June 2023): A peer-reviewed study of 729 adolescents found approximately half of parents use digital location tracking apps. Experts note that continuous location monitoring creates a false sense of security and can hinder parent-child trust; watching a dot on a map changes the shape of worry rather than resolving it. Supports the continuous stream mechanic.

2. Lightfoot & Wisniewski (2014), "Information Asymmetry and Power in a Surveillance Society", Information and Organization, 24(4), 214–235: Peer-reviewed paper establishing that surveillance is structurally defined by asymmetric visibility: the subject of the gaze is disadvantaged and often unaware of when they are being watched, creating an inherent power imbalance regardless of intent. Directly supports the asymmetric visibility section.

3. The Markup: "The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users" (December 6, 2021): Investigation revealing Life360 was selling precise location data, including data on children and families, to approximately a dozen data brokers. Directly supports the permanent records and data-as-business-model argument. Note: In response to this reporting, Life360 announced on 27 January 2022 that it would phase out precise-location data deals (2022 follow-up). As of August 2025, The Capitol Forum reported Life360 had transitioned to selling audience segments via LiveRamp's Data Marketplace. The underlying business model critique remains applicable; cite with date context.

4. Electronic Frontier Foundation: "How Law Enforcement Around the Country Buys Cell Phone Location Data Wholesale" (August 2022): Documents how law enforcement agencies purchased location data from commercial brokers without warrants. Supports the subpoenaed or leaked claim around permanent records.

5. Federal Trade Commission, enforcement actions against X-Mode Social, InMarket, and Mobilewalla (January and December 2024): The FTC's first-ever bans on the sale of precise location data, finding that location data was not anonymised and could identify individuals' precise movements including visits to medical clinics and places of worship. See also: Mobilewalla action (December 2024).

6. The Conversation: "Location-sharing apps are enabling domestic violence. But young people aren't aware of the danger" (December 2025): Summarises research on how location-sharing apps, including those marketed for safety, are being used as tools of coercive control in intimate partner relationships. Directly supports the Honest Tension section.

7. Harris & Woodlock (2019), "Digital coercive control: insights from two landmark domestic violence studies", British Journal of Criminology: Academic study examining how digital technologies including location-tracking apps are used as tools of coercive control in domestic abuse. Supports the argument that the surveillance dynamic can come from the relationship, not just the app.

8. Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life (2010, Stanford University Press): The contextual integrity framework underpinning the post's definition of privacy as consent and control over information flow. The phone call analogy maps directly to Nissenbaum's argument that privacy is about information flowing appropriately to context.

9. Nir Eyal, Hooked: How to Build Habit-Forming Products (2014, Portfolio/Penguin): The standard framework describing how engagement loops are engineered into consumer apps to drive habitual, involuntary re-engagement. Supports the claim that every surveillance mechanic is also a growth mechanic.