ImOK Privacy Policy
Last Updated: February 10, 2026
ImOK (“the app”) is a mobile application designed to help users quickly check in on the wellbeing of friends or groups through simple, time-limited “Are you OK?” requests. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what data ImOK collects, how we use it, how we use Firebase services, and your choices regarding your data. By using ImOK, you agree to the practices described in this policy.
Data We Collect and How We Use It
We collect only the information necessary to provide and improve the ImOK service. Below is what we collect and why:
Name and Phone Number: We collect your name (as provided by you) and your phone number during registration. This information is used to create your ImOK account, allow you to log in, and let your friends or contacts know who is sending a check-in request. Your phone number is used for authentication (via a verification code sent to your device) and to uniquely identify your account in the app.
Contacts: With your explicit permission, ImOK can access your phone’s contact list. This access is solely to let you select contacts or groups to send “Are you OK?” check-in requests to. We do not upload your contacts to our servers or use them for any purpose other than showing you your contacts in-app for selection. The contacts data remains on your device and is not stored in our database once used for selecting recipients.
Check-In Requests and Responses: When you send a check-in request (e.g., asking a friend “Are you OK?”) or when you or your contacts respond to a check-in, these messages and responses are stored in the app’s database (via Firebase Cloud Firestore). We store this data so that you and the intended recipients can view the status of check-ins (for example, who has responded “I’m OK”). This check-in content is only shared with the users involved (the sender and intended recipients of the request) and is used strictly to facilitate the core functionality of ImOK. We do not use the content of your messages for any other purpose.
Biometric Authentication (Optional): ImOK supports biometric unlock (such as fingerprint or face recognition) through your device’s built-in security features for your convenience. Important: ImOK does not collect or store any biometric data. If you enable biometric login, the actual fingerprint or face data never leaves your device’s secure storage. The app simply asks the operating system to confirm your identity via the device’s biometric hardware. We receive only a yes/no confirmation that your fingerprint or face was recognized – no fingerprint images or face data are ever sent to ImOK or stored on our servers. In fact, Android’s Biometric API ensures that raw biometric data is inaccessible to apps; the app only gets a success/failure response and cannot access your actual fingerprint or face information[1].
Use of Firebase Services
ImOK relies on trusted Google Firebase services to provide its functionality. These third-party services help us with user authentication, data storage, and notifications. Here are the Firebase services we use and how we use them:
Firebase Authentication (Phone Number Sign-In): We use Firebase Authentication to verify your phone number and log you into ImOK. When you register or log in, Firebase Authentication sends a one-time SMS code to your phone to confirm your number. Firebase Authentication securely handles your login credentials (phone number and verification code) and confirms your identity on our behalf. This service is provided by Google and may collect certain information like your phone number and device/IP details to prevent abuse and verify your account[2]. We use this service solely to authenticate users and manage accounts; we do not have access to your SMS messages (other than the code you enter) and we do not use your phone number for any purpose outside of authentication and connecting you with your friends on ImOK.
Firebase Cloud Firestore (Database): ImOK uses Firebase Cloud Firestore as its cloud database to store user data and messages. This means your profile information (name and phone number) and the content of your check-in requests and responses are stored on Google’s Firebase servers (instead of locally on your phone, so that you can sync with others). We store this data in Firestore to ensure that when you send a check-in or respond, the information is reliably saved and delivered to the intended recipients. Firestore allows your data to sync across devices for you and your friends in real time. All data in Firestore is stored under our account and is protected by Firebase’s security measures (including encryption at rest and in transit). Only authorized requests from the app (by logged-in users) can read or write to the database, and each user only has access to data necessary for the app’s function (for example, your friends cannot access your data unless you have sent them a request, etc.). We do not use the Firestore database to collect any additional information beyond what you input or do in the app.
Firebase Cloud Messaging (Notifications): We use Firebase Cloud Messaging (FCM) to send push notifications so you receive real-time alerts for check-in requests and responses. For example, when someone asks “Are you OK?” or when a friend responds to your request, FCM delivers a notification to the appropriate devices. To do this, FCM uses a unique device token (an Instance ID or registration token) associated with your device/app installation. This token tells our system where to send the notification. The token is non-personal and is used only for delivering messages to your device[2]. Aside from the device token and the message content (e.g. “Your friend replied I’m OK”), no personal data is needed for notifications. Firebase Cloud Messaging ensures notifications are routed securely and efficiently. ImOK does not use FCM for anything other than sending these check-in related alerts.
All Firebase services we use are provided by Google LLC. Google acts as our service provider (or “data processor”), which means the data you provide is processed and stored by Google’s systems only to enable ImOK’s features (authentication, database storage, and messaging) and not for any independent purposes. Google Firebase is a reputable platform that maintains high security standards and compliance certifications for data protection[3][4]. Your data in Firebase is transmitted over secure (encrypted) connections and stored in secured, encrypted form on Google’s servers. For more information, you can also review Google’s Firebase Privacy & Security documentation and Google’s general Privacy Policy.
Data Sharing and Disclosure
Your privacy is important to us. ImOK does not share your personal information with any third parties for their own use. We do not sell, rent, or disclose your data to marketers or other unrelated companies. The data you provide (such as your name, phone number, check-in messages, etc.) is used strictly within the context of the app and by the Firebase services described above.
The only third parties who handle your data are the service providers that enable ImOK’s core functions (i.e. Google Firebase). This means your data may be processed by Google’s systems as explained, but Google does not use this data for any purpose other than to provide the Firebase services to us. Aside from Firebase, we do not share your information with anyone. In particular, ImOK does not use any external analytics platforms or advertising networks that would collect your information for profiling or marketing. The app does not serve ads and we do not share data with advertisers or any external marketing partners[5]. Likewise, we do not use analytics services in the app, so we are not tracking your app usage beyond the necessary information needed to run the service (no third-party analytics SDK means no behavioral tracking or profiling of how you use ImOK).
We may share information only if it is legally required (for example, responding to a valid court order or law enforcement request, but this is rare and we have not had such requests) or if you explicitly request us to share data (for instance, if you reach out for support and authorize us to view some of your data to assist you). In summary, your personal data stays within ImOK and its essential service providers, and is not shared onward.
No Advertising or Analytics Tracking
ImOK is proud to be an ad-free application. We do not display advertisements within the app, and therefore we do not collect data for advertising purposes. You will not be profiled or tracked for ads while using ImOK. Additionally, we do not collect analytics data via any third-party analytics tools (such as Google Analytics, Firebase Analytics, or others). We do not monitor your usage patterns, we do not collect telemetry or crash analytics (beyond basic operational logs on our servers), and we do not use cookies or tracking technologies in the app. This means the only data we have about you is the data you knowingly provide for the app’s functionality, as described in the sections above. By not using ads or analytics, we minimize the amount of data about your usage that is collected at all[5].
Data Security
We take the security of your data seriously. ImOK implements a variety of security measures to protect your personal information from unauthorized access or disclosure. Communication between the app and Firebase servers is encrypted via HTTPS, which helps prevent eavesdropping. Data stored in Firebase (including your messages and profile info) is encrypted at rest by Google’s Firebase infrastructure. Access to the Firebase database is restricted by security rules, so that each user only has access to their own data or data intended for them (for example, only the intended recipients of a check-in can read that check-in message). Internally, we limit access to user data – the ImOK development team will only access user data if necessary to troubleshoot an issue or as required by law, and even then, only with proper authorization.
While we strive to use commercially acceptable means to protect your personal data, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. However, we continuously update our security practices to align with industry standards and take immediate action if any security risks are identified. Using biometric authentication (if you enable it) can add an extra layer of security to your app access – remember that this method relies on your device’s secure hardware, keeping your biometric info safe locally.
Data Retention and Deletion
We retain your personal data only for as long as it is needed to provide you with the ImOK service and for legitimate and essential business purposes, such as maintaining your account or complying with legal obligations. In practice, this means we will keep your profile information and check-in records while you are an active user of ImOK. If you decide to stop using ImOK or request deletion of your account, we will delete your personal data from our systems (including Firebase) within a reasonable timeframe.
If you uninstall ImOK from your device, your account data (such as your name, phone number, and any check-in history) is not automatically deleted from our servers, since others you interacted with might still expect to see past check-in responses. If you would like to permanently delete your account and associated data, you can contact us at our support email (see Contact Us below). Upon receiving a verified deletion request, we will remove your personal information from our database and Firebase backend. (Note: There may be some latency in removal from all backups, but we will ensure the data is not actively used and is erased entirely in accordance with applicable laws and platform capabilities.)
We do not keep personal data longer than necessary. For example, if we implement time-limited check-in data cleanup in the future (auto-deleting old check-in logs after a certain period), we will update this policy accordingly.
Children’s Privacy
ImOK is not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old. If you are under 13, please do not use the app or provide any personal information. In the event that we discover we have collected personal data from a child under 13 without parental consent, we will take immediate steps to delete that information. If you are a parent or guardian and believe that a child under 13 may have provided us with personal information, please contact us so we can remove the data. (For users in certain jurisdictions, such as the European Union, we also do not knowingly collect data from minors under the applicable age of consent for data processing, which may be older than 13, without proper consent.)
Changes to This Privacy Policy
We may update this Privacy Policy from time to time as our app evolves or as required by law. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, if appropriate, by additional notice within the app or via other communication. We encourage you to review this Privacy Policy periodically for any changes. Continued use of ImOK after any modifications to the policy constitutes your acknowledgment of the changes and your agreement to be bound by the updated policy.