Turn-by-turn navigation that never leaves your phone.
BanditKin computes your route and runs your address search on the device itself. Your destination and what you search for never leave the phone — no servers compute your route, and there's no one to sell it to. The base map is offline; sharing your live location with your circle is end-to-end encrypted.
What leaves your device — and what never does
The honest version: the only thing that goes online for navigation is a request for the map data of a general area — never the place you're going, never what you search.
| Data | Where it goes | Who can read it |
|---|---|---|
| Your destination (address / coordinates) | Never leaves the phone | Only you |
| What you type in search | Never leaves the phone | Only you |
| The route, turn-by-turn | Computed and kept on the phone | Only you |
| Where you pan / zoom the map | Never leaves the phone | Only you |
| Your live location (shared with your circle) | Leaves end-to-end encrypted | Only your circle's paired devices — not BanditKin |
| Map / routing / address downloads | A request for a coarse area file (a state map, a county's addresses, a square of roads) | The host sees your IP and which area file you asked for — a rough region hint, never your destination or query |
| Flock camera locations (only if Avoid-Flock or the overlay is on) | A request for a coarse bounding box to the separate public camera service | That service sees the map area requested — no identity, no destination, not your location |
| Operational metadata (the encrypted relay) | Sent to the relay | That a device belongs to a circle (random IDs), payload timestamps and sizes, battery and online status — not where, not what |
Everything that could identify where you actually went stays on your phone.
Three things, all on the device
Real turn-by-turn with a heading-up map, adaptive zoom near turns, and follow-me tracking. The route is computed in-process by an open-source engine (BRouter, MIT) — there is no routing server your destination is sent to.
Address and place search runs against an index built into the app from OpenStreetMap and OpenAddresses. Your search query never leaves the phone, and you won't hit a dead-end “not found” — unsaved counties download on demand and resolve on-device.
An optional preference that routes around automated license-plate-reader (ALPR) cameras — a privacy choice to avoid being logged by a commercial surveillance network. The avoidance math runs on your phone; your route and destination are never sent to the camera service. You can also see the cameras on the map.
BanditKin vs. Google Maps / Waze
This audience rewards admitting the trade-off — so here it is, plainly.
| Google Maps / Waze | BanditKin | |
|---|---|---|
| Where routes are computed | Their servers | Your phone |
| Does your destination leave your device? | Yes — tied to your account | No |
| Do your searches leave your device? | Yes | No |
| Real-time traffic and incidents | Yes | No (by design) |
| Ads / profiling from your trips | Yes | None |
| Works fully offline | Limited | Yes, once your area is saved |
We don't have live traffic. We can't — real-time traffic only works if everyone uploads where they are and where they're going, which is exactly the surveillance we're built to avoid. If live traffic matters more to you than privacy, use Waze. If it's the other way around, that's us.
On-device by architecture, not by promise
BRouter (MIT) runs in-process — not a black box, and no server to call.
OpenStreetMap for streets and places, OpenAddresses for house numbers, the EFF Atlas of Surveillance for camera coverage — all properly attributed.
Sharing is encrypted on your phone; the key is shared in person by QR code and never touches our server.
Devices and circles are random identifiers. No email or name required, and no advertising identifiers.
No ads and no third-party analytics SDKs in the app, and no data sold to anyone.
Run the relay yourself, so even encrypted metadata stays on hardware you control — free on your own PC.
Navigation, answered
Does BanditKin send my destination anywhere?
No. Routing is computed on your phone by an on-device engine. Your destination and your search queries never leave the device.
Then what does go online when I navigate?
Only requests for map data of a general area — a state's offline map, a county's address list, or a square of road data — which the app downloads once and then reuses offline. The host that serves those files sees your IP address and which area file you requested, but never your destination or what you searched.
Do I need an account?
No. There are no accounts, no email, and no advertising identifiers — your device and circle are random IDs.
How does location sharing stay private if it's sent to a server?
It's end-to-end encrypted on your phone before it's sent. The server stores ciphertext it can't read; only your circle's paired devices, which hold the key, can decrypt it. The key is shared in person by scanning a QR code and is never sent to the server.
What is “Avoid Flock”?
An optional routing preference that steers your route around automated license-plate-reader (ALPR) cameras, whose locations are public data. The avoidance is computed on your phone; your route and destination are not sent to the camera service.
Why no live traffic?
Live traffic requires everyone to continuously upload where they are and where they're going. That's the surveillance we're built to avoid, so we don't do it — and we'd rather say so than fake it.
Can I run it myself?
Yes. The relay is self-hostable, so a technical user can keep all data — including metadata — on hardware they control.
Map & address data: © OpenStreetMap contributors (ODbL); house numbers from OpenAddresses. Camera coverage: © OpenStreetMap contributors (ODbL), with coverage context from the EFF Atlas of Surveillance (CC-BY). Routing engine: BRouter (MIT License). BanditKin is not affiliated with Google, Waze, Flock Safety, or the EFF.