Trust & Safety

Last updated: April 28, 2026

Umbr is end-to-end encrypted, but we are not a haven for abuse. Every share has a one-tap Report button. We disable reported content immediately, work with law enforcement on confirmed cases, and report child sexual abuse material to NCMEC as required by U.S. law.

What we do

Immediate disabling on report

Both the in-app viewer and the web viewer include a one-tap flag icon. The moment a recipient reports a share, the link is disabled for everyone and flagged for our review. The sender's device is also flagged, and repeat reports may lead to a permanent ban on creating new shares.

NCMEC reporting

Aaratus Inc. is a registered Electronic Service Provider with the National Center for Missing & Exploited Children (NCMEC). Where a report identifies child sexual abuse material (CSAM), we file a CyberTipline report under 18 U.S.C. § 2258A and preserve the relevant encrypted records for at least 90 days for law enforcement.

Law enforcement cooperation

We respond to valid legal process from U.S. law enforcement, and from foreign authorities through MLAT or equivalent channels. Because content is end-to-end encrypted, we cannot produce plaintext — but we can produce metadata associated with reported tokens and, where applicable, hashed device identifiers.

Repeat-offender bans

Devices that accumulate multiple confirmed reports are blocked from creating new shares. This applies at the device level and survives reinstalling the app.

What you can do

Report a share

Open the share, tap the flag icon at the top of the viewer, confirm. The link is disabled immediately. The viewer works for both iOS and the web.

Report something more serious

For threats, immediate danger, ongoing harassment, or any case involving a minor, contact local emergency services first. Then contact us at contact@umbr.link with as much detail as you can share, including the share URL if you still have it.

Resources

NCMEC CyberTipline (USA) — report.cybertip.org or 1-800-843-5678
Cybertip.ca (Canada) — cybertip.ca
Internet Watch Foundation (UK) — iwf.org.uk
Cyber Civil Rights Initiative (NCII help) — cybercivilrights.org or 1-844-878-2274

What Umbr cannot do

Umbr is end-to-end encrypted by design. We cannot read your shares, scan them with hash-matching tools, or produce plaintext content in response to any request, lawful or otherwise. We can only act on content that is reported to us or already public.

This is the same architecture used by Signal, WhatsApp, iMessage, and other modern encrypted messengers. We've chosen it deliberately, because the alternative — server-side access to user content — creates risks that, in our view, outweigh the moderation benefits. Our approach is to make abuse easy to report, fast to disable, and impossible to repeat from the same device.

Photosensitivity

Umbr uses rapid frame alternation (up to 120Hz on ProMotion displays) as part of its protection. If you have photosensitive epilepsy or sensitivity to flicker, this app may not be safe for you. iOS users with Reduce Motion enabled receive a single static frame with reduced protection. Stop using Umbr immediately and consult a medical professional if you experience any discomfort.

Contact

Safety reports and questions: contact@umbr.link — we aim to respond within 24 hours.

Aaratus Inc.
2093 Philadelphia Pike #1549
Claymont, DE 19703, USA