Contact Tracing/Exposure Notification SurveyInformation gathered from this survey will be used to better inform decision makers in state and local government, technologists, and the public, about the privacy and security features of leading contact tracing and exposure notification applications.
...
Briefly describe the ways in which your application's architecture is centralized or decentralized?
We offer both GPS and Bluetooth based technology. Both are built with a decentralized architecture, meaning that user data remains on devices and exposure notifications are generated on device based on exposure data retrieved from an external source. Our Bluetooth app is built using the Google Apple Exposure Notification API and conforms to the design intent and policies of the API. Our GPS solution is decentralized by design and works without requiring users to share any location data with anyone. If, as part of a contact tracing interview process, a user wishes to share their location data with a public health authority, they have the option to do so at their sole discretion, but such sharing is not automatic and requires proactive steps by the user.
Does imputed data reside on a user's device or on a server?
...
How do users opt-in or opt-out of being tracked by your application?
Users may opt out by declining to authorize the app to access GPS or Bluetooth functions of their device when installing, by revoking these authorizations at a later time, or by uninstalling the application.
Does Does your application have a privacy policy? If so, please provide the link.
https://covidsafepaths.org/privacy-policy/
Does your application output aggregate data analysisanalysis?
Yes
No
If you answered yes to the above, do you apply differential privacy to this analysis?
...
If your application is open-source, what license do you use?
MIT License https://github.com/Path-Check/covid-safe-paths/blob/develop/LICENSE
How is your organization structured? *
...
What steps have you taken to ensure that subpopulations are not systematically excluded from using, or being accounted for in, your application?
We have a global volunteer community engaging with public health organizations worldwide. We have cultivated a strong media relations program to promote the availability of our apps across a variety of mass media outlets.
What steps have you taken to ensure that your clients (including government) only use the information for pre-determined health objectives related to mitigating the impact of COVID-19?
We have designed our technology to give consumers control of their private information.
Does your application use an openly published protocol to ensure that their solution is verifiable and interoperable? (For example, DP^3T, PACT, the TCN Protocol, and Apple/Google COVID-19 contact tracing technology)
...