Contact Tracing/Exposure Notification SurveyInformation gathered from this survey will be used to better inform decision makers in state and local government, technologists, and the public, about the privacy and security features of leading contact tracing and exposure notification applications.
...
Briefly describe the ways in which your application's architecture is centralized or decentralized?
We offer both GPS and Bluetooth based technology. Both are built with a decentralized architecture, meaning that user data remains on devices and exposure notifications are generated on device based on exposure data retrieved from an external source. Our Bluetooth app is built using the Google Apple Exposure Notification API and conforms to the design intent and policies of the API. Our GPS solution is decentralized by design and works without requiring users to share any location data with anyone. If, as part of a contact tracing interview process, a user wishes to share their location data with a public health authority, they have the option to do so at their sole discretion, but such sharing is not automatic and requires proactive steps by the user.
Does imputed data reside on a user's device or on a server?
...
Do user IDs reside on their respective devices or on a server?
User's device
Your server
A third party server
Other: Our mobile app does not record User IDs. If users choose to identify themselves to a contact tracer, their data will likely be stored
Where is data for your application's exposure events managed?
...
When consenting to use your application, are users informed as to how the information they're disclosing is being used?
Yes
No
When consenting to use your application, are users informed as to the likely impacts of disclosure and use?
Yes
No
Are events impacting the company server visible to users?
...
How do users opt-in or opt-out of being tracked by your application?
Users may opt out by declining to authorize the app to access GPS or Bluetooth functions of their device when installing, by revoking these authorizations at a later time, or by uninstalling the application.
Does your application have a privacy policy? If so, please provide the link.
Your answer https://covidsafepaths.org/privacy-policy/
Does your application output aggregate data analysis?
Yes
No
If you answered yes to the above, do you apply differential privacy to this analysis?
Yes
No
Other:
Do you use data collected through your application for anything other than the health objectives related to mitigating the impact of COVID-19?
...
If your application is open-source, what license do you use?
MIT License https://github.com/Path-Check/covid-safe-paths/blob/develop/LICENSE
How is your organization structured? *
...
What steps have you taken to ensure that subpopulations are not systematically excluded from using, or being accounted for in, your application?
We have a global volunteer community engaging with public health organizations worldwide. We have cultivated a strong media relations program to promote the availability of our apps across a variety of mass media outlets.
What steps have you taken to ensure that your clients (including government) only use the information for pre-determined health objectives related to mitigating the impact of COVID-19?
We have designed our technology to give consumers control of their private information.
Does your application use an openly published protocol to ensure that their solution is verifiable and interoperable? (For example, DP^3T, PACT, the TCN Protocol, and Apple/Google COVID-19 contact tracing technology)
...
Our global community of volunteers is working to both develop the core technology, develop and promote best practices for contact tracing, and engage directly with health authorities to guide their projects and rollout. We have brought together leading academic researchers, technology industry veterans, the trusted advisors to governments and enterprises, and implementation partners who can execute projects. We believe that this holistic approach is likely to lead the best outcome.