Safe2 Privacy Policy

Safe2 (“Us,” “We,” or “Company”) takes your privacy and the privacy of all people very seriously. This Privacy Policy (“Policy”) is designed to inform you, a user of our mobile app and services, about the types of information that we may gather or collect from or about you in connection with your use of the app and services. It also explains the conditions under which we use and disclose that information.

Use of the Safe2 mobile app and associated services requires acceptance of this Policy. If you are not satisfied with any aspect of the policy, please discontinue using the Safe2 mobile app and services.

Changes to this Policy are discussed at the end of this document. Each time you use the Safe2 mobile app, however, the current version of this Policy will apply. Accordingly, each time you use the Website you should check the date of this Policy (which appears at the end of this document) and review any changes since the last time you used the app.

 

We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us.

That’s the basic purpose of this Privacy Policy.

Highlights and Principles

This policy contains very important information. Please read all of it. Notwithstanding, here are some highlights and principles you may find of particular interest:

The Safe2 mobile app stores close contacts (ephemeral ids), location visits (lat, long, start time, end time), test results, and self-assessment symptoms on your mobile device. All symptom data is stored in a secure area of your device and marked to not be backed up by Apple or Google. When the Safe2 mobile app obtains indication that you are potentially exposed, symptomatic, or positive, it sends data about anonymous close contacts and location visits to the exposure alerting service. Safe2 data is about identifying exposure, not people; all data sent to the exposure alerting service is anonymous. By design, the Safe2 exposure alerting service is an open system. All other participants using the service can request and view any information entered into the system.

Information Collected

Safe2’s goal is to help you understand not just what information is collected, but why and how we collect the information as well as where it is stored. Our purpose is to inform smarter social distancing, to reduce the number of COVID-19 infections and deaths, and to empower our economies to sustain the highest amount of activity while the virus remains a threat.

The Safe2 mobile app detects possible COVID infection via both test results and symptom self-assessments. It also identifies close contacts via Bluetooth proximity detection and location visits via GPS location.

Self-assessment symptoms are stored on and never leave your mobile device. An indication of a positive test or symptoms is sent off the mobile device to the exposure alerting service.

A close contact is detected via Bluetooth Low Energy (BLE) advertisement packet that contains an ephemeral id (EphID). Your EphID changes often (typically several times per hour). Your mobile device stores all of its own EphIDs and any that it detects in proximity via BLE.

A location visit is detected via GPS for when your mobile device has remained in the same area for an extended period of time. Your mobile device stores all detected location visits. It does not store continuous GPS movement data.

If the Safe2 mobile app determines you may be contagious (due to positive test, self-assessment, or infection patterns around you), it will send your anonymized close contacts, location visits, and exposure status to the exposure alerting service. Safe2 is designed so this data is not stored in a way that allows others to determine who created it or that any two data entries are related.

Other Disclosures

The Safe2 exposure alert service does not store any PII.

We disclose data when required to do so by law, or in response to a subpoena or court order, to cooperate with a legitimate law enforcement investigation, or when we believe in our sole discretion that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In the Public Interest: During disasters Safe2 contains information that can help public officials determine the disaster’s impact, cost, and possible mitigation strategies. Likewise, long-term recovery groups (LTRGs) and unmet needs committees want access to Safe2 exposure information to help survivors. In situations like these, we may share an appropriately limited amount of information to aid the public interest.

SSL Encryption

The transfer of online transaction data to and from the web site is protected by the implementation of a Secure Sockets Layer (SSL) protocol. Our security certificate allows verifying the authenticity of the secure sections of the Website and to communicate with our site securely, encrypting information as it passes over the internet. It is your responsibility to avoid unauthorized use of your Safe2 mobile application.

Policy Changes

We may, at our sole discretion, change this Policy from time to time. Any and all changes to our Policy will also be reflected on this page. Unless we obtain your express consent, any revised Policy will apply only to information collected after such time as the revised Policy takes effect, and not to information collected under any earlier Privacy Policies. We will attempt to notify you whenever there are material changes to this Policy. We encourage you to frequently check this page for any changes to our Policy. If you have any questions about our Policy, please contact us.

This Policy is effective May 12, 2020. Last Updated: May 17, 2020.