TraceTogether is an app that can be downloaded voluntarily and facilitates the contact tracing process. With your consent, it exchanges encrypted and anonymised Bluetooth signals with nearby phones running the same app for up to 25 days.
This allows you to be informed if you were in prolonged physical proximity with an infected person. We are committed to safeguarding your privacy and will only use your data solely for contact tracing purposes.
The only identity data we store is:
When you sign up, a random User ID is generated and associated with your mobile number and identification details. Your mobile number, identification details and User ID are stored in a secure server, and never shown to the public.
TraceTogether uses Bluetooth to approximate your distance to other phones running the same app. We do not collect data about your GPS location. Neither do we collect data about your WiFi or mobile network.
When you are close to another phone running TraceTogether, both phones use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by the Ministry of Health (MOH). It can only be decrypted by MOH, and does not reveal your identity or the other person's identity.
Data about phones near you is stored securely on your phone, and will only be shared with MOH if you test positive for COVID-19, for the sole purpose of contact tracing.
The anonymised Bluetooth data data stored on your phone after 25 days is automatically deleted.
The Temporary ID that your phone exchanges with nearby phones is refreshed at regular intervals. The lack of a persistent identifier means it is impossible for third parties to identify or track you.
You may request for your identification data to be deleted on our servers, unless your proximity data has already been uploaded as a confirmed case.
You can do so by emailing email@example.com with the mobile number you registered in the app.
We will then delete your mobile number, identification details and User ID from our server. This renders meaningless all data that your phone has exchanged with other phones, because that data will no longer be associated with you.
Any data shared with MOH will only be used solely for contact tracing of persons possibly exposed to COVID-19.
We will only use TraceTogether for contact tracing. Once contact tracing ceases, you will be prompted to disable TraceTogether's functionality.
You can also disable TraceTogether's functionality any time by turning the app's Bluetooth permissions off or deleting the app. If contact tracing is required for a future outbreak, you will be prompted to enable permissions, or you can reinstall the app.
TraceTogether collects anonymised data about your device and app (e.g. device model, app version) to help us improve the app and provide a better user experience.