TraceTogether Privacy Safeguards

TraceTogether is an app that can be downloaded voluntarily and facilitates the contact tracing process. With your consent, it exchanges encrypted and anonymised Bluetooth signals with nearby phones running the same app for up to 25 days.

This allows you to be informed if you were in prolonged physical proximity with an infected person. We are committed to safeguarding your privacy and will only use your data solely for contact tracing purposes.

We store limited data

The only identity data we store is:

  • Your mobile number
  • Your identification details
  • A random anonymised User ID e.g. 9I8VPeQeWDofj39c8dPySoUXLqh2

When you sign up, a random User ID is generated and associated with your mobile number and identification details. Your mobile number, identification details and User ID are stored in a secure server, and never shown to the public.

We do not collect data about your GPS location

TraceTogether uses Bluetooth to approximate your distance to other phones running the same app. We do not collect data about your GPS location. Neither do we collect data about your WiFi or mobile network.

Data about phones near you does not reveal personal identities

When you are close to another phone running TraceTogether, both phones use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by the Ministry of Health (MOH). It can only be decrypted by MOH, and does not reveal your identity or the other person's identity.

Data about phones near you is stored on your phone

Data about phones near you is stored securely on your phone, and will only be shared with MOH if you test positive for COVID-19, for the sole purpose of contact tracing.

The anonymised Bluetooth data data stored on your phone after 25 days is automatically deleted.

Other third-party services will not be able to track your identity

The Temporary ID that your phone exchanges with nearby phones is refreshed at regular intervals. The lack of a persistent identifier means it is impossible for third parties to identify or track you.

You may request for your identification data to be deleted on our servers

You may request for your identification data to be deleted on our servers, unless your proximity data has already been uploaded as a confirmed case.

You can do so by emailing support@tracetogether.gov.sg with the mobile number you registered in the app.

We will then delete your mobile number, identification details and User ID from our server. This renders meaningless all data that your phone has exchanged with other phones, because that data will no longer be associated with you.

Your data will only be used for COVID-19 contact tracing

Any data shared with MOH will only be used solely for contact tracing of persons possibly exposed to COVID-19.

TraceTogether will only communicate with nearby phones for a limited time

We will only use TraceTogether for contact tracing. Once contact tracing ceases, you will be prompted to disable TraceTogether's functionality.

You can also disable TraceTogether's functionality any time by turning the app's Bluetooth permissions off or deleting the app. If contact tracing is required for a future outbreak, you will be prompted to enable permissions, or you can reinstall the app.

We use anonymised data to improve TraceTogether

TraceTogether collects anonymised data about your device and app (e.g. device model, app version) to help us improve the app and provide a better user experience.


Changelog

  • 1 April 2020 - Clarified the collection of anonymised analytics data
  • 1 June 2020 - Clarified the collection of identification details and usage of data for contact tracing.