TraceTogether Privacy Safeguards

The TraceTogether programme enhances Singapore’s contact tracing efforts in the fight against COVID-19. It comprises the TraceTogether App and the TraceTogether Token. The App was released on 20 March, and the Token was rolled out on 28 June.

The privacy-preserving, Bluetooth contact tracing functions of the App and the Token are similar. With your consent, it exchanges encrypted and anonymised Bluetooth signals with nearby TraceTogether devices. The Bluetooth data exchanged does not contain any personal identifiable information. Bluetooth data after 25 days is automatically deleted.

This allows you to be informed if you were in prolonged physical proximity with an infected person. We are committed to safeguarding your privacy.

Also, the TraceTogether App/Token offers value-added features to make it more convenient for users, such as SafeEntry location check-in. These features are governed by their own Terms of Use. The following Privacy Safeguards and the Terms of Use found on TraceTogether’s website refer to TraceTogether’s core function of privacy-preserving, Bluetooth contact tracing.

We store limited data

The only identity data we store is:

  • Your contact/mobile number
  • Your identification details
  • A random anonymised User ID e.g. 9I8VPeQeWDofj39c8dPySoUXLqh2

When you sign up, a random User ID is generated and associated with your contact/mobile number and identification details. Your identification details are needed to help the Ministry of Health (MOH) contact the right person. Your contact/mobile number, identification details, and User ID are stored in a secure server, and never shown to the public.

We do not collect data about your GPS location

TraceTogether uses Bluetooth to Approximate your distance to other TraceTogether devices. We do not collect data about your GPS location. Neither do we collect data about your WiFi or mobile network.

Data about devices near you does not reveal personal identities

When you are close to another TraceTogether device, both devices use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by the Ministry of Health (MOH). It can only be decrypted by MOH, and does not reveal your identity or the other person's identity.

Data about devices near you is stored on your device

The Bluetooth data about devices near you is stored securely on your device. Should you test positive for COVID-19, MOH will request for you to upload the Bluetooth data, for the purpose of contact tracing.

The anonymised Bluetooth data stored on your device after 25 days is automatically deleted.

Other third-party services will not be able to track your identity

The Temporary ID that your device exchanges with nearby devices is refreshed at regular intervals. The lack of a persistent identifier means it is impossible for third parties to identify or track you.

You may request for your identification data to be deleted from our servers

You may request for your identification data to be deleted from our servers, unless your proximity data has already been uploaded to the Government server as a confirmed case.

For the App: You can do so by emailing support@tracetogether.gov.sg with the mobile number you registered in the app.

For the Token: You’d need to return the physical Token to us. Please email support@tracetogether.gov.sg with the last 4 characters of your NRIC/FIN/Passport number, and we’ll let you know how to return the Token.

We will then delete your contact/mobile number, identification details and User ID from our server. This renders meaningless all data that your device has exchanged with other devices, because that data will no longer be associated with you.

Data that is shared with MOH will be used for COVID-19 contact tracing

Any data shared with MOH will be used for contact tracing persons possibly exposed to COVID-19. Only authorised public officers will be able to use the data. The data about devices near you is stored securely on your device, and not accessible unless uploaded.

Also, we want to be transparent with you. TraceTogether data may be used in circumstances where citizen safety and security is or has been affected. Authorised Police officers may invoke Criminal Procedure Code (CPC) powers to request users to upload their TraceTogether data for criminal investigations. The Singapore Police Force is empowered under the CPC to obtain any data, including TraceTogether data, for criminal investigations.

TraceTogether will only communicate with nearby devices for a limited time

TraceTogether is designed for contact tracing. Once contact tracing ceases, you will be prompted to disable the functionality of the TraceTogether App or return/dispose of the Token.

For the App, you can also disable its functionality any time by turning the App's Bluetooth permissions off or deleting the App. If contact tracing is required for a future outbreak, you will be prompted to enable permissions, or you can reinstall the App.

We use anonymised data to improve TraceTogether

The TraceTogether App collects anonymised data about your phone and App (e.g. device model, App version) to help us improve the App and provide a better user experience.


Changelog

  • 1 Apr 2020 - Clarified the collection of anonymised analytics data
  • 1 Jun 2020 - Clarified the collection of identification details and usage of data for contact tracing.
  • 3 Sep 2020 - Included the TraceTogether Token in the Privacy Safeguards
  • 4 Jan 2021 - Clarified the Terms of Use of value-added features within the TraceTogether App and Token. Clarified how the Criminal Procedure Code applies to all data under Singapore’s jurisdiction.