TraceTogether Privacy Safeguards

The TraceTogether programme enhances Singapore’s contact tracing efforts in the fight against COVID-19. It comprises the TraceTogether App and the TraceTogether Token. The App was released on 20 March, and the Token was rolled out on 28 June.

The privacy-preserving, Bluetooth contact tracing functions of the App and the Token are similar. With your consent, it exchanges encrypted and anonymised Bluetooth signals with nearby TraceTogether devices. The Bluetooth data is stored securely on your device, never shared with the Ministry of Health (MOH) unless action is taken to upload it. Bluetooth data stored for longer than 25 days is automatically deleted from your device.

TraceTogether allows you to be informed if you were in prolonged physical proximity with an infected person. We are committed to safeguarding your privacy.

Also, the TraceTogether App/Token offers value-added features to make it more convenient for users, such as SafeEntry location check-in. These features are governed by their own Terms of Use. The following Privacy Safeguards and the Terms of Use found on TraceTogether’s website refer to TraceTogether’s core function of privacy-preserving, Bluetooth contact tracing.

We store limited data

The only identity data we store is:

  • Your contact/mobile number
  • Your identification details
  • A random anonymised User ID e.g. 9I8VPeQeWDofj39c8dPySoUXLqh2

When you sign up, a random User ID is generated and associated with your contact/mobile number and identification details. Your identification details are needed to help MOH contact the right person. Your contact/mobile number, identification details, and User ID are stored in a secure server, and never shown to the public.

We do not collect data about your GPS location

TraceTogether uses Bluetooth to approximate your distance to other TraceTogether devices. We do not collect data about your GPS location. Neither do we collect data about your WiFi or mobile network.

Data about devices near you does not reveal personal identities

When you are close to another device that participates in the TraceTogether Programme, both devices use Bluetooth to exchange a Temporary ID. This Temporary ID is generated by encrypting the User ID with a private key held by MOH. It does not reveal your identity or the other person's identity, and can only be decrypted by MOH.

Data about devices near you is stored on your device

The Bluetooth data about devices near you is stored securely on your device. Should you test positive for COVID-19, MOH will request for you to upload the Bluetooth data, for the purpose of contact tracing.

The anonymised Bluetooth data stored on your device for longer than 25 days is automatically deleted. This means that if you take action to share your Bluetooth data with MOH, only 25 days’ worth of data will be shared.

For the TraceTogether App to offer the value-added feature of scanning SafeEntry QR codes, the App needs to use your device’s camera. We do not access pictures, videos, or files stored on your device, except when you use the file attachment function in the App’s Customer Support feature.

Other third-party services will not be able to track your identity

The Temporary ID that your device exchanges with nearby devices is refreshed at regular intervals. The lack of a persistent identifier means it is impossible for third parties to identify or track you.

You may request for your identification data to be deleted from our servers

You may request for your identification data to be deleted from our servers, unless your proximity data has already been uploaded to the MOH server to help with contact tracing.

When your identification data is deleted from our servers, all the Bluetooth data that your device has exchanged with other devices will become meaningless, because that data will no longer be associated with you. This means that when a COVID-positive person uploads their data, MOH will not be able to use TraceTogether to identify you if you had close contact with the COVID-positive person.

The steps to deleting your identification data from our servers can be found here.

Data that is shared with MOH will be used for contact tracing

Your privacy is important. In all situations, the TraceTogether Bluetooth data about devices near you is stored securely on your App or Token. The Government can only access data that has been manually uploaded to the server.

Any data shared with MOH can only be used for the purpose of contact tracing, except when there is a need to use the data for criminal investigation and proceedings relating to seven categories of serious offences.

[Note: To formalise these assurances, legislation will be introduced in the February 2021 Parliament sitting on a Certificate of Urgency. We will be updating our Privacy Safeguards and in-app content in due course.]

TraceTogether will only communicate with nearby devices for a limited time

TraceTogether is designed for contact tracing. Once contact tracing ceases, you will be prompted to disable the functionality of the TraceTogether App or return/dispose of the Token. All personal contact tracing data that was collected will be deleted as soon as practicable.

For the App, you can also disable its functionality any time by turning the App's Bluetooth permissions off or deleting the App. If contact tracing is required for a future outbreak, you will be prompted to enable permissions, or you can reinstall the App.

We use anonymised data to improve TraceTogether

The TraceTogether App collects anonymised data about your phone and App (e.g. device model, App version) to help us improve the App and provide a better user experience.


Changelog

  • 1 Apr 2020 - Clarified the collection of anonymised analytics data.
  • 1 Jun 2020 - Clarified the collection of identification details and usage of data for contact tracing.
  • 3 Sep 2020 - Included the TraceTogether Token in the Privacy Safeguards.
  • 4 Jan 2021 - Clarified the Terms of Use of value-added features within the TraceTogether App and Token. Clarified how the Criminal Procedure Code applies to all data under Singapore’s jurisdiction.
  • 1 Feb 2021 - Updated to reflect the introduction of the COVID-19 (Temporary Measures) (Amendment) Bill 2021. [Note: We will be updating the in-app content shortly.]
  • 10 Feb 2021 - Added information on why the TraceTogether App needs user’s permission for Camera and File/Images