COVID Alert privacy notice (Google-Apple Exposure Notification)
On this page
- Protecting your privacy
- App performance and effectiveness metrics
- What the app collected and stored on your phone
- What the app shared
- Other information about you
- Your IP address
- Deleting your data
- Provincial and territorial links in the app
- Privacy assessment
- Contact us
Protecting your privacy
COVID Alert is now retired. While active, COVID Alert had strong privacy protection.
Extensive steps were taken to protect your privacy and data. Personal information was not collected.
Use of the app was voluntary.
App performance and effectiveness metricsTo help us understand how well the app was working, starting the week of February 9, 2021, the app collected the following metrics.
- the number of active users per province or territory
- the number of users whose app changed to the “exposed” state
- the number of app users who entered a one-time key (OTK) while in the “exposed” state
- other technical performance metrics described in Appendix B of the Privacy Assessment
These data were not connected to you or other users. Consult Appendix B: COVID Alert App Metrics in the Privacy Assessment for more details on how the metrics were collected and stored.
What the app collected and stored on your phone
- Random codes from your phone, for 14 days.
- Random codes from other phones near you, for 14 days.
The random codes were used only to notify you and other app users of possible COVID-19 exposures.
COVID Alert had no way of knowing your:
- name or address
- phone's contacts
- health information
How the data were protected
- The app could not identify you from the random codes.
- Your phone encrypted the random codes.
- Your phone only shared the random codes with COVID Alert if you agreed to share them.
If you had an Android phone
To use Bluetooth scanning, Android phones using Android 6, 7, 8, 9 or 10 needed the “Location” setting turned on for all apps.
While COVID Alert had no way of knowing where you were, Google may have had access to your location.
Users were informed previously on this webpage that Android phones using Android 6, 7, 8, 9 or 10 could have used the lowest accuracy option for “Location” and could have turned off “Google Location History.”
Android 11 did not need the “Location” setting to be turned on to use COVID Alert.
COVID Alert did not have permission to use location services.
What the app shared
- Nothing was shared with other users without your explicit permission.
- When you gave permission, the only information shared was the random codes from your phone.
- Only the app and its server had access to the random codes.
Some data were collected to help us understand how:
- well the app was working
- the app was having an effect on slowing the spread of COVID-19
This included the:
- province or territory you selected in the app, if you chose to provide this information
- number of users whose app changed to “exposed”
- number of app users who entered a one-time key while in the “exposed” state
This data were not linked to you or other users and were not used to identify you. Data were used to assess the effect the COVID Alert was having on the pandemic.
Consult Appendix B: COVID Alert App Metrics in the Privacy Assessment for more details of how metrics were collected and stored.
If you were diagnosed with COVID-19
- Users had the choice to share their random codes from the last 14 days with a central server operated by the Government of Canada.
- Users had the choice to provide details to help narrow down when they were likely the most infectious.
- Those details told the phone which random codes to upload.
- If users chose not to provide details, the app uploaded the random codes from the last 14 days.
- If users shared their random codes, nobody received any information about the user or when users were near one another.
- Users were also asked for permission to share their random codes with the central server for the next 13 days.
- The random codes went into the central server. No other information was sent to the server.
If another app user was diagnosed with COVID-19
- No information about you was shared with them.
- No information about them was shared with you.
Other information about you
COVID Alert was a Government of Canada app. It was designed so that your health information stayed with your provincial or territorial health care provider. Health care workers had no way of providing your personal information to COVID Alert.
Your identity and health status were not shared with the Government of Canada. COVID Alert did not know who you were and could not access your health information.
If you received an exposure notification, the app suggested next steps. We did not receive any health information about you, whether you were taking those next steps or not.
COVID Alert did not connect with or collect any information from any other app on your phone.
Positive diagnosis and your one-time key
If you tested positive for COVID-19, your health care provider would give you a one-time key. It told COVID Alert that you could upload your random codes. COVID Alert trusted this key. It used this key so it did not have to collect any information that could identify you.
If you entered a one-time key, the app asked for details to help narrow down when you were likely most infectious. This way, the app only notified users who were near you during that time.
It asked if you had any symptoms. Depending on your answer, it asked for either the date your symptoms started or your test date. It gave you the choice not to enter any of these details. These details were not sent or stored anywhere outside your phone. They just told the app which random codes to share. The app also told the central server if this information was entered, which helped us know if it was a useful feature. The date you entered for your symptoms or test were not shared with the government.
Provincial and territorial identification numbers
To protect the integrity of the one-time keys, your province or territory could have generated a long internal identification number. This told the app the key was requested by a valid source. We were not able to associate these internal identification numbers with you or other app users. They were only used when needed to prevent cybersecurity threats.
Your IP address
As a security measure, the server stored your IP address in system logs when you:
- entered a one-time key
- uploaded your random codes
- downloaded a list of positive codes
Your IP address was not linked to any other information in the system, such as one-time keys or random codes.
These security measures prevented spammers from flooding the COVID Alert system and your phone with fake exposure notifications.
How IP addresses were used and protected
- IP addresses were stored in system logs.
- System logs were normally kept for up to 3 months.
- System logs were closely protected and could only be used for ensuring performance and responding to security threats.
Deleting your data
- All random codes from your phone and other users’ phones were deleted after 15 days.
- You could have deleted the app at any time, and the random codes on your phone would have been automatically deleted after 15 days.
- You could have also deleted the Exposure Logs yourself from your phone's settings.
- If you uploaded your random codes before deleting the app, they would have been deleted from the server after 15 days.
All data will be deleted, other than aggregated performance metrics, which cannot be linked to a person.
Provincial and territorial links in the app
The app contained some links to websites that are managed by provincial and territorial governments. They may have asked for or collected information about you. The COVID Alert system could not access any information you gave to those websites.
In July 2020, Health Canada, in collaboration with the Canadian Digital Service, completed a privacy assessment of the COVID Alert app. This assessment described the measures taken to protect your privacy in the app.
Contact the COVID-19 information line:
- Phone: 1-833-784-4397
- Teletypewriter (TTY): 1-800-465-7735
(Monday to Friday, 8 am to 8 pm ET)
- Email: hc.AlerteCOVIDAlert.firstname.lastname@example.org
- Date modified: