Our mission is to keep you safe and informed. Epid HealthTech, Inc. (the company that operates the EpidSafe mobile app, the EpidSafe portal, EpidTrace mobile app, EpidTrace Portal and web site www.epidhealthtech.com), our stance is that we will only use and share your data for the limited purposes described in this privacy policy. We do not and will not serve advertisements.
This privacy policy describes our privacy practices in connection with the EpidSafe app.
About our COVID-19 tracking and contact tracing features
- We have created EpidSafe to help contain the spread of COVID-19 and prevent work place safe by providing required
- Our mission is to keep users safe and informed without compromising their control of their personal information.
- We will never sell your personal information to third parties or proactively share your personal information with the government without your consent.
- We maintain the information we collect to support contact tracing – your Bluetooth data and COVID-19 diagnosis information – separately from other details you may provide to us.
We may need to modify our privacy practices to comply with legal requirements, such as court orders or subpoenas.
Our principles for protecting your data
- We record the information we need to provide our services: Tracking COVID-19 and informing you if you have had contact with a user who has tested positive for the virus, and to direct you to obtain testing if necessary.
- We involve as few third-party service providers as possible when touching your data. The third parties we work with have contracts in place to prohibit reuse or sale of your data.
- We generally limit access to your data to a subset of the engineering team. We have specific systems to control data access, and all access is logged and regularly audited. We perform a privacy review for all new features.
- We take protecting your location data seriously. We need accurate real-time location data and location history to alert you and others of any contact you may have had with somebody who has tested positive for COVID-19. We will delete your Bluetooth data 30 days after collection.
- We test the stability and security of our infrastructure, including annual penetration testing and review of our security systems and their configuration. We use an information security firm to provide these services under a strict non-disclosure agreement.
- Our services are designed to inform you of any potential contact with the virus, and to assist you in obtaining testing for the disease. We can only provide those services in certain areas, so if you are located outside of one of those areas, the services may not work for you. We only provide our service in the United States, so we apply U.S. law to our privacy practices.
Your Data
- Contact information: We use your email address and phone number to set up and validate your user account, to communicate with you, and to prevent abuse of the platform. We may also send you emails about EpidSafe – you can choose to opt out of any marketing emails by following the instructions at the bottom of the email, but we may still send you some important emails, such as to respond to a question, feedback, or request you send us. You may provide your zip or postal code to allow government agencies with which we partner to track COVID-19 outbreaks.
- Identity verification information: When a user submits their COVID-19 diagnosis to us to enable tracing, we may request a copy of the user’s government-issued ID or use other means to verify the user’s identity to protect our community against platform abuse and fraud. We will delete your identity verification information within 30 days from collection.
- Health information: You may choose to share your health information or authorize a third party to share your information with us.
- User locations: We use your device’s GPS and Bluetooth signals to determine your location; we need to use both technologies to identify your proximity to other users within nearby proximity, based on CDC’s social distancing guide. You choose whether to share your location, and can always revoke the app’s access to your location data in your device settings, but the app will not function if the app can’t access location data.
- User activity: We aggregate user activity data (like how you interact with the app, what times you use the app, what kind of device you have, etc.) for analysis to improve your user experience.
How we share your information
If you are using both the EpidSafe portal as well as the EpidSafe app, we will share your information between the two apps to facilitate our COVID-19 tracking and contact tracing features and relevant notifications.
We may share your data with service providers, such as:
- Twilio: Twilio allows us to send you an SMS message to validate your account.
- AWS-Cloud Services to host our infrastructure
- Google Location API
We only partner with service providers that commit to use the information only to provide services to or on behalf of us.
We will alert EpidSafe users who were within nearby proximity of an affected user during the preceding 30 days. These users will see a location on the map where the contact occurred. While this information does not identify you, there are circumstances when a user could identify you based on the location. For example, this may occur if a user knows you personally and recalls that they met you at the location we specify on the map.
We may share aggregated location data for the purpose of combating COVID-19 with government agencies and public health organizations.
We may share your personal information with government agencies with your consent. For example, we may share diagnosis information with such agencies.
To the extent necessary to continue to provide contact tracing services, we may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction involving the sale, transfer, divestiture, or disclosure of all or a portion of Epid HealthTech, Inc.’s business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If Epid HealthTech, Inc.’s company, business or assets is acquired by another company, that company will possess the personal information collected by Epid HealthTech, Inc. and the company will assume the rights and obligations regarding your personal information as described in this Privacy Policy. We will require the company to commit to using your personal information solely for contact tracing purposes.
We may share personal information (a) with law enforcement as we’ve explained in the Information for Law Enforcement Authorities, (b) as otherwise required by law, (c) to enforce the terms and conditions that govern the platform, (d) and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How long we retain your data
We will retain your EpidSafe Bluetooth data and identity verification information for 30 days from collection on a rolling basis, and all other personal information for the period necessary to fulfil the purposes outlined in this policy and to support other app features you might use, unless a longer retention period is required or permitted by law, or an individual requests that we delete information about them.
How we protect your data
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that we are required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.
What choices you have regarding your data
You can make the following choices regarding your personal information:
- Application: You can stop all collection of information by the app by uninstalling it. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
- Access or correct your information: You may request to review and update the information we maintain about you by submitting a request to support@epidhealthtech.com
- Opting Out of location tracking: If you initially consented to the collection of geo-location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of the app.
Children-Part of Family Network
- We’ll be letting school going children’s symptoms data to be entered into system for the purpose of symptoms tracking with an intent of stop spreading the pandemic. The parents can use the option of adding family group to
Personal information that we collect, use and share
We do not sell personal information. We engage in:
- Directed disclosures: When you use our COVID-19 tracking and contact tracing features, you direct us to share some of your information with other users in order for us to inform them that they may have had contact with the disease, as well as with government agencies to assist in COVID-19 response efforts.
Personal information we collect
Email address, phone number, zip/postal code and government-issued photo ID:
- Sources of personal information: EpidSafe users, automatically collected
- Business / commercial purposes for which we may collect and use personal information: To register user accounts, to verify your identity and diagnosis, to provide our services, to send you marketing and promotional materials about Epid HealthTech, Inc. and EpidSafe
- Data sharing: Directed disclosures of your zip/postal code to government agencies to assist in COVID-19 response efforts
Location information:
- Sources of personal information: EpidSafe users, automatically collected
- Business / commercial purposes for which we may collect and use personal information: To provide our services
- Data sharing: Directed disclosures to other users to inform them that they may have had contact with the disease. This information does not specifically identify you, but could be identifiable to a user who knows you.
Health information:
- Sources of personal information: EpidSafe users, third parties authorized by users
- Business / commercial purposes for which we may collect and use personal information: To provide our services
- Data sharing: Directed disclosures to other users to inform them that they may have had contact with the disease. This information does not specifically identify you, but could be identifiable to a user who knows you; and to government agencies to assist in COVID-19 response efforts
Email interconnectivity, mobile devices, web logs, online activity:
- categories of personal information: Online identifiers, internet or network information, geolocation data
- Sources of personal information: Automatically collected
- Business / commercial purposes for which we may collect and use personal information: To provide our services, to identify you when you visit our app, for internal administrative purposes, to conduct analytics
- Data sharing: N/A
Feedback/support:
- Sources of personal information: EpidSafe users
- Business / commercial purposes for which we may collect and use personal information: To provide our services, to respond to your inquiries, to conduct analytics, for internal administrative purposes
- Data sharing: N/A
Please note that we may also disclose personal information with service providers, and in connection with corporate transactions or legal compliance
Privacy Policy updates
This Privacy Policy is subject to occasional revision. We will notify you of any material changes in its collection, use, or disclosure of your personal information by posting a notice on the Epid HealthTech, Inc. website and within the EpidSafe application.
Contact Us
Feel free to contact us with your questions, requests, comments, or concerns at support@epidhealthtech.com