Data protection
Zone Check is based on the DP-3T standard which allows you to record infection-relevant contacts completely anonymously by using Bluetooth Low Energy (BLE). Generated data is only stored decentrally on the mobile device of the user. The app is based on separate native app developments for Android and iOS. The software and hardware architecture meets the highest data security standards and thus complies with the following principles:
The core functionality of the app is the contact scanner which is based on an anonymous ID exchange between the apps of two users. The functionality is illustrated in the graphic below.
If the contact scanner is activated on two devices, the app recognizes the other device via BLE and the User IDs are exchanged and stored locally. This exchange takes place when the persons were less than 2 meters away from each other and were in contact for at least 15 minutes. New User-IDs are generated decentrally by the app every 15 minutes.
If a person tests positive for COVID-19 and updates this information in the app, the IDs of the last 14 days are sent to the backend and from there they are broadcasted to the other relevant users. The app then compares the IDs on the end devices decentrally with those of the recorded contacts. Only the anonymous User-IDs of infected persons are temporarily (i.e. for 14 days) recorded on a central server. In the event of a match, users receive a push message about the contact with an infected person, including time and duration.
Users are asked to enter their current health status in the app. You can choose between four options: Healthy, symptoms of illness, COVID-19 infected, cured by COVID-19 or immune. The information is stored locally and only if you enter a COVID-19 infection, the decentrally generated anonymous User-IDs of the last 14 days (and - if shared with the app - the current region) are transmitted to the backend (see above).
In addition to this, users can fill out a health questionnaire on a regular basis. Overall, only with explicit consent of the user health data is made available to authorities and official research institutions in anonymized form and aggregated with those of other users. The data is stored anonymously on a server of the German Research Center for Artificial Intelligence (DFKI).
Zone Check offers users the possibility of sharing their location data to obtain site-specific relevant information and advice. However, the location data remains on the mobile device. The app only pulls the information that is played out from the backend for the region onto the user's device. The current location is used, but no transaction data is stored.
The use of your location data to identify infection hotspots (crowds) by public authorities also requires your active consent. In addition, location data is only collected when you move around. Thereby the location, speed and direction of movement (every 30 seconds by default) are recorded. This data is anonymized, aggregated and stored on a German server, which can only be read by the app's development team using special software. Users also have the option to save their location data only locally at first and can then - e.g. in the course of an infection with COVID-19 - provide their location data of the last 14 days anonymously afterwards.
