The app basically tracks your whereabouts, and where you checked in. It also has a SafeEntry location check-in function. All you need is to tap the SafeEntry button and scan the QR code of the establishment you are entering. Do not forget to check out once you leave.

TraceTogether enables you to be notified if you were in prolonged physical proximity with a COVID-19 infected person.

TraceTogether highlights that the app and token are “privacy-preserving”. And with our consent, it exchanges encrypted and anonymised Bluetooth signals with other TraceTogether devices that pass you by – or are near you for that matter.

Their privacy statement also states the Bluetooth data is securely stored in the device, never shared with the Ministry of Health (MOH) – only when action is taken to upload it. Further, this Bluetooth data that is stored for more than 25 days is automatically deleted from the device.

The identity data stored are:
• Your mobile phone number
• Your identification details (very general)
• A random anonymised User ID e.g. 9I8VPeQeWDofj39c8dPySoUXLqh2

Upon signing up, a random User ID is generated and linked to your mobile phone and identification details – name, NRIC, etc. The justification for the identification details are to assist MOH in contacting the right person in their contact tracing.

Again, your identification details, User ID and mobile phone are said to be stored in a secure server, and never made public. TraceTogether also does not collect data about your GPS location, WiFi or mobile network.

Also, when you are in close proximity with another device that has its TraceTogether app turned on, the devices use Bluetooth to exchange a Temporary ID, which is generated by encrypting the User ID with a private key held by MOH. Meaning, the Temporary ID can only be decrypted by MOH.

What happens if I test positive?
MOH will require you to upload the Bluetooth data for contact tracing. Remember though that only 25 days’ worth of data will be shared because the device will delete data stored for more than 25 days.

What other permissions are required?
The TraceTogether app will need to access to your camera to scan SafeEntry QR codes. According to their privacy page, they will not “access pictures, videos, or files stored on your device” unless you attach these as files.

Can I ask my identification data to be deleted from the servers?
According to their page, yes, you may request for your identification data to be deleted from the servers. That is unless your Bluetooth data has already been uploaded to MOH.

Steps to deleting identification data from their servers can be found in this link https://support.tracetogether.gov.sg/hc/en-sg/articles/360043735713

Will my data only be used for contact tracing?
Bluetooth data shared with MOH can only be used for the purpose of contact tracing, as it should be.

These serious offences laid out in the COVID-19 (Temporary Measures) Act: https://sso.agc.gov.sg/Act/COVID19TMA2020?ProvIds=P111-#P111-. “This protection for personal contact tracing data overrides other legislation.”

Anything else we should know about?
TraceTogether collects anonymised data about your device such as model, app version, etc to help improve the app.