Last updated April 2, 2020
Thank you for choosing to use the Novid service, app, and website (collectively, the “Services”) offered by Expii, Inc. (“we” or “us”, or “our”). We are committed to protecting your personal information and your right to privacy.
Random user ID and password
When you first install the app, we generate a random user ID and password to identify your device. The user ID and password allows us to detect when your device is in proximity to other devices with the app. We also generate a notification token that is unique to your copy of the app, which we use to provide notifications. We do not link the random user ID, password, or notification token to other information that could identify you or your device, such as your name, email address, or device ID (i.e., the Identity for Advertisers on Apple devices, or Google Play Services ID on Android devices), unless you choose to submit such information to us. For example, if you choose to request e-mail notifications, the e-mail address you provide will be linked to your random user ID.
We collect information such as your device make and model, OS version, language preference, and information about Bluetooth and sonic signals, to help troubleshoot and improve the Services. The information we collect about sonic signals does not include audio recordings.
When the app senses a nearby device running the app (a “Contact”), we collect information about the time and proximity of the Contact, as well as an alias ID provided by the nearby device. The nearby device does not provide its actual user ID, and the linkage between alias ID’s (which change over time) and actual user ID is only stored on our servers. This information enables us to provide and improve the app functionality, such as information about Contacts and notifications. We do not collect location data, such as latitude and longitude.
App usage information
We may collect information about how and when you use the app and features within the app, in order to help improve our Services.
Like many websites, our website may collect information from website visitors through cookies and similar technologies to help us customize and improve our Services.
When a Contact occurs, your random user ID is encrypted and sent to the other user’s device, and their encrypted random user ID is sent to your device. No other identifying information is exchanged. However, note that in certain circumstances the other user may be able to determine who you are based on the time of the Contact (e.g., if over the past week, you were the only person they were in close contact with).
When you report a positive test result, we inform users that they had a direct or indirect Contact with someone with a positive test result, based on criteria such as time and proximity of the Contacts. We do not provide your user ID to those users. However, note that the other users may be able to determine who you are based on the time of the Contact.
Service providers and processors
De-identified and aggregate information
We may share or publish aggregate information that doesn’t identify you, such as statistics about users and Contacts. We may also share de-identified information with third parties such as public health officials or researchers.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
We may transfer your information to the United States or other countries where we operate.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
You may request a copy of your information or delete your information at any time. We will respond in the time required by the laws in your jurisdiction. Our service is designed for use in the United States of America, and we will have limited ability to respond to privacy inquiries from outside the United States of America.
Your anonymous unique identifier is required for NOVID
To request a copy of your information, please send an email to email@example.com with subject line "Requesting Info: My ID".
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws and to reflect changes in the way the Services operate.
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org.