App Privacy Policy

Overview

The Protect Texas Together App is a mobile phone-based application and corresponding backend that provide tools to help UT students, faculty, and staff stay safe from COVID-19 when the campus reopens. This privacy policy covers how we treat the data that we gather in support of our services. This app has been developed by the University of Texas at Austin ("University" or "we"). By using the app, you acknowledge that you have read and understood the contents of this Privacy Policy.

What information do we collect?

The App provides the ability for you to download all of the data it has collected in a human readable format so that you can inspect the data that is being stored and perform your own analyses. It also allows you to delete all of the data stored on the App and identifiable data that has been transmitted to our server, whenever you wish. Anonymous statistics that you send to us cannot be deleted.

To see more detailed information

The detailed information is in the table below. Clicking each title, the detailed information related to the title will show.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You enter this information when you log in. Authenticate that you are a member of UT community, associate you with your test, room check-ins, PCT consent and activity pass consent. Stored on the device in an encrypted folder and stored in an encrypted server database alongside test, room logging, PCT consent and activity pass records. Log in information is retained on the App until you delete it. Test logs are retained for at most one month and room logs are retained for three weeks in the server database. Yes and no, you can delete App data and room logs using functionality in the settings menu. You cannot delete test logs from the server using the App, but they are autodeleted in accordance with the retention policy. PCT and activity pass consent information cannot be deleted by you. Activity pass clearance information can be deleted by revoking activity pass consent in the settings menu. No.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
Retrieved from the authentication server. Provides additional information for verifying your identity in case you need to be contacted by health care professionals to report the outcome of a test. Stored on the device in an encrypted folder and stored in the encrypted server database alongside test logs Birth date is retained in the App until you delete it. Test logs will be retained on the server until the test has been analyzed and the results reported. This will be at most one month from the date of testing. Yes, you can delete App data using functionality in the settings menu. You cannot delete test logs from the server using the App, but they are autodeleted in accordance with the retention policy. Yes and No. This will always be retrieved and stored locally on the App. It will only be transferred to the backend server if you participate in voluntary community testing.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You enter your language preference in the settings menu. To translate all app text into the preferred language. Stored only on the device in an encrypted folder. Language prefereces are retained on the App until you delete them. Yes, you can delete App data using functionality in the settings menu. Yes, defaults to English.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You enter. To track symptoms to help realize when your symptoms may indicate that you are infected by COVID-19. Anonymous completion statistics will be used to assess compliance. Anonymous symptom information will be used to provide the community with information about the campus symptom load. Stored on the device in an encrypted folder. Anonymous completion statistics and symptom information (not associated with any identifiable information) will be stored in the encrypted database server. Symptom information will be retained on the App until deleted by you. Anonymous completion statistics will be retained indefinitely. Yes and No. You can delete on-App data using functionality in the settings menu. The anonymous statistics cannot be deleted from the server. Yes, using the App and the symptom tracker is not mandatory. But, you may be asked to provide some proof that you have completed COVID-19 screening before entering locations on campus. You will be asked to opt-in to send anonymous statistics about your symptoms.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
Determined by symptom survey algorithm. This status is set after completing your daily symptom survey. Stored on the device in an encrypted folder. Access pass history is retained on the App until you delete it. Yes, you can delete App data using functionality in the settings menu. Yes, using the App and the symptom tracker is not mandatory. But, you may be asked to provide some proof that you have completed COVID-19 screening before entering locations on campus.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You will be asked to sign an on-app consent form if you volunteer to participate in PCT. Your signature will be used to indicate your acceptance of PCT procedures and policies or, in the case of the activity pass, your consent to allow the PTT app to access the last date you took a PCT test and its outcome from University Health Services. Stored on the device in an encrypted folder and stored in encrypted server database. PCT and activity pass consent information will be retained on the phone until you delete it. PCT consent information will be retained on the server until it can be transferred to the PCT authority, at which time it will be deleted from the service. Activity pass consent information will be stored on the server indefinitely, even after consent has expired or revoked by the user. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete consent information from the server using the App, but they are autodeleted in accordance with the retention policy. Yes, you will only need to provide your signature if you volunteer to participate in PCT or if you opt to use the activity pass.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You will be asked to enter this information if you volunteer for PCT. This information will be used for reporting statistics about positive PCT tests. Stored on the device in an encrypted folder and stored in encrypted server database. This information will be retained on the phone until you delete it. It will be retained on the server until it can be transferred to the PCT authority, at which time it will be deleted from the server. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete this information from the server using the App, but it is autodeleted in accordance with the retention policy. Yes, you will only need to provide this information if you volunteer to participate in PCT.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You will be asked to enter this information if you volunteer for PCT and are a student. This will be used to help evaluate campus participation and outreach needs. Stored on the device in an encrypted folder and stored in encrypted server database. This information will be retained on the phone until you delete it. It will be retained on the server until it can be transferred to the PCT authority, at which time it will be deleted from the server. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete this information from the server using the App, but it is autodeleted in accordance with the retention policy. Yes, you will only need to provide this information if you volunteer to participate in PCT.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You will be asked to enter this information if you volunteer for PCT and are employed by the university. This will be used to help evaluate campus participation and outreach needs. Stored on the device in an encrypted folder and stored in encrypted server database. This information will be retained on the phone until you delete it. It will be retained on the server until it can be transferred to the PCT authority, at which time it will be deleted from the server. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete this information from the server using the App, but it is autodeleted in accordance with the retention policy. Yes, you will only need to provide this information if you volunteer to participate in PCT.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You will be asked to enter this information if you volunteer for PCT. This will be used to contact you should you receive a positive test. Stored on the device in an encrypted folder and stored in encrypted server database. This information will be retained on the phone until you delete it. It will be retained on the server until it can be transferred to the PCT authority, at which time it will be deleted from the server. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete this information from the server using the App, but it is autodeleted in accordance with the retention policy. Yes, you will only need to provide this information if you volunteer to participate in PCT.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You enter. To match test IDs with your identity so that you can be contacted with test results for proactive community testing. This information is stored locally on the device so that you can access the test IDs in case you need to inquire about your results. The outcome of tests will not be stored or transmitted using the App or backend server. Stored on the device in an encrypted folder and stored in encrypted server database alongside your EID and birthdate. Test logs are retained on the App until you delete them. wTest logs will be retained on the server until the test has been analyzed and the results reported. This will be at most one month from the date of testing. Yes and No. You can delete on-App data using functionality in the settings menu. You cannot delete test logs from the server using the App, but they are auto-deleted in accordance with the retention policy. Yes, this is collected and stored only if you participate in proactive community testing.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
You enter. For contact tracing, to identify rooms to be thoroughly cleaned should a previous occupant become infected with COVID-19, and to calculate statistics for assessing room utilization. If you become infected with COVID-19 this information may be used to identify others who have been in the same room as you and as a result were potentially exposed to COVID-19, and to notify campus administration that the room may need additional cleaning. If another user becomes infected, your information may be accessed to notify you of a potential exposure. Stored on the device in an encrypted folder and stored in encrypted server database alongside user ID information (UT EID), check-in and check-out times. Retained on the App until deleted by you. Room logs will be deleted from the backend after 3 weeks. Anonymous aggregate statistics (e.g. average number of daily occupants) will be retained indefinitely. Yes, you can delete room logging information from the App and the backend server using functionality in the settings menu. Anonymous statistics cannot be deleted. Yes and No. Some restricted rooms will require some form of logging, and may provide an alternative method to collect this information. Logging access to unrestricted rooms is completely optional.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
University Health Services periodically sends a list of EIDs of users who are cleared for activity pass, the category corresponding to this clearance and the date that this clearance began to the PTT server. Users are only included on this list if they have consented to participate in the activity pass program and if they meet requirements for clearance under this program. Users who consent to the program but who do not currently meet clearance criteria (e.g. haven’t participated in PCT recently or recently had a positive test) will not be included in this list. The clearance category specifies how clearance was determined (e.g. PCT testing, vaccination record), which may impact how long a clearance is valid. To allow easy access to campus spaces and events based on meeting clearance criteria such as participating in PCT and a recent negative test. If you have consented to use the activity pass and are currently cleared, information about your activity pass clearance status will be stored in an encrypted database on the PTT server. Activity pass clearance status information is retained while you are cleared and have consented to the program. This information will be deleted once your clearance expires, your consent expires, or you revoke consent, although records related to your consent and any revocation are retained as explained above. Yes, by opting out of the activity pass feature in the Settings menu. Yes, using the activity pass feature is completely optional but may be needed to access some campus spaces and events.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
Passively collected. Anonymous statistics calculated from location information will be used to assess social distancing behaviors of campus community members. Location information and statistics are stored on the device in an encrypted folder. Anonymous statistics will be stored in an encrypted server database and not associated with your UT EID. Location information and statistics retained until deleted by you on the App for three weeks. Anonymous statistics will be retained on the server indefinitely. Yes, you can delete location information and statistics from the App using functionality in the settings menu. Anonymous statistics cannot be deleted from the server. Yes. Users will be able to separately opt-in to collecting location information and sending anonymous statistics to the server.

How is it collected? Why it is collected? How is it stored? How long is it retained? Can it be deleted by the user? Is this optional?
Automatically collected. If you consent, the number of beacons acquired during 5-minutes windows will be reported to us but will not be linked to your identity. This information will be used to assess the spread of COVID-19 and social distancing behaviors on campus. Number of beacons received will be stored on the App and in an encrypted server database and not linked with you identity. Retained on the app until deleted by you. Number of beacons received will be stored on the server indefinitely. Anonymous statistics will be retained indefinitely. Anonymous statistics cannot be deleted from the server. Yes, you must opt-in to enable the Bluetooth functionality to collect this data and to transmit the anonymous number of beacons received to the server.

How do we process and use your information?

We may process and use the information listed above to support the following purposes:

  • To provide users with services. These services include (1) a symptom diary where you can self-monitor your systems and body temperature; (2) a campus access pass that you can show to others to prove that you have screened yourself for symptoms and are safe to come to campus; (3) functionality to allow you to log your access to rooms on campus; (4) a test tracker that allows you to record identifiers of COVID-19 tests you are administered for proactive community testing; (5) provide you with information about the COVID-19 pandemic, information about current campus policies and how to get medical advice; (6) support your recollection of contacts during a contact tracing interview; (7) enable automated digital contact tracing.
  • To provide the University with certain information, namely your EID, room check-in location, date, and time, for the purpose of logging your entry into rooms on campus to aid in contact tracing. It will also be used to identify rooms entered by infected users so that they can be thoroughly cleaned.
  • To provide users with the ability to consent to participate in proactive community testing.
  • To provide the University with certain information, namely your EID, birth date, test ID for your COVID-19 tests as part of proactive community testing, the corresponding date and time of each test, for the purpose of linking your EID to your test ID. The app does not collect or store the results of these tests.
  • To provide the University with certain information, namely your home address if you are a student, and the primary location of your job duties if you are a University employee, for the purposes of evaluating campus participation and outreach needs.
  • To provide the University with aggregate anonymized information. Through the information collected by the app, we also generate anonymized community reports of social distancing statistics, occupancy statistics for different regions of campus, overall community symptoms, and COVID-19 related behaviors. This information may be shared in aggregate form with the community in general and with the University to support decision making on how to best protect the campus from a COVID-19 outbreak. This information will not be linked to any identifiable information.
  • To continuously analyze the use of our services. We also analyze your use of our features and services as feedback to improve and administer the app, including to provide user support, to develop new features, and to ensure the app and the data it collects remain secure.
  • To comply with legal obligations. We may use data collected to comply with any applicable laws and to defend against legal claims or to exercise our legal rights.

We may also use your information for other purposes disclosed to you; these purposes will be disclosed at the time that we collect the information and the use will occur only with your consent. Such consent, if provided, can also be withdrawn at any time by contacting us through our contact page. Withdrawing consent does not impact the use of the data before consent was withdrawn. You will be able to delete all of the data stored on the App and identifiable room logs stored in the server database, at any time, as described in the table above.

How do we store and protect your information? Who do we share your information with?

We will protect your data from unauthorized access or disclosure using best practice security measures, informed by the particular type of data, the use, and the destination. We store identifiable data in the server database for only as long as it is needed to support the functionality for which it is intended as described in the table above. Anonymous statistics will be stored to support long-term response to the COVID-19 outbreak and future research efforts. Data stored on your phone will be encrypted. Data transfers will be encrypted during transmission using SSL, and data stored by our servers will be encrypted. Multiple users will not be able to use the same App. Once you have logged into the App for the first time, only you will be able to log into the App in the future (using the same credentials as the first login). Logging in using different credentials will delete all of the data previously collected by the App.

What are your rights?

In accordance with applicable law, you have the right to request restriction of our storing and processing your information at any time. You have the right to delete the app or collected data at any time, but you are not able to restrict the further sharing of anonymous data that includes your data. To exercise these rights, you may use in-app functionality to delete your data or send us a request that provides sufficient information for us to verify that you are the person about whom the request is made and describes your request in sufficient detail for us to evaluate it and respond to it.

International transfers

We do not transfer your data outside of the US.

Information about children

The app is not intended for use by any person under the age of 16. We do not knowingly collect or solicit information about children under the age of 16. If we learn we have collected information about a child under 16, we will delete that information as quickly as possible.

Changes to this privacy policy

We may modify this privacy policy from time to time. We will notify you of any changes through an alert sent through the app, via email, or by some other mechanism. If you continue to use the app after such a change, this indicates your acceptance of the revised privacy policy. The use of information collected through the app is subject to the privacy policy in effect at the time the information is collected.

Contact us

Students with questions about how their personal information is used, or who wish to exercise any of their rights, may consult this policy and contact the Dean of Students, an ombudsperson https://ombuds.utexas.edu/, or the office that oversees their primary area of study (major). They may also contact the Registrar's office https://registrar.utexas.edu/.

Faculty may seek assistance from the chair of their department, the Dean of their college or equivalent position, a representative on the Faculty Council or the Provosts' office or an ombudsperson https://ombuds.utexas.edu/.

An employee should contact their immediate supervisor first, and then if necessary proceed up the chain of command. Employees are also free to contact the Ombud's office https://ombuds.utexas.edu/.

For further assistance, please contact University Compliance Services at compliance@austin.utexas.edu or call 512-232-7055, the University's Data Protection Officer, Chris Hutto, chris.hutto@austin.utexas.edu, or the appropriate college, office or department.