Frequently Asked Questions

What is contact tracing?
Contact tracing is the process of identifying and monitoring contacts of infected people to notify them of their exposure. These contacts can then take steps to quarantine and get tested to reduce the spread of disease. 

How can contact tracing help slow down COVID-19?
Smartphones can be an important part of slowing down the pandemic as they offer an automated way to know when a person is exposed to someone who has tested positive for the virus. 

How does CrossTracer ensure privacy and security?
No location data is tracked, the app uses via Bluetooth-based contact tokens that change every 10 minutes. Data does not leave the device unless there is a need to notify contacts to report a diagnosis. When this occurs, there is no personal identifying information sent to the server.  

Will the government have access to information through contact tracing?
CrossTracer does not interface with any government agencies. 

Where is contact tracing data stored and who can see it?
Contact tracing data is only stored on a user’s device. Employers or public health authorities will be able to see the anonymized data for those who have tested positive for COVID-19 and those that receive exposure notifications. Data will also include the day the contact occurred and the strength of the Bluetooth signal. 

How close does a user have to be with another device for a contact token to be exchanged? 
Two phones with CrossTracer will exchange contact tokens when there is a Bluetooth connection. Bluetooth range can vary depending on a number of factors like outside vs inside, type of device, etc.  Within normal situations, contact tokens will be exchanged in a device is within 100 feet or so. CrossTracer calculates the approximate distance using signal strength and only stores tokens that are within the allowed distance.

If I test positive and I update my diagnosis in CrossTracer, what information is sent to others? 
When someone tests positive and reports a diagnosis in CrossTracer, all of the contact tokens from the user’s last two weeks are uploaded to the server. That information is then sent to the other CrossTracer phones. The app then checks to see if those contact tokens of that infected person match their tokens. 

What is the purpose of the QR code?
Trusted Healthcare Providers can sign up to be part of the CrossTracer Provider Network. Healthcare providers can report a diagnosis for a patient who has the CrossTracer app. The provider scans the patient’s QR Code to report the diagnosis. 

What app permissions does the app ask for in addition to Bluetooth?  Are these permissions required or optional?
The app needs permission from the user to use Bluetooth, to send local notifications, and to use the camera (for providers only). Bluetooth is required for the app to function properly. Notifications are not required but recommended. 

What personal information does the app require?
We do not capture any personal information. 

Who has access to the information we collect?
Only specific individuals in our operations department have access to the data. 

Is any of this data shared with any other parties?
Currently, data is not shared with other parties. 

Beyond the permissions already described, what other disclosures and user consent steps does the app contain?
Please see our privacy policy and terms of use. 

Will you be transitioning this app to use the Apple and Google’s Exposure Notification APIs?
Yes, in the future we will use the Exposure Notification APIs. 

Why would a company need contact tracing for their employees? 
Using CrossTracer, your employees can quickly identify their risk to any positive COVID-19 cases. They can then isolate to contain the spread. Companies who have a comprehensive contact tracing program can provide assurances to customers and partners that the organization is taking steps to reduce risk and impact. 

Is this platform HIPAA compliant? 
Yes, we do not capture or track personal health information so it is HIPAA compliant. 

How do you handle a request for deleting a user’s information? 
We do not store user’s information on the server so there is no information to delete.