About CA Notify
CA Notify allows users to send and receive notifications of a potential high-risk exposure to COVID-19, in a privacy-preserving manner. The notifications will include instructions on next steps to take.
The exposure notifications are intended to complement the conventional contact tracing efforts undertaken by local public health authorities involving contact by a caseworker.
How it works
CA Notify does not collect or exchange any personal information, as defined in the California Information Practices Act, of the user to receive notifications.
The mobile devices of users share anonymous keys (randomly generated strings of numbers) via Bluetooth. The only data used are the anonymous keys, Bluetooth signal strength (proximity), and date and duration of exposure. These data are not linked to a user’s identity or location. Each user’s keys change frequently to further protect their identity. These data are stored only on the user’s own device and are never shared unless and until the user has a positive COVID-19 diagnosis and elects to share this information within the system. The data are stored for a period of 14 days and then automatically deleted. Once deleted the data cannot be restored.
A user who tests positive for COVID-19 may choose to notify other CA Notify users who have been near the user. To trigger such notification, the COVID-19 positive user must enter a valid verification code provided by the CDPH, CA Notify call center, local public health authority, or other provider authorized by CDPH.
Several times a day, the app downloads a list of all the anonymous keys associated with positive COVID-19 cases that have elected to share their keys. The user’s device checks these keys against the list of keys it has encountered in the past 14 days. If there is a match, and the date, duration, and proximity align with the public health authority’s risk model to indicate a possible exposure to the virus, the user will receive an exposure notification.
The notification will inform the user of the date of exposure and instructions on what to do next.
Our partner, the Association of Public Health Laboratories (APHL), collects certain data to monitor the stability of its servers. This includes a device’s IP address, which is retained for 14-days, or, in the case of a critical incident, up to 30 days and access to which is strictly limited and used for system error diagnostics.
Additional information from APHL in relation to the National Key Server and Multi-Tenant Verification Server (PDF).
Our partner, the University of California San Diego (UCSD), maintains the CA Notify Exposure Notification website, a link to which is provided should a user receive an exposure notification. The UCSD webserver collects a device’s IP address, access to which is strictly limited, to use for system error diagnostics. The addresses are retained in accordance with the standards set forth by the National Institute of Standards and Technology.
In addition, UCSD uses Google Analytics to track website statistics. The CA Notify Exposure Notification website has IP Anonymization turned on, which means for statistical analysis purposes, a device’s IP address is collected in temporary storage. It is then anonymized by removing the last digits of the IP address. The anonymized IP addresses are saved to the permanent storage and the non-anonymized addresses are deleted as soon as anonymization is complete. Consequently, no personally identifiable information, which directly identifies you or your device is being stored at Google via the utilization of Google Analytics.
Find out more about Google Analytics’ Data Privacy and Security.
User consent & choices
Using the system
CA Notify has the potential to help stop the spread of the infection and its use is highly encouraged, but it is completely voluntary.
Users may turn the system on or off at any time, or uninstall the app on an Android device. The system does not collect, track or store users’ location, GPS information, or personal information.
Disabling exposure notifications
Users may disable CA Notify at any time by uninstalling the app (Android), turning off the feature (iOS), turning off the mobile device, or turning off the Bluetooth function. If the user uninstalls or deactivates CA Notify all keys currently stored on the device will be immediately deleted.
Generating exposure notifications to other users
Providing notification to other users is also completely voluntary. If a user tests positive for COVID-19, and chooses to notify others, the user must enter a positive test verification code to release the anonymous keys stored on the mobile device. The user will also be asked to enter a date of symptom onset, if applicable. If available, symptom onset date is used in the risk model to narrow down what other users should receive an exposure notification. Finally, the user is prompted to consent to alert others. When anonymous keys are released, the notifications that may be generated do not disclose the COVID-19 positive user’s identity, location, phone number, or any other personal information.
The exposure notification includes the date of the exposure, but the COVID-19 positive user’s identity is not shared. Sharing the exposure date is important to ensure the right precautions (such as self-quarantine) are taken for an appropriate amount of time based on the exposure date. It is possible that someone who receives an exposure notice could guess the identity of the COVID-19 positive individual, if they had a limited number of contacts on a given day.
A verification code is required to share a positive test result in the system. This ensures that only verified positive test results are used to generate exposure notifications. Verification codes may only be generated by the CDPH, the CA Notify call center, local public health authorities, or other provider authorized by CDPH to issue codes.
Sharing of information
The following categories of de-identified data may be processed and collected by CA Notify:
- Installing and deleting the app (Android only)
- Enabling and disabling exposure notifications
- Receiving an exposure notification
- Entering a verification code to send anonymous keys
- Anonymous keys that have been voluntarily shared
The data may be used to monitor system usage, as well as for performance evaluation and statistical or scientific research purposes. The data may also be shared with local public health authorities and the University of California. This information will not include any personal or location information, nor can it be used to identify any system user.
CA Notify is not intended for children under the age of 13. Users between the ages of 13 and 17 can only use the system after the parent or legal guardian has reviewed and provided consent.
California Department of Public Health
PO Box 997377, MS 0500
Sacramento, CA 95899-7377
CDPH Conditions of Use