Link to mContain Terms of Use

mContain Privacy Notice

Last updated and effective as of May 11, 2020.

The Center of Excellence for Mobile Sensor Data-to-Knowledge at the University of Memphis (MD2K, we, us, or our) is committed to protecting the privacy and security of the information we collect, use, share, and otherwise process. We also believe in transparency and are committed to informing you about how we collect, use, share, and otherwise process your information when you use our Platform.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF THERE ARE TERMS IN THIS POLICY THAT YOU DO NOT AGREE WITH, YOU ARE EXPRESSLY PROHIBITED FROM USING THE PLATFORM AND YOU MUST DISCONTINUE USE IMMEDIATELY.

IN THE EVENT OF A MEDICAL EMERGENCY, PLEASE CALL EMERGENCY SERVICES. THE PLATFORM IS INTENDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT DESIGNED OR INTENDED FOR USE IN THE DIAGNOSIS OR TREATMENT OF DISEASES OR OTHER CONDITIONS. WE DO NOT AND CANNOT PROVIDE MEDICAL ADVICE. NO CONTENT PROVIDED IS INTENDED TO SERVE AS A SUBSTITUTE FOR MEDICAL ADVICE. PLEASE CONSULT YOUR HEALTHCARE PROVIDER PRIOR TO MAKING ANY DECISIONS RELATED TO YOUR HEALTH.

THE PLATFORM IS INTENDED FOR USERS 18 AND OVER, OR 13 AND OVER WITH THE PERMISSION OF A PARENT OR GUARDIAN, AND RESIDING IN THE UNITED STATES. THE PLATFORM IS NOT TO BE USED BY RESIDENTS OF OTHER LOCATIONS, INCLUDING THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA.

This Privacy Policy applies only when you use the Platform. It does not apply to other interactions with MD2K or the University of Memphis.

We may make changes to this Privacy Policy. We will alert you about changes by updating the “Last updated and effective as of” date and by displaying on the Website, for 30 days after changes are made, a notice stating that the Privacy Policy has been updated. You will not receive specific notice of each change. It is your responsibility to periodically review the Website and this Privacy Policy. You are subject to the changes by continued use of the Platform.

ABOUT THE PLATFORM

The Platform is the online service and mobile application offered by MD2K. It includes the mContain mobile application (Mobile App) and associated websites (mcontain.com, mcontain.info, mcontain.org, and mcontain.md2k.org) (Website), together with any associated software applications, database structures and queries, interfaces, tools, and the like, together with any and all revisions, modifications, and updates thereof as made available by MD2K.

The Platform was developed by MD2K in response to the COVID-19 pandemic.

How does the mContain application work? When you download and launch the Mobile App, your device will be assigned a random code for purposes of the Mobile App, i.e., your “mContain ID.” Throughout the day, the Mobile App will track your device’s movements and record time-stamped GPS data about your device’s location, even when the Mobile App is not open. The location and time data will be assigned to your mContain ID, but we do not know the identity of the user, nor will we attempt to determine the identity of the user.

You should only use the Mobile App on one device, and you should not manipulate or falsify your location data. Please do not permit another individual to use your device while the Mobile App is tracking location. You are responsible for informing those traveling with you that location information is being recorded via the Mobile App.

Can the mContain application be used by anyone? No. The Mobile App may only be used by residents of the United States who are at least 18 years old or are at least 13 years old with a parent or guardian’s permission.

How can the Platform help the community? The Mobile App allows users to share valuable information about their physical proximity to other Mobile App users so that we can help identify areas of social crowding (i.e., areas in which multiple people are gathered in a single location at one time). Information about social crowding will be shared as anonymous, deidentified, or aggregated data (i.e., no one person is identified) via the Website to help determine ways to slow down or prevent the spread of COVID-19. Social crowding maps that show user density by time of day will be accessible via the Mobile App and the Website.

How can the mContain application help users? The Mobile App provides users with information about possible exposures to COVID-19 and can help with anonymous contact tracing.

If a user instructs his/her health care provider to share with us the results of his/her COVID-19 test and his/her mContain ID, we will record that data in the mContain database. If the user’s results are positive for COVID-19, the Mobile App will then notify all other Mobile App users whose devices were in physical proximity (within six feet) at the same time (approximately 10 cumulative minutes in a given day) during the incubation period (as specified by the U.S. Centers for Disease Control and Prevention (CDC)) with the Mobile App user who tested positive for COVID-19. The incubation period is currently defined to be 5 days prior to the positive test through 21 days after the positive test.

Notification occurs once a day via the Mobile App and will not identify the Mobile App user who tested positive, the location at which the encounter occurred, or the time at which the encounter occurred.

However, if a Mobile App user had contact with only one or two people on the date for which he/she received a notification, it may be possible for the Mobile App user to identify the Mobile App user who tested positive.

In addition, the Mobile App and Website provide users with web links to basic guidelines from the CDC and other governmental health agencies with respect to avoiding exposure to COVID-19 and steps to take if you believe you may have been exposed to COVID-19.

How are Test Results shared with mContain? If you go to a medical provider for COVID-19 testing, you can choose to sign a HIPAA Authorization form, or the applicable medical release form for your state, to allow your medical provider to disclose your mContain ID and the results of your COVID-19 test to us in order to help monitor the community spread of COVID-19. If you choose to share that information with us, we will store the test results with the mContain ID in the mContain database for the expected duration of the patient recovery time (21 days from the test date). The data may then be archived as described below.

COLLECTION OF INFORMATION

We collect and process the following information:

Category Description of Data and Purposes
mContain ID Each device is assigned a random code by the Mobile App. The mContain ID is not based on your name or contact information, and we do not try to identify you individually. In the event you uninstall the Mobile App and subsequently reinstall it, your mContain ID may change, depending on the type of device you are using (Android devices will retain the same mContain ID unless the device is factory reset; Apple iOS devices will assign a unique mContain ID for each install of the Mobile App).
Time Stamp and Location Data Throughout each day, the Mobile App will track your device’s movements and record time-stamped GPS data about your device’s location, even if the Mobile App is not open. The Mobile App uses a combination of Bluetooth beacon technology, GPS services, Wi-Fi services, and cellular tower triangulation to record your GPS location coordinates. The location and time data will be assigned to your mContain ID and the location data may reveal the places that a particular mContain ID spends time (e.g., home or work address), but MD2K will not make any efforts to identify the user.
COVID-19 Test Results If you go to a medical provider for COVID-19 testing, you can choose to sign a HIPAA Authorization form, or the applicable medical release form for your state, to allow your medical provider to disclose your mContain ID and the results of your COVID-19 test to MD2K. If you choose to share that information with us, we will store the COVID-19 Test Results and the mContain ID in the mContain database for the expected duration of the patient recovery time (21 days). The data may then be archived as described below. We rely on the medical provider to provide, and help you complete, the applicable form. We do not verify that the proper form was completed as this would allow us to identify the user.
Usage Information When you use the Website, but not the Mobile App, we collect information from your device, which includes the date and time of your access, your location, your Internet Protocol (IP) address, your device type, and your device identifier.
Device Permissions The Mobile App stores the following device permissions:
• Location. When you use the Mobile App, you may grant us permission to collect real-time information about the location of your mobile device. Location services are needed to effectively use the Mobile App. Location services will be enabled even when you are not actively using the Mobile App unless you disable Location and Bluetooth permissions.
• Push Notifications. When you use the Mobile App, you may grant us permission to send you push notifications on your device. We may send a push notification to alert you of a notification in the Mobile App.
Device permission requests are limited to those that are necessary to effectively implement the Mobile App. You may change your preferences by changing the settings on your device but changing permissions may cause the associated features to be disabled in the Mobile App, thus reducing or eliminating its usefulness.

USE OF YOUR INFORMATION

We may use the information described above in order to:

  1. identify areas of social distancing and crowding,
  2. facilitate anonymous contact tracing,
  3. monitor the spread of COVID-19,
  4. analyze and determine ways to slow down or prevent the spread of COVID-19,
  5. coordinate with health authorities regarding COVID-19 response,
  6. operate, support, and improve the Mobile App and Website, including evaluations of functionality and features,
  7. provide you with the services, content, and functionality you request,
  8. honor our contracts and grants,
  9. recognize your device and remember your interactions,
  10. analyze use of our Mobile App and Website and prepare aggregate traffic information,
  11. conduct research and analytics regarding the data described above after the COVID-19 pandemic has subsided,
  12. evaluate how this initiative may have impacted public health,
  13. evaluate how to improve future pandemic responses,
  14. comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities,
  15. cooperate with law enforcement agencies,
  16. comply with federal, state, or local laws,
  17. exercise or defend legal claims, and
  18. create anonymous, deidentified, or aggregate data for our research purposes.

DISCLOSURE OF YOUR INFORMATION

We may disclose your information as follows:

Category Description of Data and Purposes
Via the Mobile App If you are a Mobile App user, you have tested positive for COVID-19 within the last 21 days, have chosen to share your results with us, and your device has been in physical proximity (within six feet) at the same time (for approximately 10 cumulative minutes in a given day) with any other Mobile App user(s), at some point during that day, the other user(s) will be notified that the other user(s) spent more than the minimum amount of contact time during the incubation period (as specified by the CDC, currently 5 days prior to the positive COVID-19 test through 21 days after the positive test) with a Mobile App user who tested positive for COVID-19 and has chosen to share the results with us.
The notification to the other user will not identify you, the location at which the encounter occurred, or the time at which the encounter occurred, but if the other user only spent such amount time with you during that day, it’s possible the other user could identify you.
Via the Website We will share, via the Website, aggregated data collected via the Mobile App regarding social crowding. The Website will include a publicly available map identifying population aggregates and showing trends in social distancing and crowding.
Public and Government Officials We will share aggregated data collected via the Mobile App regarding social crowding with the public, which includes government agencies and officials.
Transfer of Data to Successor Entities In the event of a merger, divestiture, restructuring, reorganization, dissolution, or other transfer of The University of Memphis, your information will transfer to the successor entity.
Legal Obligations and Rights (Subpoenas, Court Orders, and Warrants) We may disclose your information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our legal rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our Terms of Use.
Service Providers We may share information with our service providers that need access to the information to provide operational or other support services on our behalf. Among other things, service providers help us to administer the Mobile App and Website, support our provision of services requested by you, provide technical support, and assist with other legitimate purposes permitted by law.
Professional Advisors We may share information with our insurers and other professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf.
Anonymous, Deidentified or Aggregated Data We may disclose anonymous, deidentified or aggregated information, i.e., information that does not identify any specific individual, such as groupings of location and time data or aggregate population movement data, at our discretion.

RETENTION OF INFORMATION

We will retain and use data collected in connection with the Mobile App and Website for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business/research requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements. However, we will only store the received COVID-19 Test Results with the mContain ID in the mContain database for the expected duration of the patient recovery time (21 days from the test date).

In the future, information collected from the Mobile App will be archived. The archived data will be used to evaluate the Mobile App, how this initiative may have impacted public health, and how to improve future pandemic responses.

We may delete information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active servers and databases; however, it may remain in our archives when it is not practical or possible to delete it.

To the extent permitted by law, we may retain and use anonymous, deidentified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement.

TRACKING TECHNOLOGIES

When you use the Website, but not the Mobile App, we utilize Google Analytics to collect information from your device, which includes the date and time of your access, your location, your Internet Protocol (IP) address, your device type, and your device identifier.

However, we do not utilize online tracking technologies (such as cookies). Therefore, we do not currently recognize or respond to browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities.

THIRD PARTY CONTENT

The Mobile App and Website contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Mobile App and Website, it may not be clear to you which links are to external, third-party resources. If you click on an embedded third-party link, you will be redirected away from the Mobile App or Website to the external third-party resource. You can check the URL to confirm that you have left our Mobile App or Website.

Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by, or the content and media provided by, any third parties or their websites, (2) control third parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links in the Mobile App or the Website.

Any personal information provided by you or automatically collected from you by a third party will be governed by that party’s privacy policy and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy policy and practices applicable to each linked website.

SECURITY OF YOUR INFORMATION

We have put reasonable security measures in place to protect the information that you share with us from being accidentally lost, used, altered, disclosed, or accessed in an unauthorized manner. We provide physical, electronic, and procedural safeguards to protect the information that we process and maintain. For example, information is encrypted while in transit and at rest on our systems. We periodically review our security procedures to consider appropriate new technologies and methods.

While our security measures seek to protect the data in our possession, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information you transmit to or from the Mobile App or the Website. Your use of the Mobile App and/or the Website are at your own risk. We cannot guarantee that data will remain secure in all circumstances.

In the event of a breach of your data, as defined by your state law, we will notify you per applicable state law.

OPTIONS REGARDING YOUR INFORMATION

Please use the “Contact Us” details provided at the end of this Privacy Policy to exercise your options.

Accuracy and Updating Your Information./span> If you believe an incorrect test result has been provided, please have your health care provider contact us (but only identify you by your mContain ID). We are not capable of correcting inaccurate location data.

Disassociating Test Results./span> If you signed a HIPAA Authorization Form, or an applicable state medical release form, allowing your medical provider to disclose your mContain ID and the results of your COVID-19 test to us and have since changed your mind about allowing the disclosure, contact the Privacy Officer for your medical provider’s office. If the information has already been released to us, we will not be able to disassociate the test result from the mContain ID, but the information is only retained for 21 days following the test result. You may, however, uninstall the Mobile App to stop future data collection from you and notifications to other users about interactions with you.

Stopping Data Collection. To stop data collection, uninstall the Mobile App from your device(s) and cease accessing the Website. At that point, the Mobile App will no longer be able to collect information from your device(s). We will, however, retain all information previously collected in accordance with this Privacy Policy.

POLICY FOR CHILDREN

We do not knowingly solicit any information from or market to children under the age of 13. If you become aware of any information we have collected from a child under the age of 13, please contact us.

CONTACT US

You may contact us at:

Office of Legal Counsel
University of Memphis
201 Administration Bldg,
Memphis, TN 38152
901-678-2155

Unless necessary, please do not provide us with your name, contact information, mContain ID, or any health information.

© 2020 MD2K Center of Excellence. All rights reserved.
The MD2K Center of Excellence was established via a grant (#U54EB020404) from the National Institutes of Health (NIH), through funds provided by the trans-NIH Big Data-to-Knowledge (BD2K) initiative, and is administered by the National Institute of Biomedical Imaging and Bioengineering (NIBIB). MD2K is currently supported by NIH grants U54EB020404, R01CA190329, R01DE025244, R01MD010362, R00MD010468, R24EB025845, R01CA224537, and U01CA229437. MD2K is also supported by the National Science Foundation (NSF) grants ACI-1640813, IIS-1722646, and CNS-1823221.
mContain@md2k.org