Last Updated: August 13, 2020

Privacy | Supplemental Terms

Contact Tracing Privacy Policy

Citizen’s mission is to keep you safe and informed.

At Citizen (as in sp0n, Inc the company that operates the Citizen mobile app and, our stance is that we will only use and share your data for the limited purposes described in this privacy policy. We do not and will not serve advertisements.

See Privacy at Citizen for additional information if you use other Citizen app features.

About Citizen’s COVID-19 Contact Tracing features

  • We have created the Contract Tracing features of the app to help contain the spread of COVID-19, prevent flare-ups after the peak, and lift lockdowns sooner.  Contact tracing, paired with rapid testing, is a way to keep track of the spread and allow the country to slowly reopen.
  • Citizen is uniquely positioned to drive immediate distribution of contact tracing technology in the US, including major metropolitan epicenters of the pandemic.
  • Our mission is to keep users safe and informed without compromising users’ control of their personal information. 
  • We have deep community engagement, used by a significant percentage of each city including citizens, police and fire department personnel, and city officials.
  • We will never sell your personal information to third parties or proactively share your personal information with the government without your consent.
  • We separately maintain the information we collect to support the Contract Tracing feature – your bluetooth data and COVID-19 information; this information is not stored with any other information we maintain about you in connection with your use of other Citizen app features.

Your use of the Citizen app is voluntary. You can at any time direct us to delete your personal information by emailing your request to 

We may need to modify our privacy practices to comply with legal requirements, such as court orders or subpoenas.

Our principles for protecting your data

  • We record the information we need to provide our services: Tracking COVID-19 and informing you if you have had contact with a user who has tested positive for the virus, and to direct you to obtain testing if necessary.  
  • We involve as few third-party service providers as possible when touching your data. The third parties we work with have contracts in place to prohibit reuse or sale of your data.
  • We generally limit access to your data to a subset of the engineering team. We have specific systems to control data access, and all access is logged and regularly audited. We perform a privacy review for all new features.
  • We take protecting your location data seriously. We need accurate real-time location data and location history to alert you and others of any contact you may have had with somebody who has tested positive for COVID-19. We will delete your bluetooth and GPS location data 30 days after collection.
  • We test the stability and security of our infrastructure, including annual penetration testing and review of our security systems and their configuration. We use an information security firm to provide these services under a strict non-disclosure agreement. 
  • Our services are designed to inform you of any potential contact with the virus, and to assist you in obtaining testing for the disease. We can only provide those services in certain areas, so if you are located outside of one of those areas, the services may not work for you. We only provide our service in the United States, so we apply U.S. law to our privacy practices.

Your data 

  • Contact information: We use your email address and phone number to set up and validate your user account, to communicate with you, and to prevent abuse of the platform. We may also send you emails about Citizen – you can choose to opt out of any marketing emails by following the instructions at the bottom of the email, but we may still send you some important emails, such as to respond to a question, feedback, or request you send us. You may provide your zip or postal code to allow government agencies with which we partner to track COVID-19 outbreaks.
  • Identity verification information: When a user submits their COVID-19 diagnosis to us to enable tracing, we may request a copy of the user's government-issued ID or use other means to verify the user's identity to protect our community against platform abuse and fraud. We will delete your identity verification information within 30 days from collection.
  • Health information: You may choose to share your health information or authorize a third party to share your information with us.
  • User locations: We use your device’s GPS and Bluetooth signals to determine your location; we need to use both technologies to identify your proximity to other users within nearby proximity, based on CDC social distancing guidance. You choose whether to share your location, and can always revoke Citizen’s access to your location data in your device settings, but the app will not function if the app can't access location data.
  • User activity: We aggregate user activity data (like how you interact with Citizen, what times you use Citizen, what kind of device you have, etc.) for analysis to improve Citizen’s user experience. 
  • Cookies: Like many online services, Citizen uses cookies to collect information on its website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to tailor your experience with Citizen.  

How we share your information

We may share your data with service providers, such as:

  • Branch: Branch allows us to attribute when content is shared from Citizen to the platform and source.
  • Twilio: Twilio allows us to send you a SMS message to validate your account.
  • Google Cloud Services: We use Google to host our infrastructure.

We only partner with service providers that commit to use the information only to provide services to or on behalf of Citizen.

We will alert users who were within nearby proximity of an affected user during the preceding 30 days. These users will see a location on the map where the contact occurred. While this information does not identify you, there are circumstances when a user could identify you based on the location. For example, this may occur if a user knows you personally and recalls that they met you at the location we specify on the map.

We may share aggregated location data for the purpose of combating COVID-19 with government agencies and public health organizations. 

We may share your personal information with government agencies with your consent.  For example, we may conduct COVID-19 symptom surveys on behalf of a state or city government agency, and share survey responses with the agency.

We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction involving the sale, transfer, divestiture, or disclosure of all or a portion of Citizen’s business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If Citizen’s company, business or assets is acquired by another company, that company will possess the personal information collected by Citizen and the company will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

We may share personal information (a) with law enforcement as we’ve explained in the Information for Law Enforcement Authorities, (b) as otherwise required by law, (c) to enforce the terms and conditions that govern the platform and protection our rights, (d) and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How long we retain your data

We will retain your bluetooth data, GPS location data and identity verification information for 30 days from collection on a rolling basis, and all other personal information for the period necessary to fulfill the purposes outlined in this policy and to support other Citizen app features you might use, unless a longer retention period is required or permitted by law, or an individual requests that we delete information about them. 

How we protect your data

Citizen uses reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while Citizen strives to protect your personal information, we cannot guarantee the security of personal information. In the event that Citizen is required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.

What choices you have regarding your data

You can make the following choices regarding your personal information:

  • Cookies. If you decide at any time that you no longer wish to accept cookies from Citizen for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all or portions of Citizen or all functionality of Citizen. If you have any questions about how to disable or modify cookies, please let Citizen know at the contact information provided below.
  • Application. You can stop all collection of information by the Citizen application by uninstalling the application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
  • Do-Not-Track. Some web browsers transmit “do not track” signals to the websites and other online services with which your web browser communications. There is currently no standard that governs what, if anything, websites should do when they receive these signals. Citizen currently does not take action in response to these signals. If and when a standard is established, Citizen may revise its policy on responding to these signals.
  • Access or correct your information. You may request to review and update the information Citizen maintains about you by submitting a request to
  • Opting Out of location tracking. If you initially consented to the collection of geo-location information through Citizen, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to Citizen’s collection of location information, you may no longer be able to use some features of the app.


Citizen is not directed towards individuals under the age of 13, and Citizen does not intentionally gather personal information about visitors who are under the age of 13. Furthermore, Citizen does not intentionally allow visitors under the age of 18 to register for the app. If a child under 13 submits personal information to Citizen and Citizen learns that the personal information is the information of a child under 13, Citizen will attempt to delete the information as soon as possible. If you believe that Citizen might have any personal information from a child under 13, please contact Citizen at: Attn: sp0n, Inc., PO Box 55071 #92726, Boston, MA, 02205-5071, US.

Job applicants

When you visit the “Careers” portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on Citizen; (b) to protect and defend the rights or property of Citizen or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Citizen’s Terms of Use.

Notice to California users

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of their personal information. 

This notice and the privacy rights it describes do not apply to information related to our business contacts, job applicants, or employees. 

Personal information that we collect, use and share

The chart below describes how we currently collect, use and share personal information, and how we have collected used and shared personal information over the past 12 months. 

We do not sell personal information. We engage in: 

  • Online tracking. As we explain above, we use cookies and other tracking technologies to analyze website traffic and facilitate our own advertising across the web. If you would like to learn how you may opt out of our use of cookies and other tracking technologies, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
  • Directed disclosures. In addition, when you use Citizen’s COVID-19 Contact Tracing, you direct us to share some of your information with other users in order for us to inform them that they may have had contact with the disease, as well as with government agencies to assist in COVID-19 response efforts.

Personal information we collect

Email address, Phone number, Zip/Postal Code and Government-issued photo ID:

  • CCPA-defined categories of personal information (Definitions are available here): Identifiers
  • Sources of personal information: Citizen users, automatically collected
  • Business / commercial purposes for which we may collect and use personal information: To register user accounts, to verify your identity and diagnosis, to provide our services, to send you marketing and promotional materials about Citizen
  • Data sharing: Directed disclosures of your zip/postal code to government agencies to assist in COVID-19 response efforts

Location information:

  • CCPA-defined categories of personal information (Definitions are available here): Geolocation data
  • Sources of personal information: Citizen users, automatically collected
  • Business / commercial purposes for which we may collect and use personal information: To provide our services
  • Data sharing: Directed disclosures to other users to inform them that they may have had contact with the disease. This information does not specifically identify you, but could be identifiable to a user who knows you.

Health information:

  • CCPA-defined categories of personal information (Definitions are available here): Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) and protected classification characteristics under California of federal law.
  • Sources of personal information: Citizen users, third parties authorized by users
  • Business / commercial purposes for which we may collect and use personal information: To provide our services
  • Data sharing: Directed disclosures to other users to inform them that they may have had contact with the disease.  This information does not specifically identify you, but could be identifiable to a user who knows you; and to government agencies to assist in COVID-19 response efforts

Audio and video feed:

  • CCPA-defined categories of personal information (Definitions are available here): Sensory data
  • Sources of personal information: Citizen users
  • Business / commercial purposes for which we may collect and use personal information: To provide our services
  • Data sharing: Directed disclosures to: Family members and friends in a user’s network to safeguard the user; first responders and emergency contacts in the case of an emergency

Email interconnectivity, Mobile devices, Web logs, Online activity:

  • CCPA-defined categories of personal information (Definitions are available here): Online identifiers, Internet or network information, Geolocation data
  • Sources of personal information: Automatically collected
  • Business / commercial purposes for which we may collect and use personal information: To provide our services, To identify you when you visit our app or website, For internal administrative purposes, To conduct analytics
  • Data sharing: Collected directly by third-party tracking companies to perform analytics


  • CCPA-defined categories of personal information (Definitions are available here): Identifiers
  • Sources of personal information: Citizen users
  • Business / commercial purposes for which we may collect and use personal information: To provide our services, To respond to your inquiries, To conduct analytics, For internal administrative purposes
  • Data sharing: N/A

Please note that we may also disclose personal information with service providers, and in connection with corporate transactions or legal compliance.

California Residents’ Privacy Rights 

The CCPA grants California residents the following rights:  

  • Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. We have made this information available to California residents without having to request it by including it in the above chart.
  • Access. You can request a copy of the personal information that we have collected about you. 
  • Deletion. You can ask us to delete the personal information that we maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain information we maintain for compliance in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.  

You are entitled to exercise the rights described above free from discrimination, as prohibited by the CCPA. 

How to Submit a Request

  • To request access to or deletion of personal information:
  • Attn: sp0n, Inc., PO Box 55071 #92726, Boston, MA, 02205-5071, US
  • Email:
  • Identity verification. We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. 
  • Authorized agents.  California residents can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization confirming that authority.

Privacy Policy updates

This Privacy Policy is subject to occasional revision. Citizen will notify you of any material changes in its collection, use, or disclosure of your personal information by posting a notice on the Citizen website and within the application.

Contact us

Feel free to contact us with your questions, requests, comments, or concerns at