Frequently asked questions

General information

What is contact tracing?

Contact tracing is a process that can help in preventing long term lockdowns or overwhelmed health systems.

Swiss epidemiologist Marcel Salathé created this infographic that explains very clearly why contact tracing is important (click image to enlarge).

What is SAVITAS™?

SAVITAS is a social innovation for contact tracing supported by minimal technology.

SAVITAS describes an approach for anonymous contact tracing, specifically designed for implementation within and across organisations. Its purpose is to anonymously detect potential infection opportunities and notify individuals at risk, so they can take appropriate action earlier e.g., self-isolation, visiting a doctor, oftentimes before showing any symptoms. In this way, SAVITAS contributes to flattening the curve. This will become especially important when companies need to return to “the new normal”, while avoiding or flattening follow-up infection outbursts, and to get the economy up & running faster.

Whilst nation-wide solutions are on the drawing board, we believe organisations can and should prepare their own lockdown exit scenario - in full compatibility with any federal measures to come. Safeguarding employee well-being & privacy need to be at the heart of such an initiative.

What are the key characteristics and differentiators?

  • SAVITAS is more about social than technological innovation: just like social distancing, a new social pattern is introduced. In this case, enabled and supported by low-threshold, simple to understand technology: scanning QR codes at “hotspots” within companies where social distancing may be a challenge. Upon scanning a QR code, only the unique QR code plus the time slot are recorded, anonymously, in the phone itself. This has nothing to do with the oppressive green/red QR code systems used for public access control in China, for instance;
  • Privacy by design: the whole system is built on privacy. All data that will be used is still to be collected today, no existing data is used;
  • Born anonymous: no account, no registration, no identifiable personal information whatsoever is required. No anonymous or ephemeral identifiers are used. Only the person her-/himself is informed about her status in the system;
  • Voluntary. Each and every time: Protect yourself, your family and your colleagues. Your decision at every moment along the way;
  • No app: only the standard web browser on the phone is used.
    • it lowers the threshold to deploy across a broader population, as people do not need to download an app;
    • it avoids the uncontrollable approval cycles of foreign app stores (up to 2-3 weeks, critical in case of urgent upgrades or bug fixes);
    • it implies lower implementation and maintenance costs;
    • it visibly strengthens the privacy case, as a phone web browser is technologically barred from accessing personal data on the phone;
  • No Bluetooth, no GPS: not Big Brother but Little Sister is the role model;
  • Any smartphone is suitable. No exceptional battery drain as opposed to some solutions based on intensive Bluetooth & GPS use;
  • Avoids the false positives common to all Bluetooth based systems, especially in an office environment: undesirable proximity detection through thin office/meeting room walls (which are optimised for wifi transparency);
  • Viral: the more people and organizations participate, the more valuable the system. The idea is to create a social virus to fight a biological virus;
  • Complementary to other ongoing initiatives in terms of detection & data generated;
  • Cross-organisation: the same system is used across all onboarded companies in a country, which is especially effective in ecosystems, like a port for example;
  • Rapidly deployable: Esoptra’s underlying anonymous unique identifier technology works for industrial applications. SAVITAS is a patent-pending derivative of this technology. The stated objective is to achieve impact in this crisis still. Data tech specialist Esoptra builds on a strong track record as the sixth data tech startup of 2 founders with 50+ international data related patents.

Has SAVITAS been verified?

SAVITAS has been validated by

  • Epidemiologists;
  • Occupational health providers;
  • Privacy lawyers;
  • Security certificate experts.

More detailed information about these parties will be provided soon.

What does it cost?

SAVITAS has very simple and affordable pricing: 5 euro ex. VAT per QR code label, sold in rolls of 100. SAVITAS works with channel partners to allow for faster and more efficient distribution.
QR code label rolls are available for purchase on the savitas.life website against a variety of monetary instruments. QR codes are valid until May 31st, 2021.

Where does the name SAVITAS come from?

In case you’re wondering: SAVITAS is not Latin for safety, but it stands for "Social Anonymous Viral Infection Tracing At Scale." Anonymous because all our data is born anonymous, At Scale because there are many of you and many QR codes to scan.

Privacy

How does SAVITAS protect the privacy of its users?

Well, it is actually not that difficult to explain. SAVITAS essentially builds on three pillars to preserve privacy:

  1. Our solution is active only when the user wants it to be active, it requires an active and conscious action by the user at every step and is technically barred from any background tracking;
  2. For every step we take, from scanning QR codes, to reporting and sending alerts, we only collect and process strictly minimal and born-anonymous data;
  3. We rely as much as possible on local processing and storage on the user’s phone, meaning that we send as little data to our servers as possible and let the user’s device handle the most privacy-sensitive activities.

SAVITAS is a solution that only works in the user’s web browser, requiring no app to be installed on the user’s phone. It cannot run in the background of the device but only activates when the user scans a QR code or deliberately visits the SAVITAS website. That is also the only time it can tell you something because it does not know your phone number of email address.

When a user chooses to scan a QR code, SAVITAS uses a well-known secure hashing function (*) to generate a unique string of characters which relate only to a QR code and a time period. Nothing in this string relates to any user characteristics. Nonetheless, since this single string may be unique for a user, we ensure that it is kept only on the user’s phone.

When the QR code is installed, it will be scanned for the very first time: it will then use the location information of the phone, hash that into an abstract number unusable for location purposes, hash the QR code as well, upload both abstract numbers to the server. At every scan, those numbers will be used for verification that the QR code has not been moved or reproduced, to avoid erroneous results and false conclusions.

The only time the unique string is shared, is when a user, after authorization by a medical professional, decides that the string should be shared to inform others. You will therefore only find a list of strings on our servers, with all strings totally mixed up, which tell us that at a certain place within a certain time there was someone who tested positive for COVID-19. We do not know who. All similar lists are then sent (incrementally) to a user’s phone whenever a QR code is scanned or when that user visits our webpage. The comparison of a user’s strings with those incoming “reported-positive” strings only happens on the user’s phone. We have no way to receive the unique string of a user unless that user decides to share it when having tested positive.

As a consequence, if the outcome of the comparison brings up a match, ONLY the user will be informed as that information never leaves the phone.

As recommended by data protection authorities in Europe (**), we have chosen for an approach which:

  • Is voluntary by giving users the complete freedom to decide whether or not to participate at every step of the way and whether or not they want their personal data to be processed at all;
  • Transparently identifies the roles and responsibilities of all stakeholders;
  • Minimises any personal data collection and use, doing so only when we can truly not avoid it;
  • Is secure by using strong encryption algorithms for all data collected, stored and transferred.

In short, our solution is built from the ground up with privacy in mind. We are continuously performing assessments throughout the entire cycle of conception, development and roll-out, so that any privacy threat which may emerge, is tackled as soon as it is detected.

Document produced in close cooperation with Timelex. As a member of SAVITAS’ advisory board, European leading niche law firm in data protection & privacy Timelex provides the framework and guidelines to ensure that the privacy of all SAVITAS’ users is preserved at all times. This includes a.o. a formal Data Protection Impact Assessment.

(*) https://en.wikipedia.org/wiki/Hash_function

(**)   EDPB Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 April 2020: https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-042020-use-location-data-and-contact-tracing_nl.

How it works

Where is the app?

There is no app. There is no download. There is no account or no registration. When you scan the QR code the standard browser navigates to https://savitas.io, a single page web site, which performs the elementary functions required.

What is a SAVITAS QR code and what does it do?

A SAVITAS QR Code represents a very large random number and looks like this:

It translates to a URL like this with the following components:
https://savitas.io#UcfzpGvE6W-LNWYG61cWnw.j7KR6FdMec8NBwVp_V4Rhzq_tFhy5mPzyov-2RMNF-cnl0323-mYGzow9eETosDG

  1. https://savitas.io: the operational SAVITAS server which runs over a secured web connection (https);
  2. UcfzpGvE6W-LNWYG61cWnw: the fragment component encoding the unique QR Code random number;
  3. j7KR6FdMec8NBwVp_V4Rhzq_tFhy5mPzyov-2RMNF-cnl0323-mYGzow9eETos: the digital signature securing the authenticity of the random number.

Upon scanning, the single web application is loaded from savitas.io (part 1 of the URL). Parts 2 and 3 remain on the phone. The web application on the phone determines that indeed the number (part 2) is a unique SAVITAS number, digitally signed (part 3). It then hashes the number (part 2) with a timeslot, and stores it on the phone as a hashed Space-Time-Slot (STS). The server receives no data whatsoever.

This STS is actually the functional combination of space and time: it states that the scanning device was in the neighbourhood of the QR code within a specific timeframe.

What is the process in short steps?

  1. An organization purchases SAVITAS QR codes, and applies them within their facilities in places where social distancing may be a challenge;
  2. When employees are returning to their work environment, they are asked to scan QR codes when they encounter one. There is no registration or login required, to ensure total privacy and to keep it speedy;
  3. The unique QR codes are stored on their smartphones bundled with the timeslot when the code was scanned. But first they are hashed up together in a unique way such that verification can be done without storing the original information;
  4. When employee John experiences symptoms of the disease, he contacts a doctor who determines that he has contracted COVID-19, and gives John an anonymous authorisation code which he must use to mark himself as “infected”, upon which his scanned records are uploaded to the server as “infectious”;
  5. Susan, who was in the same meeting as John, scanned the same QR code as John within a infectious timeframe;
  6. If that is the case, next time Susan checks her status or scans a QR code, the most recent scans are fetched from the server and compared with records stored on her smartphone;
  7. If there is a match with her records a message is displayed on Susan’s phone that she needs to take action (self-isolate, contact a doctor…). This way, she gets notified of a possible infection days before she may show symptoms herself, and by her actions she helps to stop further infection. But only Susan will ever know, as this information never leaves her phone.

What information is stored on the server?

When a doctor authorises you to self-report, the STS records on your phone are uploaded to the server. No other information from the patient is shared with the server. This means that the server does not know who you are and has no privacy-related information whatsoever.

Why do I need to allow access to my location when scanning? I thought you were not using any GPS data?

That is correct. To avoid abuse of the system, we are only verifying that the QR code sticker is indeed being scanned at the place where it was first installed. When that happened, an abstract digital fingerprint of its geo-location was sent to the server, to be checked at every scan. To be able to get the location and re-compute that digital fingerprint for verification, your phone needs access to your location. That’s it: outside of this verification, we are not using any GPS data.

Why is there a doctor involved? Why can't I just self report?

Only a doctor can give you a proper COVID-19 diagnosis. That means that a doctor plays a critical part in validating the process, and therefore it is essential that only a doctor can authorise a patient to self-report.
The doctor gets a generated code from a separate medical portal or, if available, a government platform. That code he provides to the patient.

In regular use, what are the steps required to scan?

Essentially point your smartphone camera or QR code scanning app to a SAVITAS QR code to scan and click on the displayed link. Generally , the only thing you see is a 'thank you for scanning' message. That is all.
For smartphones that do not have QR scanning capabilities or app, the website also offers the possibility to scan. Using your smartphone web browser, go to savitas.io and you will see a button allowing you to scan a QR code.

I'm a doctor, how do I sign up?

We are working with medical authorities to ensure a proper way for doctors to register. When we have the proper and final procedure we will publish details.