SAVITAS is a social innovation for contact tracing supported by minimal technology.
SAVITAS describes an approach for anonymous contact tracing, specifically designed for implementation within and across organisations. Its purpose is to anonymously detect potential infection opportunities and notify individuals at risk, so they can take appropriate action earlier e.g., self-isolation, visiting a doctor, oftentimes before showing any symptoms. In this way, SAVITAS contributes to flattening the curve. This will become especially important when companies need to return to “the new normal”, while avoiding or flattening follow-up infection outbursts, and to get the economy up & running faster.
Whilst nation-wide solutions are on the drawing board, we believe organisations can and should prepare their own lockdown exit scenario - in full compatibility with any federal measures to come. Safeguarding employee well-being & privacy need to be at the heart of such an initiative.
SAVITAS has been validated by
More detailed information about these parties will be provided soon.
SAVITAS has very simple and affordable pricing: 5 euro ex. VAT per QR code label, sold in rolls of 100. SAVITAS works with channel partners to allow for faster and more efficient distribution.
QR code label rolls are available for purchase on the savitas.life website against a variety of monetary instruments. QR codes are valid until May 31st, 2021.
In case you’re wondering: SAVITAS is not Latin for safety, but it stands for "Social Anonymous Viral Infection Tracing At Scale." Anonymous because all our data is born anonymous, At Scale because there are many of you and many QR codes to scan.
Well, it is actually not that difficult to explain. SAVITAS essentially builds on three pillars to preserve privacy:
SAVITAS is a solution that only works in the user’s web browser, requiring no app to be installed on the user’s phone. It cannot run in the background of the device but only activates when the user scans a QR code or deliberately visits the SAVITAS website. That is also the only time it can tell you something because it does not know your phone number of email address.
When a user chooses to scan a QR code, SAVITAS uses a well-known secure hashing function (*) to generate a unique string of characters which relate only to a QR code and a time period. Nothing in this string relates to any user characteristics. Nonetheless, since this single string may be unique for a user, we ensure that it is kept only on the user’s phone.
When the QR code is installed, it will be scanned for the very first time: it will then use the location information of the phone, hash that into an abstract number unusable for location purposes, hash the QR code as well, upload both abstract numbers to the server. At every scan, those numbers will be used for verification that the QR code has not been moved or reproduced, to avoid erroneous results and false conclusions.
The only time the unique string is shared, is when a user, after authorization by a medical professional, decides that the string should be shared to inform others. You will therefore only find a list of strings on our servers, with all strings totally mixed up, which tell us that at a certain place within a certain time there was someone who tested positive for COVID-19. We do not know who. All similar lists are then sent (incrementally) to a user’s phone whenever a QR code is scanned or when that user visits our webpage. The comparison of a user’s strings with those incoming “reported-positive” strings only happens on the user’s phone. We have no way to receive the unique string of a user unless that user decides to share it when having tested positive.
As a consequence, if the outcome of the comparison brings up a match, ONLY the user will be informed as that information never leaves the phone.
As recommended by data protection authorities in Europe (**), we have chosen for an approach which:
In short, our solution is built from the ground up with privacy in mind. We are continuously performing assessments throughout the entire cycle of conception, development and roll-out, so that any privacy threat which may emerge, is tackled as soon as it is detected.
Document produced in close cooperation with Timelex. As a member of SAVITAS’ advisory board, European leading niche law firm in data protection & privacy Timelex provides the framework and guidelines to ensure that the privacy of all SAVITAS’ users is preserved at all times. This includes a.o. a formal Data Protection Impact Assessment.
(**) EDPB Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, adopted on 21 April 2020: https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-042020-use-location-data-and-contact-tracing_nl.
There is no app. There is no download. There is no account or no registration. When you scan the QR code the standard browser navigates to https://savitas.io, a single page web site, which performs the elementary functions required.
A SAVITAS QR Code represents a very large random number and looks like this:
It translates to a URL like this with the following components:
Upon scanning, the single web application is loaded from savitas.io (part 1 of the URL). Parts 2 and 3 remain on the phone. The web application on the phone determines that indeed the number (part 2) is a unique SAVITAS number, digitally signed (part 3). It then hashes the number (part 2) with a timeslot, and stores it on the phone as a hashed Space-Time-Slot (STS). The server receives no data whatsoever.
This STS is actually the functional combination of space and time: it states that the scanning device was in the neighbourhood of the QR code within a specific timeframe.
When a doctor authorises you to self-report, the STS records on your phone are uploaded to the server. No other information from the patient is shared with the server. This means that the server does not know who you are and has no privacy-related information whatsoever.
That is correct. To avoid abuse of the system, we are only verifying that the QR code sticker is indeed being scanned at the place where it was first installed. When that happened, an abstract digital fingerprint of its geo-location was sent to the server, to be checked at every scan. To be able to get the location and re-compute that digital fingerprint for verification, your phone needs access to your location. That’s it: outside of this verification, we are not using any GPS data.
Only a doctor can give you a proper COVID-19 diagnosis. That means that a doctor plays a critical part in validating the process, and therefore it is essential that only a doctor can authorise a patient to self-report.
The doctor gets a generated code from a separate medical portal or, if available, a government platform. That code he provides to the patient.
Essentially point your smartphone camera or QR code scanning app to a SAVITAS QR code to scan and click on the displayed link. Generally , the only thing you see is a 'thank you for scanning' message. That is all.
For smartphones that do not have QR scanning capabilities or app, the website also offers the possibility to scan. Using your smartphone web browser, go to savitas.io and you will see a button allowing you to scan a QR code.
We are working with medical authorities to ensure a proper way for doctors to register. When we have the proper and final procedure we will publish details.