some image some image some image some image some image some image some image some image


Date of latest revision: January 30, 2022

We take your privacy seriously, and we want you to know how we collect, use, share and protect your information. This Privacy Notice (Notice) describes how we may collect, store, use and share certain information about you and your usage of the Operation Outbreak mobile application software (app).

What types of information do we collect about you?

We collect information that you voluntarily provide directly to us when using the app. The app will not collect any kind of identifiable information from the participants. We collect a list of physical proximity contacts between participants and the duration of these contacts. Each participant is assigned a randomly generated 128-bit long UUID (Universally Unique Identifier) when the app is installed. It is not possible for us to link the UUIDs back to the identities of the participants. We also collect non-identifiable information about events that take place during a simulation, such as the “health state” of your avatar (“susceptible”, “infected”, “recovered”, etc.), transmission of the virtual pathogen between you and other participants, responses to multiple-choice quizzes, and use of virtual items such as masks and PPEs. The multiple-choice quizzes do not ask for any personal information and are limited to testing knowledge about infectious diseases to increase a score within the simulation. Location services may be needed to be turned on during a simulation as requirement for Bluetooth sensing on some mobile platforms or devices, but we do not collect any location data.

Why do we collect the information?

This data makes possible subsequent visualization and analysis of the outbreak. We also use the information we collect for things like:

  • Optimizing the performance and user experience of the app
  • Operating, evaluating and improving the app
  • Conducting research and analysis

How do we collect the information?

  • Bluetooth proximity sensing: Proximity sensing information comprising strength of Bluetooth signal and duration of contacts is collected using a secured backend REST API.
  • Simulation events: This information is collected using the same secured backend REST API used to collect Bluetooth proximity sensing data.
  • App usage analytics: This information is collected automatically by Apple and Google with the purpose of measuring number of users across countries, app retention over time, and frequency of app malfunctions such as crashes. This information is anonymized and available to us as aggregate counts.

What do we do with the information?

Operation Outbreak in an infectious disease preparation, education, and data generation platform. The Operation Outbreak app keeps track of the dynamics of a simulated outbreak by generating anonymous data: random identifiers for all participants, transmission events between those identifiers, total number of infected participants, and their simulated health status. We apply computational methods on some or all this information to generate graphical representations of the events that took place during the simulations, such transmissions and number of cases over time. We may also create mathematical models that represent the properties of the simulations with the goal of understanding the features that drive transmission during an outbreak and making predictions about future outbreaks. Operation Outbreak does not sell or rent the information to third parties.

Who will have access to the information?

We will share your information with the University of Massachusetts Chan Medical School and The Broad Institute, Inc. ( We share your information with a third party, Amazon Web Services (AWS), to provide infrastructure on which we store our data. Information shared with AWS is stored in a AWS S3 database. This database is encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or customer master keys (CMKs) stored in AWS Key Management Service (AWS KMS). Read this AWS Data Privacy FAQ ( for more information.

We may also share your personal data with government and law enforcement agencies or regulators to 1) comply with a legal process, subpoena, order or other legal or regulatory requirement applicable to us; 2) enforce our terms of use or other policies; or 3) pursue available legal remedies or defend against legal claims.

How do I consent?

By using our app and submitting your information, you agree to this Notice and consent to allow Operation Outbreak to gather and use your information.

What about personal information of individuals outside of the United States?

The app and supporting infrastructure are located within the United States and third parties with whom we share your information are as well. Our servers are located in the United States, and this is where your data and information will be stored. Information provided to us by users outside of the United States will be transferred to the United States, where data protection laws may differ from those of your home country. By using our application or providing us with your information, you acknowledge that your information will be transferred to the United States, processed, and / or stored on servers in the United States. Your information will be used as provided in this Notice and all reasonable steps will be taken to protect your privacy in accordance with the applicable data privacy laws.

How do we protect your information?

We use computer safeguards, including random identifiers and encryption, to protect your information.

Do Not Track Signals

Some technologies, such as web browsers or mobile devices, provide a setting that when turned on sends a Do Not Track (DNT) signal when browsing a website or app. There is currently no common standard for responding to DNT Signals or even in the DNT signal itself. Our app does not honor DNT signals.

How long will we retain your information?

We keep your information for as long as needed to fulfill the particular purpose for which it was collected. We may also retain your records if legally required or to fulfill a legitimate interest.

How will you be notified if our Privacy Notice changes?

Operation Outbreak reserves the right to change, modify, or otherwise amend this Privacy Notice at its sole discretion and at any time as it deems circumstances warrant. If the Privacy Notice changes, Operation Outbreak will post an updated privacy statement with a modification date. Please check back often for the most current version. Your continued use of our application after any change in the Privacy Notice will constitute your acceptance of such changes.

How can you contact us?

If you have questions about this Privacy Notice, please contact the University of Massachusetts Chan Medical School’s Office of Management at

If you have any questions about Operation Outbreak mobile application or website, please contact Andres Colubri at

I Want to Make Learning Infectious

Tell us about your group, and a member of the Operation Outbreak Team will be in touch.