Privacy Policy

We take your privacy seriously. This Privacy Notice explains how we collect, use, store, and protect information gathered through the Operation Outbreak mobile application (the “App”).

What Information Do We Collect?

We do not collect any personally identifiable information.  The data we collect is either voluntarily provided or generated through app-based simulations, and is used only for educational and research purposes.

We collect the following types of anonymous data:

  • Proximity Data: Bluetooth-based records of close contact events and durations between participants.
  • UUID: A randomly generated 128-bit Universally Unique Identifier assigned to each user. It cannot be traced back to your identity.
  • Simulation Data: Events occurring in simulations, such as your avatar’s health state (e.g., “susceptible,” “infected,” “recovered”) and virtual pathogen transmission between participants.
  • Behavioral Choice Data: Time-stamped records of gameplay decisions (e.g., using virtual points to “purchase” PPE), linked to your anonymous UUID.
  • Attitudinal Survey Data: Responses to brief multiple-choice surveys about perceptions of disease and prevention. No free-text or personal questions are included.
  • App Usage Data: Anonymous metrics such as session count, duration, and use of features like help menus.
  • Environmental Data: Non-identifiable sensor data (e.g., ambient light, temperature) used to study behavioral context.
  • System Analytics: Aggregated diagnostics such as crash reports and app retention metrics, collected by Apple and Google.

Note: On some devices (especially iOS), enabling location services is necessary for Bluetooth functionality.  However, no location data is collected or stored by the App.

Why Do We Collect This Information?

We collect data to:

  • Visualize and analyze simulated outbreaks
  • Understand behavioral and attitudinal responses during simulations
  • Improve app functionality and user experience
    Support scientific research in infectious disease dynamics and human behavior

How Do We Collect This Information?

  • Bluetooth Sensing: Records strength and duration of proximity signals
  • Simulation Logging: Captures in-game events through a secure API
  • In-App Surveys: Multiple-choice responses logged within the app
  • Platform Diagnostics: Automatically collected by Apple/Google (anonymized)

What Do We Do with the Information?

The App is primarily an educational tool but may also support research studies.  Anonymized simulation data is used to:

  • Preprocess and summarize simulation events
  • Analyze interaction patterns and decision-making
  • Create visualizations (e.g., outbreak graphs, behavioral trends)
  • Improve models of outbreak spread and inform future studies

We may also use attitudinal survey responses to understand how knowledge and beliefs influence behavior.

We do not sell or rent your data to third parties.

Who Has Access to the Data?

Anonymized data may be shared with the following trusted partners:

  • University of Massachusetts Chan Medical School (Colubri Lab): Former app development/infrastructure host, transitioning app development to NJI this year (2025).
  • The Broad Institute: Originating institution of Operation Outbreak.
  • Amazon Web Services (AWS): Provides encrypted cloud storage
  • NJI: Current developers of the app and website
  • Fathom Information Design: Hosts outbreak creation and visualization tools like Outbreak Creator, Outbreak Visualizer, and Outbreak Lookout

Data is securely stored using AWS S3 with server-side encryption (SSE-S3 or AWS KMS). Learn more about AWS Data Privacy.

We may also share data when legally required by law enforcement or regulatory authorities.

How Do You Consent?

This Notice is provided for informational purposes.  If you participate in a research study, separate informed consent will be obtained within the app or via other methods.

By using the app after providing any necessary consent, you acknowledge that you have read and understood this Notice.

For Users Outside the United States

The app and its infrastructure are based in the United States.  If you are located outside the U.S., your data will be transferred and stored in the U.S., where data protection laws may differ from those in your home country.

By using the app, you consent to this transfer and the processing of your data in accordance with this Notice.

How Do We Protect Your Information?

We safeguard your information by:

  • Using random, anonymous UUIDs
  • Encrypting all transmitted data
  • Storing data on secure, access-controlled servers
  • Collecting only non-identifiable, necessary information

Do Not Track Signals

Some browsers and devices offer a “Do Not Track” (DNT) setting.  The Operation Outbreak app does not respond to DNT signals, as there is no consistent standard for interpreting them.

Data Retention

We retain anonymized data only for as long as needed for educational, research, or legal purposes.  When no longer required, it is securely deleted or archived.

Updates to This Notice

We may update this Privacy Notice at any time.  The latest revision date will always appear at the top of this page. Continued use of the App after any changes indicates your acceptance of the revised Notice.

Contact Us

If you have any questions or concerns about this Privacy Notice, please contact us at welcome@operationoutbreak.org.