National COVIDSafe Data Store Administrator


You're in control of your information

The Digital Transformation Agency (DTA) was appointed as the National COVIDSafe Data Store Administrator under the Privacy Act 1988 to manage the data collected by the COVIDSafe app.

The National COVIDSafe Data Store is the storage for information collected or generated through the use of COVIDSafe.


Information stored in the Data Store

Information stored when you complete registration and use the app includes:

  • mobile number
  • name or pseudonym
  • age range
  • postcode
  • diagnostic information

Information on digital handshakes is stored if you test positive and complete voluntary upload of information with assistance from a state or territory health official.

We only collect minimal information from you. None of that information is accessible without your consent. To find out more about how the COVIDSafe app uses your data, view the App Privacy Policy (available in over 60 languages).

There are special rules about how this information can be handled and used that you can find in the Privacy Amendment (Public Health Contact Information) Act 2020.

Request to delete your information

You can request to have your registration information removed from the National COVIDSafe Data Store.

Requests are actioned by:

  • confirming your request via SMS
  • providing the list of mobile numbers for deletion to a Data Store officer
  • advising when the deletion is complete

Requests are processed within three working days.

The DTA will delete all COVIDSafe app data when the Minister for Health declares that the pandemic has ended.

Assisting health officials

The DTA aims to first address and resolve issues without accessing information from the Data Store.

When needed, the DTA accesses information in the Data Store to:

  • assist state and territory with contact tracing
  • resolve issues with the health portal or Data Store

The DTA is authorised to do this under 94D(2) of the Privacy Amendment (Public Health Contact Information) Act 2020.

State and territory health officials can share data with the DTA to resolve issues that impede the contact tracing process.

Requirement to report on breach of data

In the event of a breach of requirements as the Data Store Administrator, the DTA must:

  • notify the Privacy Commissioner of reasonable grounds to believe that an eligible breach happened
  • prepare a statement of the data breach
  • take reasonable steps to notify individual users who are at risk from the data breach

Read more on your privacy rights related to the COVIDSafe app.

Last updated:
15 September 2020