NO-VID 2020: Contact tracing without a privacy breach

A crowdsourced threat tracking app concept designed in March 2020 — the first weeks of the global pandemic — to enable contact tracing without collecting or storing data from non-positive users.

UX Research System Design Mobile App Privacy by Design COVID-19 Response
NO-VID app badge — United We Survive — a crowdsourced threat tracking app

What I did

Market Research

Secondary research and market sizing to establish the feasibility of using existing Google location data as the backbone of the system.

UX Architecture

Solution architect from both UX and technology perspectives — bridging product thinking with data privacy constraints.

System Design

End-to-end system concept including patient data flows, anonymisation architecture, and the risk-scoring logic.

Concept Development

Translating the system architecture into a concrete product — defining app screens, user flows, and the core interaction model.

Prototyping

Creating interactive prototypes for all key app flows, from onboarding through risk status and data sharing screens.

User Guide

Documentation for healthcare workers on extracting patient location history via Google Takeout — a critical non-app data source.

How do you trace contacts without breaching privacy?

Aerial view of empty streets in India during the first COVID-19 lockdown, March 2020

"How to enable contact tracing to warn citizens ahead of time… without violating the privacy of their data."

— The core design challenge, March 2020

The global pandemic surfaced in November 2019 and spread rapidly. Countries went into lockdown. Since it took up to 14 days to develop any symptoms, contact tracing was the only viable mechanism for governments to track and contain the disease.

Despite the Government of India launching Aarogya Setu to trace contacts, public adoption was low. People were reluctant to share location data with governments, and patients relied on fragile human memory to recall where they'd been. The system was failing at the first step.

The challenge was not technical — it was about trust. The solution needed to prove it could work without the system ever seeing data from uninfected users.

How the system works

Research: Establishing data availability

The research phase focused on a single critical question: did the data even exist? Before designing any app, we needed to confirm that most users who use Google Maps would have intact location history available for extraction.

The Google Takeout service at takeout.google.com lets anyone download their complete location history as a JSON file. The key insight was that most users are opted in to Location History by default — and almost none had cleared it.

Google Takeout interface showing Location History selected for download — the data source the NOVID system relies on
193

techies interviewed to establish the availability of Google Takeout location data as a viable source

Donut chart: 92% never heard of Google Takeout, 7% heard about it, 1% used it to download data

92% had never heard of Google Takeout — meaning location data was accumulating without most users' knowledge

Donut chart: 92% don't clear location history, 8% regularly clear location history

92% had not cleared their location history — confirming historical movement data was largely intact and downloadable

The data confirmed the thesis: nearly all Google Maps users had historical location data available — and were unaware of it. This made the Takeout-based approach viable even for users who never download the NOVID app.

Problem Framing: How to capture location data?

Multiple approaches were considered for capturing patient location data. Each option was evaluated against feasibility, historical data coverage, privacy implications, and the ability to reach contacts the patient may not even remember.

Mind map comparing options for capturing location data — fake app, Google Maps, patient memory, bulk data, enforced capture, and anonymous positive-only capture (the chosen approach highlighted in gold)

The chosen approach — capturing only from confirmed positive patients and publishing their data anonymously — was the only option that solved the unknown-contact problem without compromising anyone's privacy. No names, no data collection from non-positive users.

Patient Flow: From test to anonymised upload

The system activates only at the point of a positive COVID test. At the test facility, with the patient's explicit consent, a healthcare worker follows the NOVID protocol to extract location history data from the patient's device.

Patient data flow: Tested positive → Is user on NOVID? → Yes: initiate data pumping (on app >14 days or <14 days) / No: ask patient to install NOVID → Collect JSON archive → Anonymise data → Upload to NOVID portal → Change status to positive

If the patient already has the NOVID app installed (for over 14 days), data is extracted directly through the app. If they are not on the system, the healthcare worker extracts the Google Takeout JSON archive manually. In both cases, data is anonymised before being uploaded to the NOVID portal.

Illustration showing a COVID-positive patient sharing their location data with a healthcare worker via a mobile device, with a laptop showing the data being copied

Risk Logic: How exposure is calculated

Once a patient's anonymised data is in the system, it is pushed to all NOVID users every 6 hours. Each user's app independently compares its stored movement data against the infection windows — no personal data ever leaves the device.

Risk assessment flowchart: Receive location point → Same place for more than 15 minutes? If No: Moderate risk. If Yes: Check against Google Places to determine type — Grocery store: High risk for 72hrs then moderate then safe / Pharmacy: High risk for 24hrs / Any other: High risk for 72hrs / Hospital: Moderate risk for 24hrs then safe

Risk windows were based on early virology studies published by WHO on virus survival on surfaces:

Risk thresholds

Contact <15 minutes at a location → Moderate risk

Contact ≥15 minutes at a grocery store → High risk for 72 hours (cold surfaces)

Contact ≥15 minutes at a pharmacy → High risk for 24 hours

Contact ≥15 minutes at any other location → High risk for 72 hours

Contact at a hospital → Moderate risk (assumed PPE environment)

If a location is marked sanitised → status resets to Safe immediately

Abstract risk map showing timestamped location overlaps on a city grid, highlighting high-risk time windows at specific coordinates

App Screens

The app was designed around three core moments: being notified of a potential exposure, checking your current safety status, and — for positive patients — sharing your data with the system.

Exposure Detected

NOVID app status screen showing Exposure detected! with 2 overlaps found, and next steps to wear a mask and book a doctor appointment

Safety Status

NOVID app status screen showing 'You are safe', 0 overlaps found, and next steps including handwashing and mask guidance

Data Sharing (Patient)

NOVID data sharing screen showing 'Thank you! You are keeping others safe by sharing your data anonymously, you are a HERO' with privacy assurance that no copies of data are stored

The data sharing screen for positive patients was intentionally framed around gratitude and courage — acknowledging the anxiety of testing positive while emphasising the anonymous, one-time nature of the data contribution. The privacy guarantee is stated explicitly: not even the NOVID team can identify who shared the data.

Extended Use: Quarantine enforcement & border control

Beyond individual risk warnings, the NOVID system's location intelligence had two additional enforcement applications identified during the concept phase.

Illustration of a quarantined patient in bed surrounded by a virtual geofence

Quarantine Geofencing

Positive patients can be virtually geo-fenced within their quarantine location

Authorities are alerted automatically if the patient leaves the defined perimeter

Provides accurate, real-time compliance data without requiring manual check-ins

Illustration of a traveller at an arrivals gate being directed by an official to download a tracking app

Border Control & International Arrivals

NOVID installation mandated for all international arrivals before immigration clearance

Provides accurate travel and location history for incoming passengers

If a traveller tests positive at the immigration test, authorities can immediately retrieve their in-transit contact history

A privacy-first response built in the first weeks of lockdown.

NOVID was conceived and designed in March 2020 — before most governments had a working contact tracing solution. The system's core principle was radical: never collect data from anyone who hasn't tested positive. All risk computation happens on the user's device.

The research validated that the underlying data already existed for most Google Maps users — the problem was accessibility, not availability. By routing data only through confirmed positive patients (with consent), the system sidesteps the mass surveillance concerns that doomed government-led contact tracing apps.

The name NO-VID is deliberate: a play on the virus, and a statement of intent — no data collected, no identities exposed, no tracking of the healthy.