|Business model: selling user data, the user is the product.||Business model: service provider, enabling users to monetize their own data for a commission.|
|Privacy as after-thought||Privacy by Design|
|Users give away the rights on their data by signing the user agreement.||All data always belongs to the user. BitsaboutMe cannot touch, see or sell the data.|
|Data is stored unencrypted in order to data mine and monetize it.||All data is encrypted, only the user has the key to decrypt it.|
|Data is used to build user profiles which are then sold to advertisers.||Only users initiate analysis on their data. User profiles are curated by users and only shared by them.|
|Little control over data, extracting and deleting data is made cumbersome.||Full control at all times, straight forward extraction and deletion.|
|Data controllers bag all revenues from data sharing/selling.||Users earn revenues from sharing their data, BitsaboutMe gets a commission for the sale.|
The Personal Data Marketplace (PDM) is completely separated from your individual PDS and connected via our Consent Management System (CSMS). The PDM is the online marketplace where your data is put to work.
If you decide to share your personal data profile under clearly defined conditions, then this data profile will be uploaded from your PDS to the PDM. In the PDM the data is anonymized and decrypted – otherwise it is unusable. Those data processors that you grant access to your personal data profile can access it.
The Personal Data Store (PDS) is a database with user level encryption. The PDS holds the personal data of one specific user and is hosted in a secure data center in the EU or in Switzerland. Every user protects his or her PDS with a strong and secure password. No third party can ever read or access the data without that password, not even BitsaboutMe. This provides maximum security but if the password is lost, the data cannot be recovered.
You can find some examples of how you can gain interesting insights from your data stored in the PDS here.
We sell services – not data. We charge companies when we build automatic connectors to their CRM systems. This facilitates data exchange with existing customers and enables companies to target potential customers by means of personalized offers.
In the long term, we plan to develop services for data processors (universities, market researchers, app developers, etc.) who are willing to pay for controlled access to your data.
With your permission, interested companies may offer you such data deals. If you provide access to parts of your data, we will manage the transaction and make sure that it happens according to the agreed terms in a save and secure way. Data processors pay for the access to high quality data and we will take a commission of that transaction.
Yes, we offer data export. We are an open platform and comply with the EU General Data Protection Regulation (GDPR). You can manage and extract all of your personal data as CSV file. You find the export functionality in the section My Account.
Currently, we do not offer the possibility to correct your data directly in the PDS. What you can do, however, is to delete incorrect data records from your PDS. To correct data at the source, you have to work with the data holder where the data originally came form. As soon as you have made changes there, these will be transferred to the PDS with the next update.
We only use session cookies (definition) to manage the encrypted communication between browser/app and the server. Those cookies are automatically deleted when you close your browser. We do not leave any data trails behind. This is the reason why you do not see a cookie disclaimer on our site. We also do tracking in Matomo. We believe that this is the maximum we can do to protect your privacy while you use our service. You will never find any 3rd party cookies on our site that are used to profile users and then to sell that data to advertisers.
For the PDS we use SQLCipher. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files. In the mobile space, SQLCipher has enjoyed widespread use in Apple’s iOS, as well as Android for quite sometime. For the communication with our servers we use only HTTPS end-to-end encryption.
With Bluetooth, the location of a user can be inferred. Therefore, the use of Bluetooth always requires access to location services. GPS data is not mandatory, but provides important additional information for contact details. The app asks for access to files because the captured contacts are cached on the device before they are regularly transferred to your PDS and then deleted on the device. There is no access to photos or videos at any time.
If you want to temporarily turn off tracking, you can disable Bluetooth and the location service on your smartphone.
If you are infected with COVID-19 or suspect that you are infected, our app does not offer you the possibility to notify the authorities and send warnings to contacts. In this case you should follow the official instructions of the health authorities.
No, your data will not be deleted automatically. As long as you have connected Bluetooth and GPS under My Data, this data will be continuously imported into your PDS and stored there. If you want to delete this data from your PDS, you can disconnect and permanently delete it by clicking on the corresponding data source(s).
Currently we only offer a mobile app for Android. However, it is possible that we will provide an app for iOS at a later date.
To get the heatmap with your BLE contacts, you need to install the BitsaboutMe Mobile App for Android, log in with your user account and connect under My Data the data sources Bluetooth and GPS. Please note that you need to have both Bluetooth and Location Service enabled on your phone.
You can decide for yourself what you want to use your collected Bluetooth Low Energy (BLE) data for. We are convinced that anonymous contact data, especially together with other demographic or consumer data, can be extremely helpful for understanding and fighting the pandemic. For this reason, research institutions can request this data on the Personal Data Marketplace (PDM). You can then provide your information with your explicit consent. The data is always anonymous and can therefore not be traced back to specific individuals.
BitsaboutMe shows you where and how many encounters your smartphone has detected. Thus, we can help you to better assess your own social distancing behavior and e.g. avoid hotspots in a smart way.
Your BLE data is, like all your data at BitsaboutMe, stored decentrally in your Personal Data Store (PDS) in encrypted form. You can find out here which data encryption technology we use. The Bluetooth data stored in your PDS is not accessible to anyone without your user password, not even for BitsaboutMe.
In Europe, privacy is a high value asset. For this reason, Bluetooth Low Energy (BLE) has been identified as a possible technology to anonymously track contacts. This energy-saving technology is not only built into smartphones, but also into all other smart devices. Those devices permanently receive BLE signals. In contrast to classic Bluetooth, where the devices first have to be paired, BLE technology uses so called beacons. Their signals can be received by all BLE devices.
Contact tracing apps use exactly this technology. Every app user permanently sends out beacon signals and the devices in immediate vicinity receive them. Since each beacon also sends along an anonymous ID (EphID), it is easy to record which smartphones have encountered each other. With BitsaboutMe, you can then see how many beacons were captured by your smartphone, when and where.
No, BitsaboutMe is not a contact tracing app. BitsaboutMe receives the anonymous identifiers (EphID) sent out by other contact tracing apps and makes the encounters transparent to you. But BitsaboutMe does not send any EphID itself and does not receive warnings about possible infections. These functionalities are reserved to the official contact tracing apps. We complement such apps by making BLE data transparent and thus also usable for you.
If you use 2-factor authentication for your email account, you will need to make an additional setting to import your emails to BitsaboutMe.
Sign in with your email account and navigate to the security settings. There you should find in the login/password settings an option to generate app passwords. Create a seperate password for BitsaboutMe, which you can use to connect your email account to BitsaboutMe. Detailed instructions on how it works for Gmail can be found here.
To import your data from REWE, you must first enable the REWE eBon in your customer account. To do so, log in with your REWE customer account, connect your PAYBACK card and activate the REWE eBon. Once you have done this, you can connect REWE to BitsaboutMe and import your shopping data into your PDS. You can find detailed instructions here.
To connect your Yahoo account to BitsaboutMe, you need to make an additional setting in your Yahoo account. Log in to Yahoo with your user name and password and navigate to Account Security. There you will need to enable the option Allow apps that use a less secure sign in.
To connect a Bluewin account to BitsaboutMe, the password for the webmail login must not be identical to the Swisscom login. If this is the case, however, you can set a new password for your email in your Swisscom account settings so that you can then use these credentials to connect your Bluewin account to BitsaboutMe.
To import your data from Facebook, you must first make a copy of your data. Log in to Facebook and navigate to Settings. Go the section Your Facebook Information under Download Your Information, where you can create an archive file of your Facebook data. Download this file and upload it to BitsaboutMe. You can find detailed instructions here.
The dashboard card Email Insights shows you how to deduce your mood from the texts in you emails.
The basis for this graph is the content of your sent messages (of up to 1 month) from all connected email accounts. These are analyzed on our servers using the open source software Polyglot, i.e. your data is never shared with third parties and only you can see the result. We want to show you how (free) email providers can use your email and other texts to display targeted advertising, e.g. whenever you are usually in best mood.
Directly below your mood curve, we also show you the number of emails you receive and send and how many of them fall outside working hours (8:00-18:00). Maybe you can see a connection between the number of emails you receive or send and your mood on different days of the week.
In order to import your data from Swisscom, you first have to request your data. Send a letter to Swisscom and you will receive your data request in the form of a ZIP file on a data carrier by post within 30 days. You can upload the CSV files separately to your PDS. Detailed instructions and a letter template can be found here.
With geo-masking, BitsaboutMe offers an innovative possibility to share GPS data in an aggregated and anonymous way, by only passing on information from previously clearly defined areas. All GPS data outside these areas is invisible to the data requestor. This allows you to share relevant information about your location without revealing your privacy. More details on geo-masking can be found here.
To import your data from Netflix, you must first download your Viewing activity file. Log in to Netflix and navigate to Account in the menu. In the My Profile section, you can export under Viewing activity your data as a CSV file and then upload it to BitsaboutMe. You can find detailed instructions here.
Data security and privacy are top priorities for us and therefore we do not have a copy of your password (zero-knowledge) as it would be necessary to restore your user account. Therefore, we cannot reset your password. Only in this way we can assure you that without your login no one – not even BitsaboutMe – can access your data without your explicit consent.
So if you forgot your password, there is nothing we can do. You can create a new account with a different email address. Your old account will always be protected and will be automatically deleted after one year of inactivity. Alternatively, you can request the deletion of your old account at email@example.com, specifying the email address you used when you signed up. Once you have received the confirmation from us that your account has been deleted, you can create a new account using the same email address.
With some email accounts, it can happen for various reasons that the delivery of the activation email takes a certain time. Unfortunately, we do not have any influence on this. We also advise you to check the spam folder of your inbox. If you have not received an activation email or if the link has already expired, please send an email to firstname.lastname@example.org so that we can send you a new link to activate your account.
Before you activate the Personal Data Marketplace (PDM), navigate to the section Marketplace, read the Marketplace Rules and then activate the Marketplace. Now you will see all available offers. Select an offer that interests you and see which of your data will be used for what purposes. To accept it, you may need to share additional information. You can enter and save the required data directly on the marketplace interface.
In the section My Data under Profile you can check and complete your profile data.
If you have trouble connecting your email, there may be a number of reasons:
The following steps will help you to find the source of this problem:
For data based on email (Amazon, Coop), you can find more information in the question The email import for Coop and Amazon does not work.
To import your Amazon data, you must first request your data from Amazon as a PDF file. You can do this on the Amazon support page under Prime and more. As soon as you receive your data, you can import the file into your PDS. Detailed instructions can be found here.
You can also connect your Amazon emails to BitsaboutMe. By doing so, your Amazon orders are imported into your PDS on an ongoing basis.
To import your data from LinkedIn, you must first request your data archive. Go to Settings and Privacy in your LinkedIn menu and navigate to the section How LinkedIn uses your data. Under Download your data select The works: All of the individual files plus more and submit your request. Within a few days you can download your data archive and import the ZIP file to BitsaboutMe. Detailed instructions can be found here.
In order to import your data from PAYBACK, you must first request your data. Send an email to PAYBACK and within a few days you will receive your data request in the form of two PDF files. You can upload these two files to your PDS. Detailed instructions as well as an email template can be found here.
If you have difficulty importing your Migros data into your PDS, this may be due to one of the following reasons:
If you were unable to import your Google data into your PDS, this may be due to one of the following reasons:
For security reasons we do not offer the possibility to change your login address. So if you want to change your registration email, we advise you to delete your user account. Once this is done, you can re-register with your new email address.
We give you the opportunity to delete your user account yourself. If you are logged in to BitsaboutMe, you will find the corresponding function in the dropdown menu in the upper right corner under My Account. If you cannot remember your password, send an email to email@example.com, explicitly requesting the deletion of your account. We will then inform you by email as soon as we have deleted your account.
If you want to change your password, navigate to the drop-down menu in the top right corner of your user account and click on My Account. There you can change your password yourself.