Skip to content

App privacy policy

NHS Scotland Covid Check app privacy policy

The NHSS COVID Check App supports NHS Scotland's Test & Protect service. The App scans and reads QR codes containing an individual’s COVID vaccination status and automatically checks whether the QR code has been issued by a trusted authority.

The App is intended for use by appropriately appointed personnel (the "Verifier") who work in environments where verification of an individual's COVID status is required to be carried out. It is not intended for use by the general population.

The data processing

The data are processed within the App on the mobile device of the Verifier. The App reads the QR code presented by the individual and displays the data to the Verifier. The data are deleted once the verification process is complete. No personal data is collected, stored or transferred by the App.

What data are processed about the visitor

The App reads the QR code, presented by an individual, which contains personal and other data and allows the Verifier to read this information within the App only. The personal data contained in the international QR code and used by the App are:

  • your name
  • your date of birth
  • the QR code expiration date
  • your dates of vaccination
  • what vaccine you received
  • last test result
  • recovery data i.e. data that represents an individual who has recovered from COVID-19. This data is based on your test results where applicable.

Mobile app permissions

Certain device permissions are required to run the COVID Check App. These are required on the Verifier’s device only. An individual presenting a QR code to be scanned does not require any device permissions to be granted.

For both Android and iOS (Apple), this is a permission to allow the COVID Check App to use the phone's camera to scan a QR code. If the Verifier denies permission, a screen appears specifying that the permission is required for the App to work.

Internet usage


The app will need periodic access to the internet to download updates to the "public key" security mechanism used to decode the QR codes presented to it. It is recommended you do this every 24 hours or you may find valid QR codes fail to scan successfully.

File usage

When the Verifier downloads the App, they have explicitly given permission for file usage within the App. However, file usage is only used to store public keys into secure internal storage on the device where the App is installed which then allows the App to verify QR codes from a trusted authority. The file usage permission is not used to store any data related to the Verifier’s personal or application usage. Nor is the permission used to store any data read from a QR code.

Metrics collected

Metrics on the usage of the app are captured. These are anonymous and cannot be used to identify you. The metrics are sent to Microsoft App Centre. Using this data the NHS Scotland technical team can make useful observations such as error frequencies, request frequencies, service usage and oversight of the general activity. The metrics collected are:

  • Active Users
  • Daily sessions per user
  • Session duration
  • Device type
  • Country the user is in
  • Language used
  • App version per user
  • Public key used.

Changes to our policy

We keep our privacy policy under regular review.
This version was last updated on 10 September 2021.

Help stop the virus. Download the app today.

By using the NHS Scotland COVID Check app, alongside existing public health and contact tracing measures, you can help to stop the spread of the virus in Scotland.

If we all play our part, we can all help protect ourselves, our families and Scotland against coronavirus.

screenshot of app logged in