MyShake™ Privacy Policy

We are committed to protecting your privacy. This Privacy Policy explains our practices regarding the collection, sharing, and protection of information that is collected through the MyShakeTM application and our website (collectively, our “Service”).

Collecting Information

We collect the following types of information about you:

1. Data collected on the website

The myshake.berkeley.edu website collects google analytics information so that we can offer a better user experience. The information we collect through the use of Google analytics includes, but is not limited to, IP address, browser information, referring/exit pages and URLs, click stream data and how you interact with links on the website, mobile app, or Service, domain names, landing pages, page views, cookie data that allows us to uniquely identify your browser, browsing behavior on the myshake.berkeley.edu website, mobile device type, mobile device IDs or other persistent identifiers, and location data collected from your mobile device. This information is only accessible to the MyShake team and will not be shared with third parties. We do not collect personally identifiable information such as name and email address as part of the google analytics. More information can be found on https://policies.google.com/privacy

2. Data collected through App Registration

When you create an account, the app collects an anonymized device identifier to uniquely register your device. This anonymized device ID is not associated with any personally identifiable information. We use the anonymized device ID to ensure data accuracy by not double-counting users and to identify phones that request notification information, or reside in an area where alerts are enabled, so we can deliver those services. We also collect other application performance and non-personally identifiable service information including: Firebase cloud messaging ID (so you may receive updates, notifications, and sync with the cloud server), time of registration, android/iOS operating system version, phone brand, accelerometer vendor, location of the phone upon registration if GPS is enabled (latitude, longitude), and the algorithm and parameters of the version of MyShake that you have installed. This information allows us to better tailor the app and services and identify phone and connection types for troubleshooting.

3. Data collected in App Heartbeats

MyShake needs to adequately and periodically monitor the number of active phones in an area of interest (i.e., possible earthquake location) at a given time so that we can provide earthquake notification or alert services, and monitor for earthquakes as they happen. The phone will send a heartbeat message regularly to our server to indicate if the app is running, or when the triggering algorithm phase changes. This involves minimal data transmission including the following: timestamp, last known location (latitude, longitude: if location services are enabled), version number of the MyShake app, operating system version, operation time (i.e., how long MyShake has been running), triggering algorithm and its parameters, a flag to show if the message is sent via Wi-Fi or data plan, a flag to show what phase the algorithm is in when the message was sent, a flag to indicate whether the phone is plugged into power, a flag to indicate that an alert message was successfully received by the phone, and the anonymized device ID to properly associate the messages on our cloud server. Only coarse location information is stored in the database from the App heartbeat messages. Locations are used to assess the network distribution to enable creation and distribution of rapid alerts.

4. Data collected with HomeBase

The HomeBase feature allows users to set a default alert location on their device. On the app side, this is selected by setting an address. All address information is stored locally on the device and is not sent to the MyShake server. The selected address is associated on the device with a reference grid location: a 10 km by 10 km area. The ID of that reference grid (also known as an MGRS grid reference) is sent to the backend server. Users can check their reference grid by viewing the teal square on the map in the HomeBase settings.

5. Data collected in App trigger message

When the MyShake algorithm changes its monitoring mode, or detects accelerometer movement that may indicate an earthquake, MyShake sends a trigger message to our server containing the following data: timestamp, maximum amplitude of the acceleration at the time of the trigger (calculated in a 2 second window), location of the phone (latitude, longitude, altitude, and accuracy) at the time of the trigger, the triggering algorithm used, an assigned weight, and the unique anonymized device ID. We collect the phone location using GPS, and communicate it via WiFi, or the wireless network, to our backend server in order to obtain the device’s location for the purposes of earthquake location and providing our Service. The trigger message uses fine location information so that we can pinpoint the precise location of an earthquake. We maintain this location information as associated with the trigger for research purposes—including tuning the detection algorithm—as well as for creation and delivery of rapid alerts. It is not linked to any personally identifiable information. We are unable to link data collected from your device to you as an individual, and thus, we cannot provide access to trigger information for download or deletion from our server side.

6. Data collected in waveform data message

When the MyShake algorithm detects accelerometer movement that may indicate an earthquake, or receives a message from the server to record, it stores by default a 5-minute recording of acceleration data locally (1 minute before the trigger time, 4 minutes after the trigger time). On occasion, we may send a trigger to the app to change these default parameters temporarily to collect random noise data to improve filtering. The waveform data will be uploaded to the MyShake server only when the phone is connected to both Wi-Fi and power and includes: timestamp for each data point, three-component acceleration, location of the phone (latitude, longitude, altitude, accuracy) at the time of the trigger, and the unique anonymized device ID. Waveforms contain fine location information and are used for research purposes only to improve the earthquake detection algorithm. We do not link this information to personally identifiable information, and thus, we store no personal data for you, or anyone, to access or delete upon request. Waveform data is only kept in the cloud temporarily and is then archived to a secure server at the University of California at Berkeley where access is limited to researchers affiliated with MyShake. Reduced parametric data, including timestamp and location may be shared with the scientific community.

7. Data accessible on the MyShake Application Server User Interface

The user interface is a web-based portal where the MyShake administrators can retrieve waveform recordings and trigger messages for research purposes (which is separate from the MyShake webpage and not publically accessible). The interface requires admin access only through secured https. The interface logs: heartbeat information, trigger messages sent from our server, and an application debug log. The user interface can access: list of registered devices with the MyShake AppServer, the online/offline status of the devices at the time of the last heartbeat, display the location of the devices aggregated into clusters so that there are no precise individual device locations displayed on the underlying map display. The map prevents zooming to street level and groups devices into clusters to prevent individual device identification by anyone: including the MyShake team.

8. Data submitted through App User Experience Reports

Users can opt-in to submitting experience reports via the app for earthquakes in their area that they experienced. These reports can include shaking intensity felt by the user, as well as observations of building and road damage. This information is sent to our backend and aggregated to provide updated information on the Individual Earthquake Page on the App. No personally identifiable information is collected at this point, so information you send cannot be linked back to you or erased.

9. Data preferences on the App

User app settings, earthquake thresholds, earthquakes saved to a log, number of experience reports submitted, and notification settings are stored on the backend associated with the anonymous device ID. Your notification thresholds are sent to the backend to assign the phone ID to a subset of alert topics in order to deliver notifications to you. That information will not be able to be deleted, since it is not associated to you on the backend.

Sharing Information

We will not rent, share, or sell your information to third parties. Only the Berkeley Seismological Laboratory, and MyShake project participants will have access to this information and used only for service improvement or delivery purposes, except as noted below: Any information or content that you voluntarily post to the Google Play store, or Apple App Store page will automatically be available to the public. We may publicly post your reviews and comments online on our website.

Protecting Information

We care about protecting all of your information and use commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and privacy of all information we collect and are used by MyShake project participants. Trigger and heartbeat messages are sent via the Amazon Cloud Services for temporary storage and are archived at the Berkeley Seismological Laboratory. Administrative access to the Amazon Web Services instances are limited to only Berkeley Seismological Laboratory. https support is enabled for the MyShake App Server User Interface and requires admin credentials. Location information is either clustered, or saved as coarse locations in most cases to safeguard the privacy of our users. Only locations associated with a recorded earthquake will use precise locations and that information is housed on a separate server.

Third-Party Sites and Privacy Practices

We are not responsible for the practices employed by websites or services linked to or from the Service, nor the information or content contained therein. Please remember that when you use a link to go from the Service to another website, our Privacy Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies. Please read over those rules and policies before proceeding.

Changes to Policy

We may amend this privacy statement from time to time. However, we will not use your Information in a way that is materially different than the uses described in this Policy without giving you an opportunity to opt-out of such differing uses. If we make any substantial changes in the way we use your personal information, we will notify you by posting a prominent announcement on our website at myshake.berkeley.edu. Please check this page on a regular basis for updates.

Contact

If you have any questions about this Privacy Policy, please contact us at myshake-info@berkeley.edu