Highlights of the COVID Card portions of the Acceptable Use Policy include, but aren't
limited to, the following sections. This is provided for informational purposes only - see the
Acceptable Use Policy for full
details.
Eligibility requirements
Usage of the Google Wallet API for COVID-19 Cards (COVID Cards) is limited to entities in one
or more of the below categories. Your API access request must be accompanied by signed
documentation on official letterhead verifying that you represent or are endorsed by an eligible
entity.
For passes that include only uninterpreted vaccine or testing data, eligible
entities are:
Official government agencies
Healthcare systems or providers (e.g. CVS Health, UK National Health Service, UnitedHealth
Group, Kaiser Permanente, French national healthcare system, Netcare (South Africa), One Medical,
etc.);
Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or
testing
For passes that include interpreted data (e.g. to determine an individual's eligibility for
travel or entry into public spaces), eligibility is limited to official government agencies or
entities that have received permission from an official government agency. Interpreted data types
are indicated with an asterisk in the Privacy requirements section below.
Privacy requirements
Usage of the Google Wallet API for COVID-19 Cards (COVID Cards) must comply with the
following requirements:
You must ensure that COVID-19 Cards reveal the minimum amount of personally identifiable
information (e.g. name, date of birth) required to achieve their purpose.
When onboarding, you must comprehensively disclose all data types you plan to reveal in your
COVID-19 Card. Cards may, but are not required to, include the below data types. Other data types
are generally prohibited. If you would like to request any data type not listed below, you must
submit a request, including a rationale for why this is required for your use case.
Accepted data types
COVID-19 Vaccine Information
Vaccine code (such as CVX), vaccine generic description, or vaccine manufacturer
Date of vaccination
Lot number
Dose number
Administering facility
Future dose appointment details
COVID-19 Test Information
Test code (such as LOINC) or test description
Test result
Date of testing
Administering facility
Issuer information, such as their name in plaintext, public key, digital signature, and contact information
Patient Name
Patient Date of Birth
Entry Eligibility Recommendation. This is an interpretation of a user's vaccination or testing
status to determine their eligibility to enter a particular space or participate in a particular activity.
Note that passes that use this data field are subject to additional eligibility requirements detailed
above.
Expiration Date and Time. Note that passes that use this data field are subject to additional
eligibility requirements detailed above.
Identity Assurance Level (IAL)
Wallet API for COVID-19 Vaccination or Testing status can't include or transmit any other
sensitive personally identifiable information, like Government IDs, Patient IDs, or Health worker IDs,
without prior authorization.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eCOVID Cards are subject to the Google Pay Acceptable Use Policy, Google Wallet API Terms of Service, and Google Wallet API Terms of Service.\u003c/p\u003e\n"],["\u003cp\u003eEligibility to use the Google Wallet API for COVID Cards is limited to government agencies, healthcare providers, and authorized organizations, with additional restrictions for passes containing interpreted data.\u003c/p\u003e\n"],["\u003cp\u003eCOVID Cards must minimize personally identifiable information and adhere to specific data type requirements outlined in the policy.\u003c/p\u003e\n"],["\u003cp\u003ePasses including interpreted data like entry eligibility recommendations or expiration dates are subject to stricter eligibility requirements and must be authorized by a government agency.\u003c/p\u003e\n"],["\u003cp\u003eSensitive information such as Government IDs, Patient IDs, or Health worker IDs are prohibited without prior authorization.\u003c/p\u003e\n"]]],["Entities using the Google Wallet API for COVID Cards must meet eligibility criteria, such as being official government agencies, healthcare providers, or authorized organizations. Data must be minimized, revealing only necessary personally identifiable information. Accepted data includes vaccine and test details, issuer information, patient name/birthdate, entry eligibility, expiration, and identity assurance level. Using the interpreted data requires permission from an official government. Additional sensitive PII requires prior authorization. Compliance with the Acceptable Use Policy is mandatory.\n"],null,["# Overview\n\nCOVID Cards have a dedicated section within the\n[Acceptable Use Policy](https://payments.developers.google.com/terms/aup) that's in\naddition to the applicable [Google Wallet API Terms of Service](https://payments.developers.google.com/terms/sellertos) and\n[Google Wallet API Terms of Service](https://developers.google.com/wallet/terms-of-service).\n\nHighlights of the COVID Card portions of the Acceptable Use Policy include, but aren't\nlimited to, the following sections. This is provided for informational purposes only - see the\n[Acceptable Use Policy](https://payments.developers.google.com/terms/aup) for full\ndetails.\n\nEligibility requirements\n------------------------\n\nUsage of the Google Wallet API for COVID-19 Cards (COVID Cards) is limited to entities in one\nor more of the below categories. Your API access request must be accompanied by signed\ndocumentation on official letterhead verifying that you represent or are endorsed by an eligible\nentity.\n\nFor passes that include **only**uninterpreted vaccine or testing data, eligible\nentities are:\n\n- Official government agencies\n- Healthcare systems or providers (e.g. CVS Health, UK National Health Service, UnitedHealth Group, Kaiser Permanente, French national healthcare system, Netcare (South Africa), One Medical, etc.);\n- Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or testing\n\nFor passes that include interpreted data (e.g. to determine an individual's eligibility for\ntravel or entry into public spaces), eligibility is limited to official government agencies or\nentities that have received permission from an official government agency. Interpreted data types\nare indicated with an asterisk in the Privacy requirements section below.\n\nPrivacy requirements\n--------------------\n\nUsage of the Google Wallet API for COVID-19 Cards (COVID Cards) must comply with the\nfollowing requirements:\n\n- You must ensure that COVID-19 Cards reveal the minimum amount of personally identifiable information (e.g. name, date of birth) required to achieve their purpose.\n- When onboarding, you must comprehensively disclose all data types you plan to reveal in your COVID-19 Card. Cards may, but are not required to, include the below data types. Other data types are generally prohibited. If you would like to request any data type not listed below, you must submit a request, including a rationale for why this is required for your use case.\n\nAccepted data types\n-------------------\n\n- COVID-19 Vaccine Information\n - Vaccine code (such as CVX), vaccine generic description, or vaccine manufacturer\n - Date of vaccination\n - Lot number\n - Dose number\n - Administering facility\n - Future dose appointment details\n\n \u003cbr /\u003e\n\n- COVID-19 Test Information\n - Test code (such as LOINC) or test description\n - Test result\n - Date of testing\n - Administering facility\n- Issuer information, such as their name in plaintext, public key, digital signature, and contact information\n- Patient Name\n- Patient Date of Birth\n- Entry Eligibility Recommendation. This is an interpretation of a user's vaccination or testing status to determine their eligibility to enter a particular space or participate in a particular activity. Note that passes that use this data field are subject to additional eligibility requirements detailed above.\n- Expiration Date and Time. Note that passes that use this data field are subject to additional eligibility requirements detailed above.\n- Identity Assurance Level (IAL)\n\n\u003e Wallet API for COVID-19 Vaccination or Testing status can't include or transmit any other\n\u003e sensitive personally identifiable information, like Government IDs, Patient IDs, or Health worker IDs,\n\u003e without prior authorization.\n\u003e\n\u003e \u003cbr /\u003e\n\u003e"]]
