Overview

COVID Cards have a dedicated section within the Acceptable Use Policy that's in addition to the applicable Google Wallet API Terms of Service and Google Wallet API Terms of Service.

Highlights of the COVID Card portions of the Acceptable Use Policy include, but aren't limited to, the following sections. This is provided for informational purposes only - see the Acceptable Use Policy for full details.

Eligibility requirements

Usage of the Google Wallet API for COVID-19 Cards (COVID Cards) is limited to entities in one or more of the below categories. Your API access request must be accompanied by signed documentation on official letterhead verifying that you represent or are endorsed by an eligible entity.
For passes that include only uninterpreted vaccine or testing data, eligible entities are:

  • Official government agencies
  • Healthcare systems or providers (e.g. CVS Health, UK National Health Service, UnitedHealth Group, Kaiser Permanente, French national healthcare system, Netcare (South Africa), One Medical, etc.);
  • Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or testing

For passes that include interpreted data (e.g. to determine an individual's eligibility for travel or entry into public spaces), eligibility is limited to official government agencies or entities that have received permission from an official government agency. Interpreted data types are indicated with an asterisk in the Privacy requirements section below.

Privacy requirements

Usage of the Google Wallet API for COVID-19 Cards (COVID Cards) must comply with the following requirements:

  • You must ensure that COVID-19 Cards reveal the minimum amount of personally identifiable information (e.g. name, date of birth) required to achieve their purpose.
  • When onboarding, you must comprehensively disclose all data types you plan to reveal in your COVID-19 Card. Cards may, but are not required to, include the below data types. Other data types are generally prohibited. If you would like to request any data type not listed below, you must submit a request, including a rationale for why this is required for your use case.

Accepted data types

  • COVID-19 Vaccine Information
    • Vaccine code (such as CVX), vaccine generic description, or vaccine manufacturer
    • Date of vaccination
    • Lot number
    • Dose number
    • Administering facility
    • Future dose appointment details

  • COVID-19 Test Information
    • Test code (such as LOINC) or test description
    • Test result
    • Date of testing
    • Administering facility
  • Issuer information, such as their name in plaintext, public key, digital signature, and contact information
  • Patient Name
  • Patient Date of Birth
  • Entry Eligibility Recommendation. This is an interpretation of a user's vaccination or testing status to determine their eligibility to enter a particular space or participate in a particular activity. Note that passes that use this data field are subject to additional eligibility requirements detailed above.
  • Expiration Date and Time. Note that passes that use this data field are subject to additional eligibility requirements detailed above.
  • Identity Assurance Level (IAL)

Wallet API for COVID-19 Vaccination or Testing status can't include or transmit any other sensitive personally identifiable information, like Government IDs, Patient IDs, or Health worker IDs, without prior authorization.