Verify Ontario Privacy Statement

Ontario is committed to respecting your privacy and protecting your personal information. The Verify Ontario Privacy Statement explains the current information management practices of the Verify Ontario app.

Proof of vaccination is no longer required for entry effective March 1, 2022

Businesses and organizations may choose to check for proof of vaccination and use the Verify Ontario app. Learn more about the updated guidelines.

App Purpose

The Verify Ontario App ("the app") is a mobile application developed by the Ontario Government intended for use by businesses and organizations that choose to verify vaccine certificates with QR codes.

The app will read SMART Health Card QR codes presented to the users by individuals in order to verify that it is a legitimate government-issued code that has not been tampered with, and to confirm if an individual has been fully vaccinated against covid 19. The app will, based on the reading of the QR code, notify users if an individual has been verified.

Your privacy is protected

The Ontario government respects your right to privacy and values the trust you place in us. For the Ontario government’s full privacy statement visit

For privacy and security:

  • verified vaccine certificates results display with minimum personal information for 30 seconds and then are deleted
  • only trusted SMART® Health Card QR codes will scan as verified and display a green check mark screen
  • the app does not request the user's location or save any information that links specific locations, visitors or businesses to each other
  • no personal health information is displayed or shared, only the information that is required for QR code verification (result with name and date of birth to confirm an individual's ID)
  • only anonymous statistical data (analytics) are collected that help us improve the app, including the total number of scans and the number of valid, invalid, or warning results
  • for transparency and security we will share the app's code in GitHub and have adopted a vulnerability disclosure policy

Information Collected

Performance and Effectiveness Metrics

To help us understand how well the app is working, the app will use a standard implementation of Google Analytics 4. No personally identifiable information (PII) will be collected.


If a user clicks an link within the app, a mobile web browsing page will open outside of the app. This page is subject to the cookies statement on our page.

For mobile apps, Google Analytics uses an App Instance Identifier. This is a number that is randomly generated when the user installs an app for the first time.

To collect statistics, a Google software development kit (SDK) is installed on the app to communicate with Google Analytics and pass along event data.

Privacy settings can be managed on your device.

In addition to Google Analytics’ automatically collected metrics, the app collects the following metrics:

  • The number of scans completed
  • The date and time of scans
  • The number of positive, negative and invalid scans
  • The number of times:
    • the scanner is open for more than 20 seconds
    • the verified result screen is left inactive for 30 seconds
    • users are prompted to connect to the internet 
    • users are prompted to update their version of the app
    • users click the link to the app store from the version update prompt
    • the flashlight button is clicked while in the app
    • a link is clicked in the app

IP Address

Google Analytics 4 will anonymize and mask all IP Addresses. This means only a portion of an IP address is collected, rather than the entire address. Google Analytics uses IP addresses to derive the geolocation of a user, and to protect the service and provide security to users.

Device Permissions

Use of the app will require that camera permissions be enabled. Enabling these permissions is necessary for the app to read and interpret SMART Health Card QR codes. The app will only access the camera when scanning for QR codes. The app does not collect, store or share any information from the device’s camera.


This Privacy Policy may be updated from time to time. We will notify you of any changes to our Privacy Policy by posting the new policy here.

November 17, 2021: Added information to the Information Collected section about custom events and how the app passes data via the SDK (Software development kit).

December 22, 2021: Added information about the app verifying active medical exemptions

March 30, 2022: Updated information related to app requirements. Effective March 1, 2022, proof of vaccination is no longer mandated for entry.

If you have any questions, please contact us at

Effective Date

This Privacy Policy is effective as of October 13, 2021.