- The whole process of generating the pass file happens locally in your browser. For the signing step, only a hashed representation of your data is sent to the server.
- No data is sent to third parties.
- We transmit your data securely over https.
- Our server is hosted in Nuremberg, Germany.
- The source code of this site is available on GitHub.
- By default, Apple Wallet passes are accessible from the lock screen. This can be changed in the settings.
Simplified explanation of the process
First, the following steps happen locally in your browser:
- Recognizing and extracting the QR code data from your selected certificate
- Decoding your personal and health-related data from the QR code payload
- Assembling an incomplete pass file out of your data
- Generating a file containing hashes of the data stored in the pass file
- Sending only the file containing the hashes to our server
Second, the following steps happen on our server:
- Receiving and checking the hashes which were generated locally
- Signing the file containing the hashes
- Sending the signature back
Finally, the following steps happen locally in your browser:
- Assembling the signed pass file out of the incomplete file generated locally and the signature
- Saving the file on your device
Locally processed data
The Digital Covid Certificate Schema contains a detailed specification of which data can be contained in the QR code and will be processed in your browser.
Our server provider is
Hetzner Online GmbH
The following data may be collected and stored in the server log files:
- The browser types and versions used
- The operating system used by the accessing system
- The website from which an accessing system reaches our website (so-called referrers)
- The date and time of access
- The pseudonymised IP addresses
In accordance with the GDPR you have the following rights:
- Right of access to your data; You have the right to know what data has been collected about you and how it was processed.
- Right to be forgotten; Erasure of your personal data.
- Right of rectification; You have the right to correct inaccurate data.
- Right of data portability; You have the right to transfer your data from one processing system into another.
Third parties linked