Thank you to the authors. Overall the document is well written and presents no significant security concerns requiring attention.

I have some really minor nits that the authors may consider addressing at their discretion.

Section 8 :
>> applying policies [see Secuirty Considerations section] for who can access them

spellcheck, Secuirty to Security


>>there are additional steps that can be taken to protect threats
Suggestion to make it `protect against threats`

>>Implementations exist which do encryption for various contract-tracing (virus-related) applications.


Suggestion to make it ‘Implementations exist that do encryption for various contract-tracing (virus-related) applications.’