Privacy Policy

March 2022

Notice of Privacy Practices

This notice describes how WEconnect Health Management, doing business as WEconnect will collect and store information about you, and how that information is shared.

TL;DR

In summary, we collect sensitive personal information in order to support the core function of the application, which is to reduce relapse by making recovery routines accessible and increasing individual accountability. We do this by verifying your location at scheduled times and allowing approved individuals to review your adherence to your routines. We ask for permission before collecting this information, and we ask for permission before we share it. We do not use this information to create individual commercial profiles. We do not share information with unauthorized third parties. We recognize that the nature of this sensitive data requires that we protect and secure this information at every step to ensure that your privacy is respected. 

The information we collect is not intended to be used for punitive purposes. 

WEconnect can verify compliance with a treatment routine. WEconnect does NOT verify non-compliance.

Your Rights: 

Laws in place to protect your privacy accord you certain rights. You have the right to request a copy of your personal data, the right to request deletion of your personal data, and the right to limit sharing and disclosure of your personal data or revoke your consent to share data at any time. You can do any of these things by emailing support@weconnectrecovery.com or privacy@weconnectrecovery.com

Our Responsibilities:

WEconnect is subject to the investigatory and enforcement powers of the Federal Trade Commision (FTC), the Office of Civil Rights (OCR) and the Department of Health and Human Services. WEconnect does not share personal data with unauthorized third parties without notice and consent. 

Statement of HIPAA Compliance:

As a Business Associate (BA) of HIPAA compliant Covered Entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards. For Data protected by HIPAA Our uses and disclosures of protected health information will comply with HIPAA and related Business Associate Agreements. To review the measures we have taken to ensure compliance, please see our Compliance and Security Overview.

Statement of 42 CFR Part 2 Compliance: 

Some information about the Services may be protected by 42 CFR Part 2. WEconnect is prepared to work with any entity requiring compliance with 42 CFR part 2. Our operating processes and security parameters are designed to protect individual data to the highest reasonable standard. 

WEconnect requires explicit authorization and consent to share data within an individual’s support network. Support persons are added to this network by the client themselves. We do not share data on behalf of any client without explicit authorization to do so. Our application icon is discrete, and does not indicate by design, branding, or other external feature an affiliation with substance abuse treatment, addiction, or recovery. Our HIPAA compliance training includes a review of 42 CFR 2, and all employees are educated on the importance and necessity of respect for persons and privacy. Our application requires an individual login to view scheduled appointments, contacts, or any other data that might be considered sensitive, or identifying the individual as a current or former individual in long term recovery. 

We don't disclose information about our clients without their consent. They choose what is shared and with whom. In the event that a treatment center requests access to the data dashboard, we require a consent from our client that describes the data shared and the applications before the data dashboard can be viewed by the treatment center.

Disclosures to law enforcement are determined by the requirements set forth in our Terms and Conditions.

Text Message Terms

We have developed an automated enrollment process. By providing a mobile number that allows you to receive text message or short message reminders and information, you are opting to participate in our mobile enrollment process and you agree to be bound by the following terms and conditions related to our SMS text notification services.

  • Usage
    As a user of this text message service you acknowledge that text messages are distributed via third-party mobile network providers and therefore we are unable to control all functions related to the delivery of text messages. You acknowledge that it may not be possible to transmit all text messages successfully. While we do not charge you for these services, message and data rates may apply from your mobile carrier.
  • Opt Out
    To stop receiving text messages, text STOP to a text message you receive. You consent to receive one last message from us confirming your inactivation. If you stop using your mobile phone number you must alert us immediately to unsubscribe from the service.

The WEconnect Data Protection Officer is Dan Gonzalez (privacy@weconnectrecovery.com). 

 

Introduction to Privacy at WEconnect

We at WEconnect know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.

The WEconnect website and all other products and services, including mobile applications, owned, controlled or offered by WEconnect, and all content offered as part of those products, services, and applications, are collectively referred to herein as the “services.” Subscribers, account holders, customers, and others who download, access, use, and/or subscribe to the Services (“you”) agree to the following privacy policy (the “Privacy Policy”).

By using or accessing our Services in any manner, you are acknowledging that you accept and are opting in to the practices and policies outlined in the Privacy Policy and Terms and conditions. By accessing the Services, you represent that you are over 13 years of age, and you consent to the practices in this Privacy Policy that WEconnect will collect, use, and share your information as described below.

As noted in the Terms and Conditions, WEconnect does not knowingly collect or solicit Personal Information from anyone under the age of 13. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at privacy@weconnectrecovery.com.

WEconnect Health Management PRIVACY POLICY

 

Privacy Policy Overview

WEconnect gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to provide and improve the Services, and to learn more about how you use the Services. Certified Peer Recovery Specialists will have access to the information that you enter into the products including the mobile application and messenger. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you and to make product improvements. WEconnect will not access your camera, your contacts, or your files. WEconnect will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.

THE INFORMATION WE COLLECT

The Information WEconnect Collects

WEconnect collects both Personal Information and Anonymous information through the standard operation of the Services. This information is used to identify you as a WEconnect subscriber, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services. These types of information are defined in the subparts below and used as described in the corresponding sections.

You may request access to all your personally identifiable information that we collect online and maintain in our database, by emailing us at privacy@weconnectrecovery.com.

Some information is collected automatically when you access our Services. Some information we will ask you for, and some information you may provide voluntarily. We will not ask you for information for which there is no relevant purpose, and we will not share your information with unauthorized third parties. The following section will explain what types of information we collect, and why we collect it.

  • Information you give us.
  • In order to use our services, you must sign up for an account. We will ask you for some personal information when you are activating this account, such as your name, your phone number, and your email address. We use this information to help tailor our service to you in the following ways: 
  • To verify your identity
  • To reach out to you in the event of a security incident
  • To assist in creating your account
  • To connect to your treatment network
  • To verify your location during scheduled check-ins
  • To redeem your Contingency Management Reinforcement

If you choose to engage in additional  peer recovery support Services the information shared will remain confidential unless the Peer is legally and ethically obligated to report disclosure of personal involvement with child or elder abuse/neglect, threatened self-harm, or harm to others or other situations requiring a Mandatory Report be made.

  • Information we get from your use of our services
  • We collect information about the services that you use and how you use them. For example, when you visit our website or log in, we may collect browser data, your IP address, or device specific information, such as the model of your device, your operating system, and your IP address. This helps us to improve the way our website is designed, and how people can search for us. We do not share this information with any unauthorized third party. 
  • We also may use cookies when you visit our website on your computer or mobile device. Cookies may uniquely identify your browser or device, and give us insight into how you use our services. We use this information to improve the way we design our services. This information is not used to create commercial or advertising profiles for third parties. Individually identifiable information will never be shared without permission.
  • We also collect information that verifies your adherence to your treatment plan, such as your location (discussed below) and your routines. We respect your confidentiality and your right to privacy.  
  • Location information and GPS tracking
  • The WEconnect app can use location data to allow you to check-in to your activities and support routines. The WEconnect app will ask you to opt in to this service when you sign up. When you check-in to an activity, we verify your location using the location services on your device, and the length of your stay. This helps you to stay accountable, and may be required for your support program. WEconnect will not collect or retain any location data not relevant to your routines or activities. 
  • This function can be turned on or off in the settings menu of the application. Please be aware that disabling the location services may impede the function of the application, and may prevent you from complying with certain terms of your treatment program. You can learn more about how verification works in our Location Services FAQ.
  • Information we get from your care providers or treatment centers
  • We do not solicit information about you from any third party other than your care team. In the event that someone, such as your treatment facility, provides us with information about you, this information is considered private and confidential, and will not be shared with unauthorized third parties.

The Information WEconnect Shares

  • Aggregate Data: Aggregate data are data that are no longer personally identifiable. WEconnect may share these aggregate statistics with our associates to determine the ways in which our services are used, and how we can improve. We store aggregate and anonymized data indefinitely. 
  • Personally Identifying information: WEconnect will share your personal information ONLY with those entities you have authorized to view it.  WEconnect stores this information as long as your profile is active. All personal data can be deleted upon request by contacting privacy@weconnectrecovery.com

Our Third Party Associates

WEconnect will work with other entities only under conditions when permitted. HIPAA Covered Entities and Business Associates are entities with whom sensitive data are shared and are required by law to abide by the conditions set forth in those laws. When appropriate, WEconnect forms Business Associate Agreements with partners. 

Contingency Management Reinforcement Program

WEconnect partners with Tango Card (or Tango) to deliver Contingency Management Reinforcers. This information will not contain any information related to your treatment or your recovery. WEconnect will not share any health information, or any other confidential information, with Tango. 

The Information WEconnect Retains:

Data that have been collected about you that have been anonymized cannot be removed from aggregate banks, but cannot be used to identify you. De-identified data such as usage history, location data, and other information stored in your account may continue to be used internally for quality improvement research to enhance efficacy, accuracy, development of features and customer experience. Data that are requisitely retained will be retained securely only for the duration of the retention requirement. WEconnect must retain some data (such as a record of consent) to meet regulatory obligations. 

Messaging and WEconnect:

The WEconnect service may allow you to send messages to your WEconnect Peer. Messages you send or receive through the WEconnect services are stored within the WEconnect system and are subject to the same protections as data stored within the app.

Your Account Security 

We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our services. Each username is connected to a unique password which allows you to log in to your account. DO NOT SHARE YOUR PASSWORD AND USERNAME WITH ANYONE. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Service associated with your username. We reserve the right to revoke or deactivate your username and password at any time. If you have security concerns, questions, or need to reset your password, contact us at privacy@weconnectrecovery.com

WEconnect Subscription

All payments for subscriptions and accounts are processed by Stripe, Inc., which ensures safe transactions using Secure Sockets Layer (SSL). Stripe, Inc. provides WEconnectwith the details of each purchase. These details include name and email address (this information is retained by WEconnect for future contact and support), but do not include specifics such as credit card or routing numbers.

Downloads of the WEconnect application are processed by Google Inc., Apple Inc. and TestFlight. WEconnect’s privacy policies and practices are not extensible to these entities. Please refer to Google’s privacy policy for questions about downloading Android Apps, and Apple’s Privacy Policy for questions about iTunes and TestFlight. These entities do not share any personal data with WEconnect.

Safety, Security, and Compliance with Law.

We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights, or to protect the safety and security of our Applications or other subscribers. For more information, please see our Disclosure to Law Enforcement Policy.

Jurisdiction

This agreement shall be governed by the laws of the State of Washington without giving effect to its conflict of laws provisions. All actions, suits or proceedings arising out of or based upon these Standard Terms and Conditions or the subject matter of these Standard Terms and Conditions shall be brought and maintained exclusively in the federal or state courts located in King County in the State of Washington, and you consent to the sole and exclusive jurisdiction of such courts for any such action, suit or proceeding.

Complaints

You may submit complaints, comments, or questions to privacy@weconnectrecovery.com

Severability

If any provision of this agreement is unlawful, void or unenforceable, the remaining provisions of the agreement will remain in place.

Notification of Changes

WEconnect Health Management reserves the right, in its sole discretion, to modify this Privacy Policy at any time and without prior notice. If WEconnect Health Management amends these Terms and Conditions, it will update this posting on the Website. Your continued use of the Services following the posting of a new version of the Privacy Policy constitutes your consent to the amended terms. If the amended Privacy Policy terms are not acceptable to you, you should not continue to use the Services.