Terms & Conditions

IF YOU OBJECT TO ANYTHING IN THESE Terms and Conditions OR IN THE PRIVACY  POLICY, DO NOT USE THE SERVICES. 

WEconnect Health Management (“WEconnect”, “us”, “ours”) websites, mobile applications, and  all other products and Services, including mobile applications, owned, controlled or offered by  WEconnect Health Management, and all content or Services offered in connection with or as  part thereof, are collectively referred to herein as the “Services.” Subscribers, account holders,  customers, and others who download, access, use, and/or subscribe to the Services (“you”) are  required to agree to these Terms and Conditions (the “Terms and Conditions”). Your use of the  Services constitutes your acceptance of and agreement to all of the Terms and Conditions in  both the Terms and Conditions and the Privacy Policy. The Terms and Conditions govern your  use of the Services and are a condition to your use of the Services. 

By using the Services, you are agreeing to the content of these Terms and Conditions, and the  content of our Privacy Policy. When you use our Services, you are acknowledging that you have  read, understood, and agree to be bound by all the terms, conditions, consents and disclosures  set forth in the Terms and Conditions and the Privacy Policy. If you do not agree to these Terms  and Conditions, the Privacy Policy, the applicable guidelines and/or the applicable end user  license agreement (if any), you must stop using the Services immediately. 

Who Can Use These Services? 

WEconnect Health Management Services are currently available only for individuals aged 13  years old or older. BY USING OR ACCESSING THE SERVICES, YOU ARE AFFIRMING THAT  YOU ARE AGED 13 OR OLDER. 

When WEconnect provides Services pursuant to a written agreement with an educational  institution, students under 18 may access the Services only with appropriate parental or  guardian consent and institutional authorization, as required by the Family Educational Rights  and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA). For  FERPA-covered programs, additional student and parent/guardian rights are described in the  Regulatory Compliance — FERPA section below. 

Use of Materials on the Site 

All content on this site (including, without limitation, text, design, graphics, logos, icons, images,  audio clips, downloads, interfaces, code and software, as well as the selection and arrangement  thereof), is the exclusive property of and owned by WEconnect, its licensors or its content  providers and is protected by copyright, trademark and other applicable laws. You may access, copy, download and print the material contained on the site for your personal  and non-commercial use, provided you do not modify or delete any copyright, trademark or  other proprietary notice that appears on the material you access, copy, download or print. Any other use of content on the site, including but not limited to the modification, distribution,  transmission, performance, broadcast, publication, uploading, licensing, reverse engineering,  transfer or sale of, or the creation of derivative works from, any material, information, software,  products or services obtained from the site, or use of the site for purposes competitive to  WEconnect, is expressly prohibited. 

You agree to abide by all additional restrictions displayed on the site as it may be updated from  time to time. WEconnect reserves the right to refuse or cancel any person’s registration for this  site, remove any person from this site or prohibit any person from using this site for any reason  whatsoever. 

WEconnect, or its licensors or content providers, retain full and complete title to the material  provided on the site, including all associated intellectual property rights, and provide this  material to you under a license that is revocable at any time in WEconnect’s sole discretion. WEconnect neither warrants nor represents that your use of materials on this site will not  infringe rights of third parties not affiliated with WEconnect. 

You may not use contact information provided on the site for unauthorized purposes, including  marketing. You may not use any hardware or software intended to damage or interfere with the  proper working of the site or to surreptitiously intercept any system, data or personal information  from the site. You agree not to interrupt or attempt to interrupt the operation of the site in any  way. 

WEconnect reserves the right, in its sole discretion, to limit or terminate your access to or use of  the site at any time without notice. Termination of your access or use will not waive or affect any  other right or relief to which WEconnect may be entitled at law or in equity. In addition to any applicable End User License you may have signed, you give WEconnect  Health Management permission to use any content submitted by you to the Services  (“Submissions”) or generated through your use of an Application (“Content”) for purposes  including but not limited to: 

1. Administering, maintaining, updating, improving, testing, accessing and using the  Services 

2. Engaging third parties as necessary to achieve the above 

3. Facilitating any business transition (e.g., merger, acquisition) 

4. Complying with applicable law or government request 

Links 

This site may contain links to other websites. Some are operated by WEconnect or its affiliates,  while others are operated by third parties. These links are provided for convenience and  additional access to information. 

WEconnect is not responsible for the content, services, or products on third-party sites, nor  does inclusion of these links constitute an endorsement. Different terms and conditions may  apply to your use of any linked sites. WEconnect is not liable for any losses or damages  resulting from the use of linked sites. 

Medical Disclaimer 

NEITHER WEconnect NOR THE SERVICES PROVIDED CONSTITUTE MEDICAL ADVICE. IF YOU THINK YOU HAVE A MEDICAL EMERGENCY, CALL EMERGENCY SERVICES  IMMEDIATELY. 

The content provided is for informational purposes only. It does not replace professional medical advice or treatment. Always seek advice from a qualified health provider for medical conditions.  WEconnect does not endorse any specific provider or treatment mentioned. 

Modification of Terms and Conditions and/or Services 

WEconnect reserves the right to modify these Terms at any time without prior notice. Updated  terms will be posted online. Continued use of the Services implies acceptance. If you do not  agree, discontinue use of the Services. 

Privacy 

Please refer to the Privacy Policy for details on how your information is collected, used, and  protected. 

Our Privacy Policy includes detailed compliance statements covering HIPAA, 42 CFR Part 2,  FERPA (Family Educational Rights and Privacy Act), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), PIPEDA (for Canadian users), and the Health  Breach Notification Rule (16 C.F.R. Part 318). The Privacy Policy is available at  weconnecthealth.io/privacy-policy. 

Your Rights 

Under applicable federal and state laws, you have the following rights with respect to your  personal information: 

Right of Access 

You have the right to request a copy of your personal data held by WEconnect. To submit an  access request, contact privacy@weconnecthealth.io. 

Right to Request Changes 

You have the right to request correction or amendment of your personal data. For data subject  to HIPAA, the right to amend protected health information may be governed by the Covered  Entity’s policies and procedures, not WEconnect’s directly as a Business Associate. WEconnect  will assist with amendment requests as directed by the applicable Covered Entity per the  Business Associate Agreement. 

Right to Request Deletion 

You have the right to request deletion of your personal data. WEconnect will process deletion  requests in accordance with its data retention schedule and applicable law. Contact  privacy@weconnecthealth.io to submit a deletion request. 

Right to an Accounting of Disclosures 

You have the right to request a record of certain disclosures of your protected health information  as required under 45 C.F.R. § 164.528. Where WEconnect has made disclosures of your PHI  other than for treatment, payment, or healthcare operations purposes, you may request an  accounting of those disclosures. As a Business Associate, WEconnect will support the  applicable Covered Entity in responding to such requests as required by the applicable  Business Associate Agreement. 

California residents and Canadian users may have additional rights as described in the Privacy  Policy. To exercise any of your rights, contact privacy@weconnecthealth.io. 

Regulatory Compliance 

WEconnect is subject to applicable federal and state privacy laws and the investigatory and  enforcement powers of relevant regulatory authorities. The following summarizes WEconnect’s  key regulatory obligations as they pertain to your use of the Services. 

HIPAA Compliance 

WEconnect operates as a Business Associate (BA) under HIPAA-compliant Covered Entities.  Our uses and disclosures of protected health information (PHI) comply with HIPAA’s Privacy  Rule, Security Rule, and Breach Notification Rule, and with applicable Business Associate  Agreements (BAAs). WEconnect maintains BAAs with all Covered Entities and subcontractors  with whom PHI is shared. 

WEconnect is subject to the investigatory and enforcement powers of relevant regulatory  authorities, including the Office for Civil Rights (OCR) within the Department of Health and  Human Services (HHS). WEconnect’s obligations include compliance with the Health Breach  Notification Rule (16 C.F.R. Part 318), which requires notification in the event of a breach of  unsecured personal health record information. 

Certain individual rights under HIPAA — including the right to access PHI, request amendments,  request an accounting of disclosures, and request restrictions on uses and disclosures — are obligations of the Covered Entity. WEconnect will support Covered Entities in fulfilling these  obligations as required by the applicable BAA. 

42 CFR Part 2 Compliance 

Some data processed through the Services may be protected by 42 CFR Part 2, which governs  the confidentiality of substance use disorder (SUD) patient records. WEconnect requires explicit  authorization and consent to share any data protected by Part 2 and does not disclose Part 2 data without explicit authorization. 

When WEconnect processes Part 2 data on behalf of a Covered Entity, the consent and  authorization requirements are governed by the relationship between the Covered Entity and  the individual. WEconnect will comply with Part 2 as required by its agreements with Covered  Entities. 

FERPA Compliance 

When WEconnect provides Services pursuant to a written agreement with an educational  institution that receives federal funding, WEconnect may act as a “school official” with a  “legitimate educational interest” under the Family Educational Rights and Privacy Act (FERPA),  20 U.S.C. § 1232g, and its implementing regulations at 34 C.F.R. Part 99. In such contexts: 

• WEconnect will use and disclose personally identifiable information from student  education records only for the purposes specified in its agreement with the educational  institution and as permitted by FERPA. 

• WEconnect will not redisclose FERPA-protected information to unauthorized third parties  without prior written consent from the eligible student (or parent/guardian if the student is  a minor), except as otherwise permitted under FERPA. 

• WEconnect will maintain FERPA-protected records in accordance with the institution’s  data governance requirements and applicable law, and will allow the educational  institution to inspect and review any FERPA-covered records maintained on its behalf  upon request. 

• Eligible students — and, where applicable, parents or guardians of minor students —  retain all rights afforded under FERPA, including: the right to inspect and review  education records; the right to request amendment of inaccurate or misleading records;  the right to consent to disclosures of personally identifiable information; and the right to  file a complaint with the U.S. Department of Education’s Family Policy Compliance Office  (FPCO). 

For FERPA-related inquiries, contact privacy@weconnecthealth.io or the privacy compliance  office of the applicable educational institution. 

Our Use of Artificial Intelligence 

We may use artificial intelligence (AI) tools to support certain non-clinical business operations,  such as drafting communications, creating educational materials, and conducting research. We  are committed to the responsible use of these technologies. 

All AI-assisted work is reviewed, verified, and refined by qualified staff before use. AI does not  replace human judgment — our employees remain fully accountable for the accuracy, quality,  and appropriateness of their work, regardless of whether AI tools were used in its creation. AI is never used for clinical decision-making,  processing protected health information, or automated communications with patients. 

We maintain strict data protection standards in our use of AI. Protected health information  and other sensitive data are never entered into AI tools. Our internal AI usage policy aligns with  HIPAA requirements and is informed by the NIST AI 

Risk Management Framework and healthcare industry best practices. 

We regularly review and update our AI practices as the technology evolves. If you have  questions about our use of AI, please contact us. 

Data Breach Notification 

WEconnect is committed to protecting your personal information. In the event of a data breach  that affects your personal information, WEconnect will act in accordance with applicable law and  the following procedures: 

• For breaches involving protected health information (PHI) subject to HIPAA,  WEconnect’s obligation as a Business Associate is to notify the applicable Covered  Entity of the breach. The Covered Entity is then responsible for notifying affected  individuals and the Department of Health and Human Services as required by the HIPAA  Breach Notification Rule. WEconnect will cooperate fully with Covered Entities in the  breach notification process. 

• For breaches not involving HIPAA-covered PHI, WEconnect will notify affected  individuals directly in accordance with applicable federal and state breach notification  laws, and will provide information about the nature of the breach, the types of information  involved, and steps you can take to protect yourself. 

• WEconnect will take prompt action to contain and remediate any breach and will  maintain incident response procedures consistent with applicable law, including the  Health Breach Notification Rule (16 C.F.R. Part 318). 

Your Account 

To access some features, you must create an account. You are responsible for maintaining your  account security and password. If your security is compromised, notify WEconnect at  privacy@weconnecthealth.io. 

Your Responsibility 

By using the Services, you agree to follow these guidelines and refrain from: • Bullying or harassment 

• Stalking or unwanted contact 

• Impersonation or misrepresentation 

• Unauthorized collection of personal data 

• Sharing or posting harmful content 

• Using automated tools to scrape or hack the Services 

Law Enforcement Cooperation 

WEconnect will cooperate with law enforcement agencies as required by law and reserves the  right to disable or remove content at its sole discretion. 

Mandatory Reporting 

Peer support specialists are legally required to report any signs of abuse, neglect, or harm to  authorities. Use of our services confirms your understanding and agreement to this. 

Customer Content 

You are responsible for any content you submit. WEconnect does not verify or guarantee the  accuracy of content and has no obligation to monitor it. 

Contingency Management Reinforcers 

Some rewards may be offered via third parties, including Tango Card (or Tango), which is used  to deliver Contingency Management Reinforcements where applicable. Information shared with  such third parties is limited to what is necessary to process the reinforcement and does not  include any health information, treatment details, or other confidential data. Transactions with  such third parties are solely between you and them. These relationships do not impact your use  of WEconnect services. 

Miscellaneous 

Compliance with Laws Each party must comply with applicable laws in connection with  product use and payment. 

Force Majeure Neither party is liable for events beyond reasonable control (e.g., natural  disasters, war, labor disputes). 

Third Party Rights No third party has enforcement rights under these Terms. Enforceability If any part of the Terms is invalid, the rest remains enforceable. Governing Law Terms are governed by Washington state law. Disputes will be handled in King  County, Washington. 

Termination WEconnect may terminate access for any reason. Termination does not negate  your responsibility under previous Terms. 

Assignment You may not assign these Terms. They are binding on you and your successors. Survival If one clause is unenforceable, all others remain in effect. 

Limitation of Warranty and Liability; Indemnity 

WEconnect disclaims all implied warranties, including fitness for a particular purpose or  merchantability, to the fullest extent permitted by law. You agree to indemnify WEconnect for  any claims or losses resulting from your use of the Services. 

WEconnect will indemnify you for losses resulting from: 

• Breach of Terms by WEconnect 

• Infringement of third-party IP rights 

• Misuse of data or PHI 

• Negligent or unlawful acts by WEconnect