This notice describes how WEconnect Health Management, doing business as WEconnect will collect and store information about you, and how that information is shared.
In summary, we collect sensitive personal information in order to support the core function of the application, which is to reduce relapse by making recovery routines accessible and increasing individual accountability. We do this by verifying your location at scheduled times and allowing approved individuals to review your adherence to your routines. We ask for permission before collecting this information, and we ask for permission before we share it. We do not use this information to create individual commercial profiles. We do not share information with unauthorized third parties. We recognize that the nature of this sensitive data requires that we protect and secure this information at every step to ensure that your privacy is respected.
The information we collect is not intended to be used for punitive purposes.
WEconnect can verify compliance with a treatment routine. WEconnect does NOT verify non-compliance.
Laws in place to protect your privacy accord you certain rights. You have the right to request a copy of your personal data, the right to request deletion of your personal data, and the right to limit sharing and disclosure of your personal data or revoke your consent to share data at any time. You can do any of these things by emailing firstname.lastname@example.org or email@example.com.
WEconnect is subject to the investigatory and enforcement powers of the Federal Trade Commision (FTC), the Office of Civil Rights (OCR) and the Department of Health and Human Services.
Under certain conditions, individuals may invoke binding arbitration.
WEconnect may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements (for more information, see our “Disclosures to Law Enforcement” policy).
WEconnect accepts accountability for onward transfer of data, and does not share personal data with unauthorized third parties without notice and consent.
Statement of HIPAA Compliance
As a Business Associate (BA) of HIPAA compliant Covered Entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards. Our uses and disclosures of protected health information will comply with HIPAA and related Business Associate Agreements. To review the measures we have taken to ensure compliance, please see our Compliance and Security Overview.
Statement of 42 CFR Part 2 Compliance
WEconnect is prepared to work with any entity requiring compliance with 42 CFR part 2. Our operating processes and security parameters are designed to protect individual data to the highest reasonable standard.
WEconnect requires explicit authorization and consent to share data within an individual’s support network. Support persons are added to this network by the client themselves. We do not share data on behalf of any client without explicit authorization to do so.
All data are input and reported by the account holder, with the exception of GPS location, which is collected by the mobile device independently of WEconnect, and is verified and reported by consent only. Auto check-in features can be disabled by the account holder.
Our application icon is discrete, and does not indicate by design, branding, or other external feature an affiliation with substance abuse treatment, addiction, or recovery.
Our HIPAA compliance training includes a review of 42 CFR 2, and all employees are educated on the importance and necessity of respect for persons and privacy.
Our application requires an individual login to view scheduled appointments, contacts, or any other data that might be considered sensitive, or identifying the individual as a current or former individual in long term recovery.
We don't disclose information about our clients without their consent. They choose what is shared and with whom. In the event that a treatment center requests access to the data dashboard, we require a consent from our client that describes the data shared and the applications before the data dashboard can be viewed by the treatment center.
Disclosures to law enforcement are determined by the requirements set forth in our policies which are available for review.
Text Message Terms
We have developed an automated enrollment process. By providing a mobile number that allows you to receive text message or short message reminders and information, you are opting to participate in our mobile enrollment process and you agree to be bound by the following terms and conditions related to our SMS text notification services.
Usage As a user of this text message service you acknowledge that text messages are distributed via third-party mobile network providers and therefore we are unable to control all functions related to the delivery of text messages. You acknowledge that it may not be possible to transmit all text messages successfully. While we do not charge you for these services, message and data rates may apply from your mobile carrier.
Opt Out To stop receiving text messages, text STOP to a text message you receive. You consent to receive one last message from us confirming your inactivation. If you stop using your mobile phone number you must alert us immediately to unsubscribe from the service.
Statement of GDPR Compliance
Beginning on May 25th, 2018, The European Union will require much stricter protections for individually identifiable data. These new laws are intended to provide individuals with greater transparency, access and control over how their data are collected and used.
WEconnect believes that the data you share belong to you, and that you should be able to control what information we share about you. Consequentially, WEconnect has adopted the requirements of the General Data Protection Regulation (GDPR), since we believe that all individuals have the right to control their own narratives. This belief is reflected in our consent, collection and storage practices. Our policies have been designed to meet this commitment.
WEconnect is located in the United States, and uses cloud based storage. When you submit your personal information to our app, this information may be transferred to the United States in order for us to provide you with our services.
In compliance with the Privacy Shield Principles, WEconnect commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact WEconnect at: firstname.lastname@example.org.
WEconnect has further committed to refer unresolved Privacy Shield complaints to Privacy Trust, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint for more information or to file a complaint. The services of Privacy Trust are provided at no cost to you.
We at WEconnect know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.
As noted in the Terms of Service, WEconnect does not knowingly collect or solicit Personal Information from anyone under the age of 13 in the United States, or under the age of 16 in the European Union without parental consent. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information as quickly as possible. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at email@example.com.
WEconnect gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to help you fulfill rehabilitation requirements, to provide and improve the Services, and to learn morea bout how you use the Services. Certified Peer Recovery Specialists will have access to the information that you enter into the products including the mobile application and messenger. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you and to make product improvements. WEconnect will not access your camera, your contacts, or your files. WEconnect will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.
The Information WEconnect Collects
WEconnect collects both Personal Information and Anonymous information through the standard operation of the Services. This information is used to identify you as a WEconnect subscriber, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services. These types of information are defined in the subparts below and used as described in the corresponding sections.
You may request access to all your personally identifiable information that we collect online and maintain in our database, by emailing us at firstname.lastname@example.org.
Some information is collected automatically when you access our Services. Some information we will ask you for, and some information you may provide voluntarily. We will not ask you for information for which there is no relevant purpose, and we will not share your information with unauthorized third parties. The following section will explain what types of information we collect, and why we collect it.
Information you give us
In order to use our services, you must sign up for an account. We will ask you for some personal information when you are activating this account, such as your name, your phone number, and your email address. We use this information to help tailor our service to you in the following ways:
To verify your identity.
To reach out to you in the event of a security incident.
To assist in creating your account and populating the fields.
To add events to your calendar.
To connect to your treatment network.
To verify your location during scheduled check-ins.
To redeem your rewards.
If you are signing up through a treatment center, we will ask you for information about your center to confirm your dashboard account. Some of the information that we collect is considered PHI, if you provide us with dates and times of appointments, the names of your providers, or any other information provided in the context of your recovery. We understand that this information is sensitive.
If you choose to engage in additional communication Peer Recovery Support Specialists the information shared will remain confidential unless the Peer is legally and ethically obligated to report disclosure of personal involvement with child or elder abuse/neglect, threatened self-harm, or harm to others.
We will ask for your permission before collecting or sharing this information, and we do not share this information with anyone outside of your approved support network.
Information we get from your use of our services
We collect information about the services that you use and how you use them. For example, when you visit our website or log in, we may collect browser data, your IP address, or device specific information, such as the model of your device, your operating system, and your IP address. This helps us to improve the way our website is designed, and how people can search for us. We do not share this information with any unauthorized third party.
We also collect information that verifies your adherence to your treatment plan, such as your location (discussed below) and your routines. We respect your confidentiality and your right to privacy.
Location information and GPS tracking
WEconnect can verify compliance with a treatment routine. WEconnect does NOT verify non-compliance.
The WEconnect app can use location data to allow you to check-in to your activities and support routines. The WEconnect app will ask you to opt into this service when you sign up. When you check-in to an activity, we verify your location using the location services on your device, and the length of your stay. This helps you to stay accountable, and may be required for your support program. WEconnect will not collect or retain any location data not relevant to your routines or activities.
This function can be turned on or off in the settings menu of the application. Please be aware that disabling the location services may impede the function of the application, and may prevent you from complying with certain terms of your treatment program. You can learn more about how verification works in our Location Services FAQ.
Information we get from your care providers or treatment centers
We do not solicit information about you from any third party other than your care team. In the event that someone, such as your treatment facility, provides us with information about you, this information is considered private and confidential, and will not be shared with unauthorized third parties.
The Information WEconnect Shares
Aggregate data are data that are no longer personally identifiable. WEconnect may share these aggregate statistics with our associates to determine the ways in which our services are used, and how we can improve. We store aggregate and anonymized data indefinitely.
Personally Identifying Information
WEconnect will share your personal information ONLY with those entities you have authorized to view it. WEconnect stores this information as long as your profile is active. All personal data can be deleted upon request by contacting email@example.com.
Coordinating with Your Treatment Center
When you activate your account with us through your treatment center, you are provided with a treatment center code, which connects you to your treatment center and allows your care team to keep current with your progress and your adherence to your routine. This will not happen without your consent. If you are using WEconnect as part of your recovery routine, you will be asked to sign a separate authorization explicitly allowing this connection by your treatment center. If you are not using WEconnect in connection with a specific treatment center, your progress will not be shared with any third party without your knowledge or consent.
Our Third Party Associates
WEconnect will work with other entities only under conditions permitted by laws such as HIPAA and the GDPR. All entities with whom sensitive data are shared are required by law to abide by the conditions of collection, storage and dissemination set forth in those laws, and this requirement is ratified by contracts known as Business Associate Agreements or Data Processing Addendums.
This means that only authorized entities such as your treatment center or medical record storage company will ever access your personal information, and that we make sure all the companies we work with, such as our email provider and development tools, agree to protect these data to the same standards as required by law.
The Information WEconnect Retains
Once you have ended your WEconnect App subscription, your identifying information will be removed from our database of active subscribers. Data that have been collected about you that have been anonymized cannot be removed from aggregate banks, but THESE DATA CANNOT BE USED TO IDENTIFY YOU. De-identified data such as usage history, location data, and other information stored in your account may continue to be used internally for quality improvement research to enhance efficacy, accuracy, development of features and customer experience. Data that are requisitely retained will be retained securely only for the duration of the retention requirement.
The Right to be Forgotten
WEconnect recognizes that individuals have the right to ask that their personal information be excised from our records, and we respect that right. You can ask to have all PII deleted by emailing us at firstname.lastname@example.org.
Please be aware that WEconnect must retain some data (such as a record of consent) to meet regulatory obligations under and beyond the GDPR, and that when these separate regulatory and compliance obligations carry different lifetimes on collected and stored data, WEconnect is required to observe the longest lifetime of the conflicting regulations.
Messaging and WEconnect
The WEconnect service allows you to send messages to your care team. Messages you send or receive through the WEconnect services are stored within the WEconnect system and are subject to the same protections as data stored within the app.
Your Account Security
We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our services. Each username is connected to a unique password which allows you to log in to your account. DO NOT SHARE YOUR PASSWORD AND USERNAME WITH ANYONE. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Service associated with your username. We reserve the right to revoke or deactivate your username and password at any time. If you have security concerns, questions, or need to reset your password, contact us at email@example.com.
WEconnect places a premium on protecting your information, but you should remain aware that any information you share online may be accessed by others. WEconnect is not responsible for the actions of those who obtain your content in this manner. WEconnect cannot guarantee your safety and security and you should be aware that submitting any information and using the Services is done at your own risk. DO NOT INCLUDE INFORMATION IN YOUR PUBLIC PROFILE THAT YOU WOULD PREFER TO KEEP PRIVATE. WEconnect is not responsible for the voluntary disclosure of personal information or personally identifying information on any public forum.
Information stored or transferred electronically is never completely secure, so while we at WEconnect do our best to protect you and your privacy, please be aware that absolute security cannot be guaranteed by WEconnect.
All payments for subscriptions and accounts are processed by Stripe, Inc., which ensures safe transactions using Secure Sockets Layer (SSL). Stripe, Inc. provides WEconnectwith the details of each purchase. These details include name and email address (this information is retained by WEconnect for future contact and support), but do not include specifics such as credit card or routing numbers.
Safety, Security, and Compliance with Law
We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights, or to protect the safety and security of our Applications or other subscribers. For more information, please see our Disclosure to Law Enforcement Policy.
This agreement will be governed solely by the internal laws of the State of Washington, without reference to any principles of conflicts of law. The parties consent to the personal and exclusive jurisdiction of the federal and state courts in King County, Washington.
If you believe that our policies or practices have been inconsistent with the Privacy law, you may submit complaints to the HHS or to firstname.lastname@example.org.
This agreement will be enforced to the fullest extent permitted by applicable law. If for any reason any provision of this agreement is held to be invalid or unenforceable to any extent, then (a) the provision will be interpreted, construed, or reformed to the extent reasonably required to render the provision valid, enforceable, and consistent with the original intent underlying such provision; (b) the provision will remain in effect to the extent that it is not invalid or unenforceable; and (c) the invalidity or unenforceability of the provision will not affect any other portion of this agreement.
Notification of Changes
How WEconnect Supports Recovery
Find out how WEconnect helps people and organizations across the industry tackle substance use disorder.