Privacy Policy

Last Updated: February 17, 2026

TL;DR

This notice describes how WEconnect Health Management, doing business as WEconnect ("WEconnect," "we," "us," or "our"), will collect and store information about you, and how that information is shared.

In summary, we collect sensitive personal information in order to support the core function of the platform, which is to connect you with confidential peer support, personal wellness tools, and accountability resources that support your mental health and well-being. We do this by facilitating peer support sessions, wellness tracking, goal-setting, and other features designed to support your personal journey. We ask for permission before collecting this information, and we ask for permission before we share it. We do not use this information to create individual commercial profiles. We do not share information with unauthorized third parties. We recognize that the nature of this sensitive data requires that we protect and secure this information at every step to ensure that your privacy is respected. The information we collect is not intended to be used for punitive purposes.

Your Rights

Laws in place to protect your privacy accord you certain rights. Under applicable federal and state laws, you have the following rights:

  • Right of Access: You have the right to request a copy of your personal data.
  • Right to Request Changes: You have the right to request correction or amendment of your personal data. For data subject to HIPAA, the right to amend protected health information may be governed by the Covered Entity's policies and procedures, not WEconnect's directly as a Business Associate. WEconnect will assist with amendment requests as directed by the applicable Covered Entity per the Business Associate Agreement.
  • Right to Request Deletion: You have the right to request deletion of your personal data.
  • Right to an Accounting of Disclosures: You have the right to request a record of certain disclosures of your protected health information. Where WEconnect has made disclosures of your PHI other than for treatment, payment, or healthcare operations purposes — or as otherwise excluded under HIPAA — you may request an accounting of those disclosures. As a Business Associate, WEconnect will support the applicable Covered Entity in responding to accounting of disclosure requests as required by the Business Associate Agreement and 45 CFR §164.528.

Our Responsibilities

WEconnect is subject to applicable federal and state privacy laws and the investigatory and enforcement powers of relevant regulatory authorities, including the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS). WEconnect’s obligations include compliance with the Health Breach Notification Rule (16 C.F.R. Part 318), which requires notification in the event of a breach of unsecured personal health record information. WEconnect does not share personal data with unauthorized third parties without notice and consent.

Regulatory Compliance

Statement of HIPAA Compliance

As a Business Associate (BA) under HIPAA-compliant Covered Entities, we have an obligation to implement effective security and privacy policies that comply with HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule. Our uses and disclosures of protected health information (PHI) will comply with HIPAA and applicable Business Associate Agreements (BAAs). WEconnect maintains BAAs with all Covered Entities and subcontractors with whom PHI is shared. To review the measures we have taken to ensure compliance,see our Compliance and Security Overview. As a Business Associate, WEconnect's obligations under HIPAA are defined by its BAAs with Covered Entities. Certain individual rights under HIPAA — including the right to access PHI, request amendments, request an accounting of disclosures, and request restrictions on uses and disclosures — are obligations of the Covered Entity. WEconnect will support Covered Entities in fulfilling these obligations as required by the applicable BAA.

Statement of 42 CFR Part 2 Compliance

Some data processed through the Services may be protected by 42 CFR Part 2, which governs the confidentiality of substance use disorder (SUD) patient records. 

WEconnect requires explicit authorization and consent to share any data protected by Part 2. We operate on a consent-based data sharing model: individuals control what information is shared and with whom. We do not disclose Part 2 data on behalf of any individual without explicit authorization to do so. Our privacy and security training includes a review of 42 CFR Part 2, and all employees are educated on the importance and necessity of respect for persons and privacy. Part 2 consent and redisclosure obligations may flow through the Covered Entity. When WEconnect processes Part 2 data on behalf of a Covered Entity, the consent and authorization requirements are governed by the relationship between the Covered Entity and the individual. WEconnect will comply with Part 2 as required by its agreements with Covered Entities.

Disclosures to law enforcement are determined by the requirements set forth in our Disclosure to Law Enforcement Policy and applicable law.

Introduction

About WEconnect

WEconnect Health Management ("WEconnect") is a mental health and wellness platform that connects individuals with Certified Peer Support Specialists, virtual support sessions, wellness tracking tools, and other resources designed to support personal well-being.

We know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.

The WEconnect website and all other products and services, including mobile applications, owned, controlled, or offered by WEconnect, and all content offered as part of those products, services, and applications, are collectively referred to herein as the "Services." Subscribers, account holders, customers, and others who download, access, use, and/or subscribe to the Services ("you") agree to the following privacy policy (the "Privacy Policy").

By using or accessing our Services in any manner, you are acknowledging that you accept and are opting in to the practices and policies outlined in the Privacy Policy and Terms and Conditions. By accessing the Services, you represent that you are over 13 years of age, and you consent to the practices in this Privacy Policy, including that WEconnect will collect, use, and share your information as described below.

Information We Collect

WEconnect gathers information from users for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a user, to create an account and profile, to contact you, to provide and improve the Services, and to learn more about how you use the Services. Certified Peer Support Specialists will have access to the information that you enter into the Services, including information shared during peer support sessions. We may share some de-identified information with third parties, who might help us learn how to provide better support to you and to make product improvements. The following sections explain what information we collect and how we use it.

WEconnect collects both Personal Information and anonymous information through the standard operation of the Services. This information is used to identify you as a WEconnect user, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services. These types of information are defined in the subparts below and used as described in the corresponding sections.

You may request access to all your personally identifiable information that we collect online and maintain in our database, by emailing us at privacy@weconnecthealth.io.

Some information is collected automatically when you access our Services. Some information we will ask you for, and some information you may provide voluntarily. We will not ask you for information for which there is no relevant purpose, and we will not share your information with unauthorized third parties. The following section will explain what types of information we collect, and why we collect it.

Information You Give Us

In order to use our Services, you must sign up for an account. We will ask you for some personal information when you activate this account, such as your name, your phone number, and your email address. We use this information to help tailor our Services to you in the following ways:

  • To verify your identity
  • To reach out to you in the event of a security incident
  • To assist in creating your account
  • To connect you with your peer support network
  • To process your Contingency Management Reinforcement (where applicable)

If you choose to engage in peer support Services, the information shared will remain confidential unless the Peer Support Specialist is legally and ethically obligated to report disclosure of personal involvement with child or elder abuse/neglect, threatened self-harm, or harm to others, or other situations requiring a Mandatory Report be made.

Information We Get from Your Use of Our Services

We collect information about the Services that you use and how you use them. For example, when you visit our website or log in, we may collect browser data, your IP address, or device-specific information, such as the model of your device and your operating system. This helps us to improve the way our Services are designed. We do not share this information with any unauthorized third party.

We also may use cookies and similar technologies when you visit our website on your computer or mobile device. Cookies may uniquely identify your browser or device, and give us insight into how you use our Services. We use this information to improve the way we design our Services. This information is not used to create commercial or advertising profiles for third parties. Individually identifiable information will never be shared without permission.

We also collect information about your usage patterns and interactions with the Services, such as features used, session frequency, and engagement with wellness tools. We respect your confidentiality and your right to privacy.

Location Information

Some features of the Services may request access to your device's location services. Location data is collected only with your explicit opt-in consent. You can enable or disable location services at any time through your device settings. Please note that disabling location services may limit the functionality of certain features. WEconnect does not continuously track your location.

Information We Get from Your Care Providers or Partners

We do not solicit information about you from any third party other than your care team or authorized partners. In the event that someone, such as your care provider or partner organization, provides us with information about you, this information is considered private and confidential, and will not be shared with unauthorized third parties.

How We Use Your Information

WEconnect uses the information we collect for the following purposes:

  • To provide, maintain, and improve our Services
  • To create and manage your account
  • To connect you with Certified Peer Support Specialists
  • To facilitate peer support sessions and wellness tracking
  • To process Contingency Management Reinforcements (where applicable)
  • To communicate with you about services, updates, and security matters
  • To comply with legal obligations, including HIPAA, 42 CFR Part 2, and other applicable laws
  • To conduct internal research and quality improvement using de-identified data
  • To detect, prevent, and address technical issues, fraud, or security concerns

Information We Share

Aggregate and De-identified Data

Aggregate data are data that are no longer personally identifiable. WEconnect may share these aggregate statistics with our associates to determine the ways in which our Services are used, and how we can improve. We store aggregate and anonymized data indefinitely. De-identified data cannot be used to identify you.

Personally Identifiable Information

WEconnect will share your personal information ONLY with those entities you have authorized to receive it. WEconnect stores this information as long as your profile is active. All personal data can be deleted upon request by contacting privacy@weconnecthealth.io.

Our Third-Party Associates

WEconnect will work with other entities only under conditions permitted by law and applicable agreements. HIPAA Covered Entities and Business Associates are entities with whom sensitive data may be shared and who are required by law to abide by the conditions set forth in HIPAA and applicable regulations. WEconnect maintains Business Associate Agreements with all entities with whom PHI is shared.

Contingency Management Reinforcement Program

WEconnect partners with a prepaid card provider to deliver Contingency Management Reinforcements. Information shared with the provider is limited to what is necessary to process the reinforcement and does not include any health information, treatment details, or other confidential data. WEconnect will not share any health information, or any other confidential information, with the provider.

Data Retention

Anonymized and de-identified data cannot be used to identify you and may be retained indefinitely for quality improvement and research purposes.

De-identified data, such as usage history and service interaction data, may be used internally for quality improvement research, feature development, and enhancement of the user experience.

Personal data is retained while your profile is active. Upon account deletion or upon your request, personal data will be deleted in accordance with our retention schedule, except where retention is required by law.

Data retained pursuant to legal or regulatory requirements will be retained securely only for the duration of the retention requirement. WEconnect must retain some data (such as a record of consent) to meet regulatory obligations.

Messaging

The WEconnect Services may allow you to send messages to your WEconnect Peer Support Specialist. Messages you send or receive through the WEconnect Services are stored within the WEconnect system and are subject to the same protections as all data stored within the Services.

Data Security

WEconnect implements administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest.
  • Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
  • Security Training: All employees receive privacy and security training, including HIPAA awareness and Part 2 adherence.
  • Incident Response: WEconnect maintains incident response procedures to promptly address any security events.

For more information about our security practices, please see our Compliance and Security Overview.

Account Security

We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our Services. Each username is connected to a unique password which allows you to log in to your account. Do not share your username and password with anyone. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Services associated with your username. We reserve the right to revoke or deactivate your username and password at any time. If you have security concerns, questions, or need to reset your password, contact us at privacy@weconnecthealth.io.

Payments and Subscriptions

All payments for subscriptions and accounts are using Secure Sockets Layer (SSL). 

Downloads of the WEconnect application are processed by Google LLC, Apple Inc., and their respective app distribution platforms. WEconnect's privacy policies and practices do not govern these entities. Please refer to Google's and Apple's privacy policies for questions about downloading and using their applications and services. These entities do not share any personal data with WEconnect.

Cookies and Tracking Technologies

WEconnect uses cookies and similar technologies to enhance your experience with our Services. This section provides additional detail beyond the cookie references in "Information We Get from Your Use of Our Services" above.

Types of Cookies We Use:

  • Essential Cookies: Required for the basic operation of our Services, such as maintaining your login session and security.
  • Analytics Cookies: Help us understand how users interact with our Services so we can improve functionality and user experience.

Managing Cookies:

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be alerted when cookies are being sent. Please note that disabling essential cookies may affect the functionality of the Services.

Our Commitment:

We do not use cookies to create third-party advertising profiles. We do not use cookies to track your activity across other websites or services.

Children's Privacy

WEconnect does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal information to us.

WEconnect complies with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 13, we will delete that information as promptly as possible.

If you believe that a child under 13 may have provided us with personal information, please contact us at privacy@weconnecthealth.io.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Opt-Out of Sale or Sharing: WEconnect does not sell your personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, contact us at privacy@weconnecthealth.io. We will respond to verifiable consumer requests within 45 days.

Canadian Users (PIPEDA)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to:

  • Access your personal information held by WEconnect
  • Request correction of inaccurate or incomplete personal information
  • Withdraw your consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
  • File a complaint with the Office of the Privacy Commissioner of Canada

You can exercise any of these rights by emailing privacy@weconnecthealth.io.

Statement of CCPA/CPRA Compliance

WEconnect complies with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), with respect to the personal information of California residents.

Categories of Personal Information Collected:

  • Identifiers (name, email address, phone number, IP address)
  • Internet or other electronic network activity information (browsing history, interaction with our Services)
  • Geolocation data (only when explicitly opted in by the user)
  • Professional or employment-related information (when relevant to services provided)
  • Health information (in connection with peer support and wellness services)

Business Purpose for Collection: We collect personal information to provide, maintain, and improve our Services, to facilitate peer support sessions and wellness programs, and to comply with legal obligations.

Sale or Sharing of Personal Information: WEconnect does not sell personal information. We do not share personal information for cross-context behavioral advertising purposes.

Retention: We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

For information about exercising your California privacy rights, see the "Your Rights" section above.

Statement of PIPEDA Compliance

For users located in Canada, WEconnect complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). We are committed to the ten fair information principles set out in PIPEDA:

  1. Accountability: WEconnect is responsible for personal information under our control. Our Privacy Officer can be reached at privacy@weconnecthealth.io.
  2. Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.
  3. Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information.
  4. Limiting Collection: We collect only the personal information necessary for identified purposes.
  5. Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary.
  6. Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary.
  7. Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.
  8. Openness: We make information about our policies and practices readily available.
  9. Individual Access: Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to it.
  10. Challenging Compliance: Individuals may challenge our compliance by contacting our Privacy Officer at privacy@weconnecthealth.io.

Statement of FERPA Compliance

When WEconnect provides Services in partnership with educational institutions, certain information may be protected by the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. FERPA protects the privacy of student education records maintained by educational institutions that receive federal funding.

WEconnect's Role Under FERPA:

WEconnect may act as a "school official" with a "legitimate educational interest" under FERPA when providing services pursuant to a contract with an educational institution. In such cases:

  • WEconnect will use personally identifiable information from student education records only for the purposes specified in its agreement with the educational institution.
  • WEconnect will not redisclose FERPA-protected information to third parties without prior written consent from the student (or parent/guardian, if applicable) or unless otherwise permitted under FERPA.
  • WEconnect will maintain FERPA-protected records in accordance with the institution's data governance requirements and applicable law.

Student Rights Under FERPA:

Students (or parents/guardians of minor students) at institutions partnered with WEconnect retain the following rights under FERPA:

  • The right to inspect and review education records
  • The right to request amendment of inaccurate or misleading records
  • The right to consent to disclosure of personally identifiable information from education records (with certain exceptions)
  • The right to file a complaint with the U.S. Department of Education's Family Policy Compliance Office

For questions about FERPA-protected information, contact privacy@weconnecthealth.io or the partnering educational institution's FERPA compliance office.

Data Breach Notification

WEconnect is committed to protecting your personal information. In the event of a data breach that affects your personal information, WEconnect will:

  • Notify affected individuals in accordance with applicable federal and state breach notification laws
  • Provide information about the nature of the breach, the types of information involved, and steps you can take to protect yourself
  • Take prompt action to contain and remediate the breach

For breaches involving protected health information (PHI) subject to HIPAA, WEconnect’s obligation as a Business Associate is to notify the applicable Covered Entity of the breach. The Covered Entity is then responsible for notifying affected individuals and the Department of Health and Human Services as required by the HIPAA Breach Notification Rule. WEconnect will cooperate fully with Covered Entities in the breach notification process. For breaches not involving HIPAA-covered PHI, WEconnect will directly notify affected individuals as required by applicable state and federal law.

Safety, Security, and Legal Compliance

We may disclose information, including personal information, as necessary to comply with any applicable law, regulation, legal process, or governmental request, to enforce our rights, or to protect the safety and security of our Services or other users. For more information, please see our Disclosure to Law Enforcement Policy.

Changes to This Policy

WEconnect Health Management reserves the right, in its sole discretion, to modify this Privacy Policy at any time. When we make changes, we will update this posting on our website and revise the "Last Updated" date at the top of this policy. For material changes, we will provide prominent notice, such as an in-app notification or email to registered users. Your continued use of the Services following the posting of a new version of the Privacy Policy constitutes your consent to the amended terms. If the amended Privacy Policy terms are not acceptable to you, you should discontinue your use of the Services.

Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

We welcome your feedback and will respond to your inquiry promptly.