Privacy Policy
We Market Plus LLC ("We Market Plus", "we", "us", or "our") operates the HospiceLink CRM platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use HospiceLink.
HIPAA Compliance Notice
HospiceLink is designed for use by HIPAA covered entities and their business associates. We Market Plus LLC functions as a Business Associate under HIPAA. A Business Associate Agreement (BAA) is executed with every subscribing organization before Protected Health Information (PHI) may be entered into the platform. PHI stored in HospiceLink is handled in accordance with the HIPAA Privacy Rule (45 CFR Part 164, Subpart E) and Security Rule (45 CFR Part 164, Subpart C).
1. Information We Collect
Account Information: Name, email address, agency name, phone number, city/state, and payment information collected during registration and subscription management.
CRM Data: Prospect records, clinical notes, task data, referral source information, mileage logs, and other data you enter into the platform. This data may include PHI and is governed by your BAA.
Usage Data: Log data including IP addresses, browser type, pages visited, and feature usage. This information is used for security, troubleshooting, and service improvement.
Payment Data: Payment processing is handled by Stripe, Inc. We do not store full credit card numbers. Stripe's privacy policy is available at stripe.com/privacy.
2. How We Use Your Information
- To provide, maintain, and improve the HospiceLink CRM platform
- To process subscriptions and manage billing
- To send transactional emails (account activation, password reset, billing notifications)
- To detect and prevent security incidents
- To comply with legal obligations including HIPAA, CCPA, and other applicable law
- To generate anonymized, aggregate analytics about platform usage (never PHI)
3. Data Sharing
We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes.
We share data only with service providers who process it on our behalf under appropriate data processing agreements: Stripe (payments), Twilio SendGrid (email delivery), Anthropic PBC (AI features, no PHI transmitted), Render Inc. (infrastructure).
We may disclose information when required by law, legal process, or to protect the rights and safety of HospiceLink users.
4. Data Retention and Deletion
Active account data is retained for the duration of your subscription plus 90 days after cancellation.
When you request account deletion via your CRM settings, we immediately cancel your Stripe subscription, deactivate your account, and schedule all PHI and personal data for permanent deletion within 90 days. You will receive a confirmation email with the exact deletion date.
Audit logs required for HIPAA compliance may be retained for up to 6 years as required by 45 CFR 164.530(j).
5. Your Rights (CCPA)
California residents have the right to: know what personal information is collected; request deletion of personal information; opt-out of the sale of personal information (we do not sell personal information); and non-discrimination for exercising these rights.
To exercise these rights, contact us at privacy@wemarketplus.com.
6. Security
We implement appropriate technical and organizational measures to protect personal data including: AES-256 encryption at rest; TLS 1.2+ encryption in transit; bcrypt password hashing; role-based access controls; audit logging of all PHI access; and regular security review.
7. Cookies
HospiceLink uses only essential session cookies required for authentication. We do not use advertising or analytics cookies. The session cookie (hl_refresh) is HTTP-only, Secure, and SameSite=Strict.
8. Contact
For privacy questions, BAA requests, or data deletion requests:
We Market Plus LLC
Email: privacy@wemarketplus.com
Support: support@wemarketplus.com