← Back to WERQ Hub

Hub privacy policy

Last updated: April 21, 2026

The short version

WERQ Hub is a tool for case managers at partner organizations to look up curated paths and referral templates for the clients they serve. Hub is built around a single design rule:

  • We do not store information about your clients. No client names, contact info, demographics, or anything that could identify the person you’re helping. All of that stays in your own systems.

Everything below explains how we honor that rule and what we do store about you as a Hub user.

What we store about you

To give you a Hub account, we keep:

  • Your work email address
  • Your name
  • The organization you work for
  • Your role (case manager, peer supporter, navigator, etc.)
  • An optional email signature you set in account settings
  • The date and time of your most recent login
  • Whether your account has been approved and (later) when you accepted these terms

This is standard staff/employee contact information — the same kind of data a partner org already has on you. It’s not client PHI.

What we store about your activity

When you generate a referral through Hub, we record metadata about that action:

  • The timestamp
  • Your hub user ID
  • The resource you generated the referral for
  • The path and step (if any) you generated it from
  • Whether you marked it “sent” afterward

We do not store the rendered referral text, the client info you filled into placeholders, who you sent it to, or anything that identifies the client. The audit trail exists so partner organizations can report on referral volume (“Folktime got 14 referrals through Hub in April”) and so we can debug if a partner says they didn’t receive one.

What we store from situation intake

When you describe a situation to find matching paths, we keep:

  • The need tags you selected
  • The ZIP code (if you provided one)
  • The free-text “critical context” field — explicitly with the instruction not to include client-identifying info
  • Which paths matched

Situation records auto-delete after 90 days. This is a guardrail: even if someone accidentally includes client-identifying info in the context field, that data is removed automatically, hard-deleted by a scheduled job. The 90-day retention exists to give us a short window to debug matching quality in the early pilot — we may shorten it.

What we don’t store

  • Client names, pronouns, identities, demographics
  • Client contact information (phone, email, address)
  • The body of any referral after you’ve copied it
  • Who at the partner organization you sent the referral to
  • Any client medical, legal, financial, or housing details

This is a deliberate design choice. It means Hub is not a HIPAA Business Associate, and we don’t need a Business Associate Agreement with your organization. It also means Hub cannot become a client record system without a major architectural change and policy revision.

How we use your data

Your account info and activity logs are used to operate Hub: authenticating you, showing you your own referral history, and giving partner organizations aggregate reporting (volume, most-used paths, etc.) on the referrals their team has sent.

We do not sell your data. We do not share your individual activity with anyone outside your organization without your consent, except as required by law.

Email and analytics

We use Resend to send transactional emails (sign-in links, account approval notifications). We use Sentry for error monitoring; Sentry is configured to not capture request bodies, cookies, or user-identifying info beyond your authenticated user ID. We do not run third-party tracking, advertising, or cross-site analytics on Hub.

Your rights

You can:

  • Edit your profile: name, role, signature in Account settings.
  • See your activity: all of your generated referrals are visible to you in My Referrals.
  • Delete your account: email WERQ TOGETHER and we’ll deactivate your account. Aggregate referral counts (without your name) may be retained for partner reporting.
  • Request a data export: contact WERQ TOGETHER and we’ll send everything we have about you.

Where data lives

Hub data is stored in Supabase (Postgres) hosted in Oregon (US-West-2). Email is sent via Resend. Hosting is on Vercel. All connections use HTTPS. Database backups are managed by Supabase per their standard SLA.

Changes to this policy

If we change this policy, we’ll update the “Last updated” date at the top and post a note in the dashboard. Material changes (anything that broadens what we collect or how we use it) will trigger an email to all active hub users.

Questions

Email WERQ TOGETHER. We’ll respond within a business day.

Draft notice: this policy reflects how Hub actually works as of April 21, 2026. Before opening a public pilot, WERQ TOGETHER should have this reviewed by counsel familiar with Oregon nonprofit privacy practice. If you spot anything wrong, please email us.