WeCureUs Participant Informed Consent
Document version: 1.0-DRAFT
Effective date: [TO BE SET AT LAUNCH]
Status: Draft for legal review
Before You Begin
This document describes what WeCureUs collects, how it is stored and protected, how it is used, and what rights you have over your own data. Please read it carefully before creating an account.
Participating in WeCureUs is entirely voluntary. You may stop at any time, delete your account and all associated data at any time, and adjust your level of participation at any time without conditions.
By completing enrollment and accessing the WeCureUs participant portal, you accept the terms of this consent. A copy of this document will remain accessible at all times at wecureus.com/consent.
Who We Are
WeCureUs, Inc. is an Oregon benefit company founded by people living with multiple sclerosis and their partners, built around a single conviction: the lived experience of people with chronic neurological conditions is the most valuable and least collected data in disease research. The platform collects that experience directly, protects it with the strongest available technical safeguards, and makes it available to the research community in aggregate form only.
WeCureUs is not a healthcare provider, health plan, or insurance company. We are not legally classified as a covered entity under the Health Insurance Portability and Accountability Act. However, we have voluntarily adopted HIPAA-equivalent technical, administrative, and physical safeguards because the people who share health information with us deserve the same level of protection that federal law requires in clinical settings. This commitment is written into our Articles of Incorporation as a binding public benefit purpose.
All technology partners who handle participant data have signed Business Associate Agreements with WeCureUs, including Google Cloud Platform and Amazon Web Services.
What We Collect and Why
Account and Identity Information
To create an account we collect your email address, which is used to send you a sign-in link. No password is ever created or stored. During enrollment we also collect your first and last name. You may optionally add a phone number, which can be used as a secondary sign-in method and, when our notification system is live, for participation reminders. A phone number is never required and you are prompted no more than twice.
This identity information is stored in a database that is completely separate from your health data. The two are linked only by an anonymous internal identifier that is never exposed to researchers or to any external party.
Module Questionnaire Responses
WeCureUs collects health experience data through structured modules covering topics such as your MS diagnosis history, cognitive symptoms, fatigue, and your diagnosis journey. Currently four modules are available: Introduction and Profile, Cognitive Symptoms, Fatigue, and Diagnosis Journey. Additional modules will be added over time.
Your responses are stored in a database keyed only by your anonymous identifier, never by your name or email address. This database is completely separate from the database that holds your identity information, and the system that researchers use to query the community data is structurally prevented from accessing the identity database at all.
Specific data points collected through modules include:
- MS diagnosis subtype, diagnosis date, and date of first symptoms
- Date of birth, which you may enter in full or as a year only. If you enter a full date of birth, the complete date is stored in the response database. Only your birth year is used in aggregate statistics presented to researchers.
- Postal or ZIP code, stored in full. Aggregate statistics presented to researchers use a geographic prefix rather than your exact code.
- Biological sex and gender identity, as separate questions, each optional
- Treatment history and current disease-modifying therapy status
- Free-text responses to open-ended questions, stored verbatim
- Your responses to any other questions across all modules you complete
All free-text responses, including open-ended answers and follow-up text, are stored and retained. An automated keyword detection system runs on all free-text input at the time of submission to identify language that may indicate a participant is in distress. This system logs detection events including the type of match, confidence level, and a cryptographic hash of the message, but never stores the triggering text separately from your response record. See the Crisis Detection section below for more detail.
If you re-answer a question your previous answer is retained alongside the new answer. The most recent answer is used in community statistics, but your full answer history is preserved.
Document Contributions (Optional)
You may optionally contribute text records from your clinical history, including radiology reports from MRI examinations, laboratory results, and ancestry or genealogical data from consumer genetic services. Each of these contribution types is optional and completely separate from your module participation.
When you contribute a document, you paste its text directly into the platform. That pasted text is sent to an AI service for processing and is not stored anywhere by WeCureUs after processing is complete. The AI extracts structured information from the text, such as lesion locations from a radiology report or test values from a lab result, and returns only that structured extraction to WeCureUs for storage. The original text is discarded.
The structured data extracted from your documents is stored in the same anonymous, pseudonymous database as your module responses. It is keyed only by your anonymous identifier.
Ancestry and genealogical data may include information derived from genetic testing services. WeCureUs collects ancestry composition percentages and haplogroup labels as reported by those services, not raw genomic sequences or DNA data.
An AI-generated plain-language interpretation of your contributed document is available on request as a separate optional step. This interpretation is generated from the already-extracted structured data, not from the original pasted text.
By submitting a document, you acknowledge that its text will be processed by an AI service and that only the structured extraction will be retained. A brief acknowledgment appears at the point of each submission.
Wearable and Device Data (Planned)
We plan to offer an optional feature that allows you to share summary data from wearable devices you already own, such as activity monitors and heart rate trackers. This data would be stored under your anonymous identifier alongside your module responses. This feature is not yet available. When it launches, it will carry its own disclosure at the point of opt-in.
One Shots, Twofers, and Data Enrichment (Planned)
We plan to offer single targeted questions and short question pairs that can be answered outside the full module context, as well as follow-up questions that add detail to data you have already contributed. These will follow the same collection and storage practices as module responses. They are not yet available.
How We Use Your Data
Community Aggregate Statistics
The primary use of your data is to produce community aggregate statistics accessible to participants and researchers. These statistics describe the collective experience of the WeCureUs community, not any individual. Every result is protected by a minimum cohort threshold: no query ever returns a result for a group smaller than five participants. Any data point that would require identifying a group of fewer than five people is suppressed or reported at a coarser level.
Researchers access these statistics through a query interface that enforces this threshold at the database layer. No researcher ever receives individual-level data under any circumstances.
The Learn Panel
The WeCureUs portal includes a conversational AI assistant in the Learn panel. When you interact with the Learn panel, your message is processed first by a crisis detection system, then, where appropriate, by an AI model. The AI may retrieve your own module responses to answer questions about your data. It may also query community aggregate statistics on your behalf, subject to the same minimum cohort protections that apply to all researcher queries.
The AI model used by the Learn panel runs on Amazon Web Services Bedrock under the AWS Business Associate Agreement. AWS does not retain your data for training or any other purpose.
Physician Summary (Planned)
We plan to offer an AI-generated structured summary of your module data formatted for a neurology appointment. This summary would be generated on your request, delivered to you, and shared only if you choose to share it. WeCureUs would never transmit your data to any clinical system. This feature is not yet available.
Personal Story (Planned)
We plan to offer an optional feature that generates a narrative account of your experience in your own voice, suitable for sharing publicly if you choose. This feature will carry a separate, explicit, revocable consent at the point of opt-in. No part of your data will ever be made public without a deliberate affirmative choice you make at that time. This feature is not yet available.
What We Never Do
WeCureUs does not and will never:
- Sell individual-level participant data to any party under any circumstances
- License, monetize, or otherwise make individual data available commercially
- Allow any advertiser, sponsor, grantor, or commercial partner to influence what questions are asked, how results are presented, or how data is used
- Return individual records through any query or interface
- Allow pharmaceutical companies, insurance companies, or any commercial entity to access anything beyond the same aggregate query interface available to all registered researchers
AI and Automated Processing
AI Processing of Document Contributions
When you contribute a radiology report, lab result, or ancestry record, an AI model classifies the document type and extracts structured information. This processing is performed by Amazon Web Services Bedrock under the AWS BAA. The original text is never stored by WeCureUs.
AI-generated summaries of your contributed documents are generated from structured extraction data only, never from the original text. These summaries carry explicit caveats. For radiology reports, the summary notes that stable imaging findings do not indicate stable function, addressing the clinical phenomenon of progression independent of relapse activity. For lab results, the summary notes that normal values do not mean your symptoms are not real. For ancestry data, the summary frames findings as research context only, without asserting causal relationships.
Crisis Detection
An automated keyword and pattern detection system runs on all free-text input you submit. This system identifies language that may indicate distress and responds with appropriate resources. Detection events are logged with a classification level, confidence score, detector version, and a cryptographic hash of the message content. The text that triggered the detection is not stored separately; it remains only as part of your response record.
This system operates entirely on WeCureUs infrastructure and does not involve any external AI service for the detection step itself.
Future AI Processing
We plan to expand AI-assisted features to include immediate community statistics after a module question is answered, physician summary generation, personal story generation, and improved crisis detection. All AI processing will continue to operate under BAA-covered infrastructure. Any new AI use that involves participant data will be disclosed in advance through an updated version of this consent.
Third-Party Data Processing
| Partner | What they handle | Covering agreement |
|---|---|---|
| Google Cloud Platform (Firebase, Cloud SQL, Cloud Run) | Authentication, database storage, application infrastructure | GCP Business Associate Agreement |
| Amazon Web Services (Bedrock, SES) | AI document processing, Learn panel AI, notification email delivery | AWS Business Associate Agreement |
No participant data is shared with any third party not listed above without explicit separate consent. No third party listed above uses participant data for their own training, analytics, or commercial purposes.
Data Separation and Security
Your identity information (email address, name, phone number) and your health data (module responses, document contributions) are stored in completely separate databases. They are linked only by an anonymous internal identifier.
The system that researchers use to query community data is architecturally prevented from accessing the identity database. This is enforced at the database connection layer, not only at the application layer, meaning that even a software error in the researcher query system could not expose identity information.
All data is encrypted at rest and in transit. Access to databases is restricted to specific platform services with documented minimum-necessary permissions. All database access is logged and auditable. These controls are consistent with the technical safeguard requirements of the HIPAA Security Rule.
Your Rights
Delete your account. You may request deletion of your entire account at any time, with immediate effect and no conditions. Deletion removes all of the following: your identity record, the link between your identity and your health data, all module responses, all document contributions, all consent records, and your authentication credentials. The only record that survives is a cryptographic hash of your user identifier stored in an audit log to prove the deletion occurred. This hash cannot be used to recover any of your data.
Re-answer questions. You may return to any completed module and re-answer any question at any time. Your previous answer is retained in the history but the new answer is used in community statistics.
Review your data. You can review your module responses through the dashboards in the portal and your document contribution history in the Your Records section.
Correct your data. Corrections are made by re-answering the relevant question through the module.
Export your data. A full data export feature is planned and will be available before WeCureUs opens to general participation. It is not yet available.
Revoke document contribution consent. If you contributed a document and wish to have the structured extraction removed from your record, you may request removal by deleting your account, which removes all your data, or by contacting us at hello@wecureus.com to request removal of a specific record.
Opt out of public features. Any feature that involves public disclosure of your data, including the planned personal story feature, carries a separate opt-in consent. You may revoke that consent and remove your public content at any time.
Consent to Longitudinal Participation
Some questions in WeCureUs modules are designated as longitudinal. These questions are presented again at intervals of three months, six months, or twelve months depending on the question type, to track how your experience changes over time. You will be notified before a longitudinal question is re-presented, and you may skip it at any time.
Our notification system, which will send re-ask reminders by email or text message, is in development. Until it is live, longitudinal scheduling occurs but no notifications are delivered. When the notification system launches, you will be able to set your preferred reminder method and cadence from within your account.
Consent Versioning and Material Changes
This consent is version 1.0. The version number and effective date appear at the top of this document and are stored with your acceptance record.
If WeCureUs makes material changes to how participant data is collected, used, or shared, you will be notified and asked to review and accept the updated consent before continuing to use the platform. Changes that are purely additive (new features, new module types, new optional contribution types) that do not change the fundamental data practices described here will be disclosed in an updated consent but may not require re-acceptance at each change.
Contact
If you have questions about this consent, your data, or your rights, please contact us at hello@wecureus.com.
Acceptance
By completing enrollment and accessing the WeCureUs participant portal, you confirm that you have read and understood this consent, that you are 18 years of age or older, and that you agree to participate on these terms.
WeCureUs, Inc. | 1401 Oak Ridge Drive, Hood River, Oregon 97031 | wecureus.com
Consent document version 1.0-DRAFT | For legal review prior to adoption