Credential Ledger logo Credential Ledger
Sign in
Legal

Data Processing Addendum

Effective June 12, 2026 · Last updated June 12, 2026

This Data Processing Addendum (“DPA”) describes how MortonApps LLC processes personal data on behalf of agencies that use Credential Ledger at credentials.hospiceapps.com. It supplements and forms part of our Terms of Service, and should be read alongside our Privacy Policy. It is written to be read — plainly, and without surprises.

No patient data — by design. Credential Ledger has no patient fields, no visit records, and nowhere to link a volunteer hour to a patient. We do not process any protected health information (PHI) or patient data, so this DPA does not contemplate it and no HIPAA Business Associate Agreement (BAA) is required.

1. Roles of the parties

For the personal data your agency enters into and processes through Credential Ledger, your agency is the data controller and MortonApps LLC is the data processor. Your agency decides what personal data to enter and for what purpose; we process that data only on your documented instructions, which are the instructions set out in our Terms of Service, this DPA, and your configuration and use of the service. If we believe an instruction would violate applicable law, we will inform you.

2. Categories of personal data and data subjects

The personal data we process on your behalf is limited to what your agency chooses to enter to run its volunteer program. Depending on your configuration, this includes:

  • Volunteer records — name, date of birth, postal address, phone number, email address, emergency contact name and phone number, areas of service, service notes, and volunteer hours (and, if your agency enables it, mileage).
  • Staff account records — the name, email address, and hashed password of each staff member you invite, plus an audit trail of who created or changed each hour entry.

The data subjects are your agency's volunteers and the staff members you authorize to use the service.

Explicitly out of scope: the service processes no patient data and no protected health information (PHI) of any kind — no patient names or identifiers, no clinical details, no visit records. There are no patient fields anywhere in the product, free-text fields carry a visible reminder never to enter patient information, and entering PHI is prohibited by our Terms of Service.

3. Purpose and duration of processing

We process the personal data solely to provide and support the service to your agency — storing records, generating and exporting reports, sending the report and account emails you schedule or trigger, and keeping your account secure. We do not sell personal data, do not use it for advertising, and do not use it to train AI models. Processing continues for as long as your account is active and through any wind-down period described in Section 8.

4. Subprocessors

We use a small, deliberately short list of infrastructure providers (“subprocessors”) to run the service. The authoritative, current list is maintained in our Privacy Policy. As of the effective date above, it is:

  • Cloudflare — application hosting and data storage (United States). All customer data lives on Cloudflare's infrastructure.
  • Amazon SES (Amazon Web Services) — delivery of emails the service sends, such as invitations and scheduled reports.

Each subprocessor processes personal data only as needed to provide its service to us, and is bound by terms no less protective than those in this DPA. We remain responsible to you for our subprocessors' performance of their obligations.

5. Notice of subprocessor changes

If we add or replace a subprocessor that processes your personal data, we will update the list in our Privacy Policy and notify active customers by email before the new subprocessor begins processing, giving you a reasonable opportunity to object. If you reasonably object to a new subprocessor on legitimate data-protection grounds and we cannot accommodate the objection, you may terminate the affected service and we will assist you in retrieving your data as described in Section 8.

6. Security measures

We maintain technical and organizational measures appropriate to the risk, including:

  • Encryption in transit — all traffic to the service is encrypted over HTTPS (TLS).
  • Encryption at rest — customer data is stored on Cloudflare's managed infrastructure with encryption at rest; if your agency configures custom email credentials, they are additionally encrypted at rest with AES-GCM.
  • Password and session protection — passwords are hashed with PBKDF2 (we cannot see or recover them), and session tokens are stored hashed.
  • Access controls — role-based access (admin, staff, read-only viewer) limits who within your agency can see and change what.
  • Tenant isolation — each agency's data is isolated to its own workspace and queries are scoped per tenant.
  • Minimized surface — the product is deliberately simple, holds no PHI, and runs no third-party tracking or advertising scripts.

We restrict access to personal data to the people who build and operate the product and who are bound to confidentiality.

7. Personal-data breach notification

If we become aware of a personal-data breach affecting your data, we will notify you without undue delay after becoming aware of it. Our notice will describe, to the extent known, the nature of the breach, the categories and approximate number of records concerned, the likely consequences, and the measures taken or proposed to address it. We will reasonably cooperate with you so your agency can meet its own notification obligations.

8. Return and deletion of data on termination

You can export all of your data to CSV at any time during the term — the export exists for exactly this purpose. On termination or expiry of your account, you may continue to export your data during any read-only period that applies to lapsed accounts, and you may request complete deletion of your account and data at any time by emailing info@hospiceapps.com. On a verified deletion request we will delete the personal data we hold for your agency within a commercially reasonable period, except where retention is required by law.

9. Assistance with data-subject requests

Because your agency controls its records, you can fulfill most data-subject requests (access, correction, export, deletion) directly in the app. Taking your account-management capabilities into account, we will provide reasonable assistance to help you respond to requests from volunteers or staff to exercise their rights, and to meet your obligations regarding security, breach notification, and data-protection impact assessments. Individuals who contact us directly will be routed to their agency, and we will help where appropriate.

10. Contact

Questions about this DPA, or to make any request described above: info@hospiceapps.com — a real, monitored inbox staffed by the people who build the product.

See also our Privacy Policy, Terms of Service, and Security overview.