Volunteer Tracker logo Volunteer Tracker
Sign in
Legal

Privacy Policy

Effective June 12, 2026 · Last updated June 12, 2026

Volunteer Tracker exists to track volunteer hours for nonprofit hospice agencies — nothing more. This policy explains, in plain language, what information passes through the service, why, and what happens to it. We have tried to keep it short enough to actually read.

We never ask for or store patient information. Volunteer Tracker has no patient fields, no visit records, and nowhere to link a volunteer hour to a patient. Because the product holds no protected health information (PHI), no HIPAA Business Associate Agreement (BAA) is required.

The short version

  • Your agency's data belongs to your agency. You can export it anytime and ask us to delete it.
  • We collect only what the service needs to run: the volunteer records your agency enters, staff account details, and basic technical logs.
  • We never sell data, never run ads, and never use customer data to train AI models.
  • No patient data, ever — by design.
  • One essential session cookie. No tracking or advertising cookies.

Who we are

Volunteer Tracker is operated by MortonApps LLC and lives at volunteers.hospiceapps.com. If anything in this policy is unclear, or you want to exercise any of the rights described below, email us at [email protected] — a real, monitored inbox.

What we collect

Volunteer records your agency enters. Agencies use Volunteer Tracker to keep records about their volunteers. Depending on what your agency chooses to enter, a volunteer record can include: name, date of birth, postal address, phone number, email address, emergency contact name and phone, areas of service, service notes, and volunteer hours and mileage.

Staff accounts. When an agency staff member is invited to the service, we store their name, email address, and a hashed password (we never store the password itself).

Usage and log data. Like virtually every web service, we keep basic technical logs (such as IP address, browser type, and request timestamps) for security and troubleshooting, and each hour entry keeps an audit trail of who created or changed it.

Our role: your agency controls its data

For the volunteer information described above, your agency is the data controller and MortonApps LLC is the data processor. In plain terms: the agency decides what volunteer information to enter and why; we process it only on the agency's instructions, solely to provide the service. The lawful basis for our processing is the agency's instructions under our agreement with them — agencies are responsible for having an appropriate basis (such as volunteer consent or legitimate interest) for the records they keep.

No patient information — by design

Volunteer Tracker is a companion to your EMR, not a replacement for it. Patient-care documentation stays in your EMR. There are no patient fields anywhere in this product, free-text fields carry a visible reminder to never enter patient information, and our Terms of Service prohibit entering PHI. Because the service holds no PHI, it is not a HIPAA business associate and no BAA is required.

How we use data

We use the data in your account for exactly one purpose: providing the service to your agency — storing records, generating reports, sending the report emails you schedule, and keeping your account secure. Specifically:

  • We never sell personal information, to anyone, for any reason.
  • We never show ads and never share data with advertisers.
  • We never use customer data to train AI models.
  • We do not mine, profile, or analyze your records for any purpose beyond running the service.

Who else touches the data (subprocessors)

We use a small number of infrastructure providers to run the service:

  • Cloudflare — hosting and data storage (United States). All customer data lives on Cloudflare's infrastructure.
  • Amazon SES (Amazon Web Services) — delivery of emails the service sends, such as invitations and scheduled reports.

That's the full list. These providers process data only as needed to provide their service to us, and we will update this policy if the list changes.

How we protect it

  • Passwords are hashed with PBKDF2 — we cannot see or recover them.
  • Session tokens are stored hashed.
  • If your agency configures custom SMTP credentials, they are encrypted at rest.
  • Role-based access controls (admin, staff, read-only viewer) limit who in your agency can see and change what.
  • Each agency's data is isolated to its own workspace (tenant isolation).
  • All traffic to the service is encrypted in transit over HTTPS.

No internet service can promise perfect security, but we keep the design simple and the attack surface small, and we will notify affected agencies promptly if we ever discover a breach involving their data.

How long we keep data

  • Active subscriptions and trials: data is retained for as long as your account is active.
  • Lapsed accounts: if a trial or subscription lapses, the account becomes read-only. The data stays intact, viewable, and exportable — it is never deleted automatically.
  • Deletion on request: an agency can request full deletion of its data anytime by emailing [email protected].
  • Abandoned signups: trial workspaces that are created but never activated are purged after about 7 days.

Your rights and choices

Agencies can access and export all of their data (CSV export is built in), correct any record, and request deletion of their account and data by emailing us.

Individual volunteers and staff who want to access, correct, export, or delete information about themselves should contact their agency first — the agency controls its records and can handle most requests directly in the app. You can also email [email protected] and we will help route the request to the right place. We respond to all requests and never penalize anyone for making one.

Cookies

The app sets one essential session cookie so you stay signed in. That's it. There are no tracking cookies, no advertising cookies, and no third-party analytics scripts on this site or in the app.

Children

Volunteer Tracker is a business tool for hospice agencies and is not directed at children. We do not knowingly collect information from children, and agency staff accounts are intended for adults.

Changes to this policy

If we change this policy, we will update the date at the top of this page, and for any meaningful change we will let active customers know by email. We won't reduce your rights under this policy without telling you first.

Contact

Questions, requests, or concerns: [email protected]. This inbox is monitored by the people who build the product.

See also our Terms of Service.