-
Getting to Know Weave
Read moreBecome familiar with Weave terminology used in help guides and training.
Learn how the software will help your office in the Getting Started Weave Academy Certification for Weave Plus or Weave Core depending on your product bundle.
Weave Desktop Application (App)
This is where you will use Weave in day-to-day interactions with customers. You can text, call, email, collect payments, and more within the desktop app. Learn how to download.
Find features and products within the buttons on the home page.
Search for anything in Weave - including products or customer profiles - and find quick links to popular features using the search bar on the home page.
Change your location, adjust settings, reach support, and navigate to the Weave Portal within the menu at the top right corner.
In the top bar, you can quickly:
- Return to the home page
- Check chats within your team or Weave support
- Change locations (for multi-office accounts)
- See which location you are currently working in
Weave Portal
Head to the portal in a web browser to see administrative tasks and settings. This is also known as the Admin Portal. Open the Weave Portal.
Here's what it looks like:
The navigation bar is the menu on the left side of the Weave Portal. There you will find sections where you can find the settings and features you would like to access.
Other terminology
Ellipses Menu:
Sometimes in the desktop app, you'll see an ellipses icon with three dots to signify there are more options available.
Filter:
In features and products such as reviews, payments, and schedule, you'll see three funneled lines to signify there are options to filter the results you see.
Notifications: Pop-ups in the app for messages, reviews, and more
Tabs: Different sections you can click at the top of a page, such as in Users in the Weave Portal.
Mobile Application (App): You can download Weave on your mobile device to access messages, phone calls, emails, and more from anywhere. Learn how to download.
Weave Phones: Any phone distributed by Weave
Phone Tree: Prompt customers that call into your office to the correct extension through phone trees. You may have heard similar products called call trees, auto-attendant, or IVR (interactive voice response).
Call Pop: A feature that allows you to see customer information as they call before you answer the phone
-
Leave Product Feedback for Weave
Read moreLooking for a new feature? Or really enjoying a specific product? Let Weave know using UserVoice, a third party service we've partnered with to make sure we can hear your ideas and suggestions.
Post your feedback and report bugs by opening the Weave Feedback Portal.
1. Select the feedback forum from the right side or bottom of the screen
2. Browse ideas and vote for the ones you like
Note: Comment on posts by clicking on the number of comments below the post and following the same process you would use to add feedback
3. Enter your feedback by typing in the Enter Your Idea box at the top of the page
4. Choose the category your feedback applies to (optional)
5. Sign in using Facebook, Google, your UserVoice account, or create a new account
6. Select Post Idea
The UserVoice feedback pages are for feature requests and bug reports only. If your submission is not a product feature, suggestion, or product question, it may be removed. We can’t guarantee specific features or development timelines, but we read every suggestion and respond where we can. Please note that feedback is voluntary, and if you provide feedback, you give Weave the right to use it without restrictions. -
Logging Into Weave
Read moreReady to get started? Let's get you logged into Weave.
Log into Weave
- Launch the desktop app and select the Sign In button on the center of the screen
- A pop-up browser will open. Enter your credentials and click Sign In
- You’ll be redirected to the desktop app. You can close the browser window
Login at app.getweave.com by entering your credentials on the sign-in page.
You can also reach the Weave portal through the desktop app.
- Open the
menu in the top right corner
- Click
Admin Portal
- You’ll be redirected to the Weave Portal through a new window
- Select Sign In
- Enter your credentials into the sign-in page
- Click Sign In
Start by downloading the mobile app
- Launch the mobile app and select the Sign In button on the center of the screen
- A pop-up browser will open. Enter your credentials and click Sign In
- You’ll be automatically redirected to the app
Tip: If you've forgotten or lost your password, follow the steps in Reset a Password.
Every time you log in on a new device, you will receive an email to notify you. This helps you keep your account secure.
Troubleshooting TipsHaving issues logging in? Try these steps:
- Try resetting your password by selecting the link on Weave portal or desktop app
- Make sure you are using an updated version of Google Chrome
- Have an office admin make sure that your user information is correct
- Have an office admin remove your user information in the Weave portal and re-add your email
Switching Locations
Unify is a specific package for multi offices and may not be a part of your current Weave software.
If you manage multiple locations, you can switch between them by following the instructions below:
- Open the menu by selecting the
menu in the top right corner
- Select
Change Location
- Select the desired location
- Select
Office Locations from the left side menu
- Select the desired location from the
dropdown menu
- Tap your name at the top of the home screen
- Tap the Log In button next to the desired location
-
Download the Weave Desktop App
Read moreThe Weave Desktop App will need to be downloaded on each computer station that needs access to Weave. Follow these instructions to download the Weave desktop app.
Note: If you have an old version of Weave that you need to delete before installing a newer version, see Deleting Weave Software for instructions on how to delete an existing file.
Windows version Mac version Linux version Video Overview
Installing Weave on a Windows Computer - Video Overview
Installing Weave on a Mac Computer - Video Overview
Installing the Desktop App
- Click on one of the buttons below to download the Client Installer
Windows version Mac version Linux version - Run the installer
Note: The steps to find the installer will vary depending on the browser you're using
-
-
Go to your downloads folder and run the installer
-
Click install > next > finish
-
-
- Log in to the Weave Software
Need to sync your software to your Weave phones? Click here for instructions.
Manually Update Your Weave Desktop App
If you're having trouble with the desktop app, you may need to check for software updates.
- Open the desktop app and select the
Menu in the top right corner
- Select
Settings
- Click
Updates in the menu.
- On the Updates page, select Check Now.
- If a new update is available, a green button will appear in the top menu bar.
- Click the green button and then Restart to initiate the update.
- Click on one of the buttons below to download the Client Installer
-
Placing a Call Through Weave Apps
Read moreMaking an outbound call to a client is available no matter where you are. There are a few different ways to do it.
- Click on the Dial tab and enter the number you’d like to call
Tip: If you're having trouble placing a call, check your wifi connection or switch to data. Try reinstalling the mobile app to the newest version and check for updates on your device. If this does not work, contact support.
Select the Phone Icon from the main page to access three different ways to place a call.
Click
Phone
Select a number from any of the calls on the
Recent Calls tab
2. On the
Patients or Clients tab, select a profile and then tap on the
Phone icon
3. Click on the Dial Pad tab and enter the number you’d like to call
You can also select a profile from the Customers Icon on the main page and then tap the phone icon.
Tip: If you're having trouble placing a call, try manually syncing your phone. Clear the cache on your computer. Delete the Weave desktop app and reinstall.
To learn how to place a call on your Weave phone, refer to our Phone User Guides.
-
Download the Mobile App
Read moreTake work on the go with Weave's Mobile App. The mobile app is available on Android and iOS devices.
Note: You must be granted access to the Mobile App in order to log into the Mobile App. If you want to change the mobile access permission settings for a user, you will need to edit their user access settings.
Click here to download the iOS Mobile App or scan this code:
Once you download the Mobile App, you can log into the Mobile App using the same email address and password that you use to log into the Desktop App.
Click here to download the Android Mobile App or scan this code:
Once you download the Mobile App, you can log into the Mobile App using the same email address and password that you use to log into the Desktop App.
Overview of the Mobile App
Watch this short video to see an overview of what the Weave Mobile app can do!
Now learn how to log in.
Note: If you're having problems with the mobile app crashing, try reinstalling the app and updating your device's software.
-
Weave Plus Onboarding Checklist
Read moreNew to Weave? Follow this Onboarding Checklist for Admins to get started with Weave.
Note: This checklist is for customers who signed up for our Weave Plus bundle. For our Weave Core Onboarding Checklist, click here.
Before beginning the checklist, make sure you complete the following steps:
Technical Preparation
Prepare your network for your new Weave PhonesPrepare to install your Weave Phones by doing the following:
- Verify your ethernet port availability. Each phone needs access to a nearby ethernet port for internet connection. One Weave phone can share an ethernet port with a single computer if needed.
- Make the necessary network changes provided by Weave before your phones get installed. This may include configuring or updating your router, addressing latency issues, or bridging your modem to your router.
Contact your Onboarding Manager if you have further questions.
Review Software Requirements for installationBefore installing the software, make sure that your computers meet our software requirements.Prepare for porting your phone numbers to WeaveWeave will become your new phone provider. Work with your Onboarding Manager to get your phone numbers ported over to Weave. Make sure your phone numbers are ready for the transfer by ensuring they are NOT tied to:
- Credit Card Machines
- Alarm Systems
- Internet Service
- any other services
Contact your Onboarding Manager if you have further questions.
Check your network readinessLook over the Weave Partner Network Readiness Checklist.
Weave Plus Onboarding Checklist
1. Weave Launch
- Download the Weave Desktop App
You will need the Desktop App downloaded on all computer stations that will be using Weave. - Complete Part 1 of the Weave Plus for Admins Weave Academy Certification
- Download the Weave Mobile App
Take Weave on the go with our Mobile App. - Review your implementation plan.
- Provide current phone bill and numbers for porting
2. Software Setup
- Add Users to your account
Each person in your office who will be using Weave needs their own unique username and password to log in. - Set up Auto Reminders
Customize and enable your Auto Reminders. The availability of certain Auto Reminders depends on your Practice Management Software. - Implement Network changes found in the Network Audit Email to ensure excellent call quality
- Complete Part 2 of the Weave Plus for Admins Weave Academy Certification
- Sync your Practice Management Software Data
Your Onboarding Manager will help you get your Practice Management Software synced to Weave.-
- Once connected, you will need to verify your data source to get your data syncing.
-
- Set up Payments Account
To use Text to Pay or any of our Payments features, you will first need to set up your Payments Account with Stripe. - Set up Weave Reviews (Premium Feature)
To start collecting Reviews with Weave, you will need to connect your Google and/or Facebook Business accounts to Weave.
3. Phone Setup
Phone customizations are only applicable for customers who purchased the Weave phones.
- Set Office Hours
The Office Hours setting controls when your phones will ring and when specific Voicemail Greetings will be played. - Set Up Voicemail
- Select your Hold Music
- Have your staff complete Part 1 the Weave Plus Essentials for Team Members Weave Academy Certification
- Call Recording
If desired, you can choose to turn on call recording to record your calls on your Weave phones. Be sure to check the call recording laws in the state your business is located. - Set up Missed Call Text (Premium Feature)
Customize your Missed Call Text messages and toggle them on to prepare for going live. - Request Additional Phone Customizations
Your Onboarding Manager will help you customize your phone system to your preferences. For ideas, visit our Phone Customizations article.
4. Number Porting
- Complete Add-On Certifications on Weave Academy if you've purchased add ons
- Complete Part 3 of the Weave Plus for Admins Weave Academy Certification
- Have your staff complete the Weave Plus Essentials for Team Members Weave Academy Certification
5. Ongoing Support and Training
- Bookmark WeaveHelp to search for answers to ongoing product questions
- Attend monthly live WeaveLab Webinars for product updates
You'll see the invitations come across your email. - Contact support to resolve any technical issues
- Contact your CSM team at customersuccess@getweave.com for any account-related questions, best practices, or product add-ons
Additional Product Setup
Web AssistantIf you signed up for Web Assistant, you will need to set this up in your Weave Portal before posting it on your website.
Setup Instructions Learn More Digital FormsIf you signed up for Digital Forms, you will need to build your Forms and add your business information in your Digital Forms Dashboard.
Setup Instructions Learn More Payment TerminalsIf you signed up for our Weave Payment Terminals, you will need to set them up in order to start collecting in-office payments.
Setup Instructions Learn More Practice AnalyticsIf you purchased Practice Analytics, you will want to work closely with your Onboarding Manager to ensure we are pulling in your data correctly.
Learn MoreDownload the checklist
-
Weave Core Onboarding Checklist
Read moreNew to Weave? Follow this Onboarding Checklist for Admins to get started with Weave.
Note: This checklist is for customers who signed up for our Weave Core bundle. For our Weave Plus Onboarding Checklist, click here.
Before beginning the checklist, make sure you complete the following steps:
Technical Preparation
Prepare your network for your new Weave PhonesPrepare to install your Weave Phones by doing the following:
- Verify your ethernet port availability. Each phone needs access to a nearby ethernet port for internet connection. One Weave phone can share an ethernet port with a single computer if needed.
- Make the necessary network changes provided by Weave before your phones get installed. This may include configuring or updating your router, addressing latency issues, or bridging your modem to your router.
Contact your Onboarding Manager if you have further questions.
Review Software Requirements for installationBefore installing the software, make sure that your computers meet our software requirements.Prepare for porting your phone numbers to WeaveWeave will become your new phone provider. Work with your Onboarding Manager to get your phone numbers ported over to Weave. Make sure your phone numbers are ready for the transfer by ensuring they are NOT tied to:
- Credit Card Machines
- Alarm Systems
- Internet Service
- any other services
Contact your Onboarding Manager if you have further questions.
Check your network readinessLook over the Weave Partner Network Readiness Checklist.
Weave Core Onboarding Checklist
1. Weave Launch
- Download the Weave Desktop App
You will need the Desktop App downloaded on all computer stations that will be using Weave. - Complete Part 1 of the Weave Core for Admins Weave Academy Certification
- Review your implementation plan
- Provide your current phone bill and numbers for porting
- Download the Weave Mobile App
2. Software Setup
- Add Users to your account
Each person in your office who will be using Weave needs their own username and password to log in. - Upload or add contacts to Weave
You can add your customer base to Weave through a mass upload (CSV file) or by creating manual contacts through Weave.
- Implement Network changes found in the Network Audit Email to ensure excellent call quality
- Complete Part 2 of the Weave Core for Admins Weave Academy Certification
- Set up Payments Account
To use Text to Pay or any of our Payments features, you will first need to set up your Payments Account with Stripe. - Set up Weave Reviews (Premium Feature)
To use Weave Reviews, you will need to connect your Google and/or Facebook Business accounts to Weave.
3. Phone Setup
- Set Office Hours
The Office Hours setting controls when your phones will ring and when specific Voicemail Greetings will be played. - Record your Voicemail Greetings
- Select your Hold Music
- Have your staff complete Part 1 the WeaveCore Essentials for Team Members Weave Academy Certification
- Call Recording
If desired, you can choose to turn on call recording to record your calls on your Weave phones. Be sure to check the call recording laws in the state your business is located. - Set up Missed Call Text (Premium Feature)
Customize your Missed Call Text messages and toggle them on to prepare for going live. - Request Additional Phone Customizations
Your Onboarding Manager will help you customize your phone system to your preferences. For ideas, visit our Phone Customizations article.
4. Number Porting
- Complete Add-On Certifications on Weave Academy if you've purchased add ons
- Complete Part 3 of the Weave Core for Admins Weave Academy Certification
- Have your staff complete the Weave Core Essentials for Team Members Weave Academy Certification
5. Ongoing Support and Training
- Bookmark WeaveHelp to search for answers to ongoing product questions
- Attend monthly live WeaveLab Webinars for product updates
You'll see the invitations come across your email. - Contact support to resolve any technical issues
- Contact your CSM team at customersuccess@getweave.com for any account-related questions, best practices, or product add-ons
Additional Product Setup
Web AssistantIf you signed up for Web Assistant, you will need to set this up in your Weave Portal before posting it on your website.
Setup Instructions Learn More Digital FormsIf you signed up for Digital Forms, you will need to build your Forms and add your business information in your Digital Forms Dashboard.
Setup Instructions Learn More Payment TerminalsIf you signed up for our Weave Payment Terminals, you will need to set them up in order to start collecting in-office payments.
Setup Instructions Learn More Download the checklist
-
See Your User Role
Read moreFor some actions in the Weave app, you'll have to have a specific role. See what role you currently have:
- Open the Weave Portal
- Select
Account from the left menu
- Click Users from the dropdown
- Find yourself in the Users list
From here, you can see your role to the right of your name. If you have the Admin role, you can also edit and add users. If you do not, ask the admin in your office to make changes.
-
View Your Weave Invoice History
Read moreQuickly login to your Weave account to see a history of your charges and payments.
- Login to the Weave Admin Portal
- Select
Account in the left side bar
- Click Billing
Below your payment information, you’ll see a list of invoices. They are categorized by date but also include an invoice name to reference with Weave support if needed.
Paid status means paid in full. Any partial payments will still appear as unpaid on the invoice history.
Select the
Dropdown Arrow next to an invoice to see a quick breakdown of the charges. Select the
Preview icon for a more detailed report.
Export Your Invoice as a PDF
- Login to the Weave Admin Portal
- Select
Account in the left side bar
- Click Billing
- Select the
Preview icon next to the invoice you would like to export
- In the top right corner, select the PDF icon
- Use your computer’s system to either print the invoice or save it to your computer as a PDF
-
Update Your Weave Billing Information
Read moreChange or update the billing information for your Weave subscription with ease through the Weave portal.
Add a Payment Method:
-
Login to the Weave Portal
-
Select
Account in the left side bar
-
Click Billing
-
Select the+ Plus icon on the right side
-
Update your payment information by filling out fields:
-
Payment Type
-
Card/Account Holder
-
Card/Account Number
-
CVV
-
Zip
-
Expiration Date
-
Select Submit
Choose Your Primary Card
-
Click the
down arrow next to the payment info
-
Toggle on Make Primary Payment Method
Note: If another card is designated as the primary payment method, its toggle will automatically change.
Delete a Payment Method:
-
Click the
down arrow next to the payment info
-
Select Delete Payment Method
Note: In order to delete a payment method on file, you must have another payment method marked as primary.
-
-
Add and Manage Users
Read moreAll staff members in your office who will be using Weave must have their own login with their own user email and password. This is a HIPAA requirement for security purposes. This article explains how to add, edit, or delete a Weave user.
Note: Weave representatives cannot create new users or delete or change the role of current users. This function can only be done by a Weave Admin in your office. Contact your office administrator if you need a new user added.
You can add and manage users in your Weave Portal. Select the appropriate tab below for instructions to add, edit, or delete a user.
Add a New User
Note: With Weave Unify, you can manage users for all locations, including setting the location access and permissions for each location. You must be under the parent location to do this. Learn how to change locations.
- Click the
menu icon at the top right corner of your desktop app
- Select
Admin Portal to open up the Weave Portal in your internet browser
Note: For best results use Google Chrome. Windows Explorer is not supported by this application.
3. From the menu on the left, select
Account
4. Select Users from the dropdown
5. In the upper right corner, click the Add User button
6. Add the Email of the new user. Each user needs their own unique emails address assigned to their account
7. Click Next
8. Fill out all of the fields for the new user
Note: If you are using Weave Unify, toggle on Activate All Locations or search and toggle on each location you would like the user to have access to. Use the dropdown next to each toggle to choose a role.
9. Use the Mobile Access toggle to decide whether you would like the user to have access to Weave through the mobile phone app
Tip: Users can be assigned multiple roles. You can view the permissions for each role by clicking on the info icon
next to Roles and Permission or by clicking here.
10. Click Submit and an invitation email will be sent to the user
11. Instruct the team member to pull up the email from SendGrid to finish creating their account. Make sure they check their spam folder if they don't see the email.
Tip: If your team member is not receiving the message because the email entered is not correct, try deleting and creating a new user with the correct email.
Once the team member finishes creating their account, they will be able to log into Weave.
Tip: Users under the Team tab have finished creating their account and have access to Weave. Users under the Invitations tab still have not yet finished creating their account.
Edit a User
Note: All users have access to edit the personal information within their own profile. Only Weave Admins have access to edit another user's roles and permissions.
- Click the
menu icon at the top right corner of your desktop app
- Select
Admin Portal to open up the Weave Portal in your internet browse
- From the menu on the left, select
Account
- Select Users from the dropdown
- Click on the
pencil icon next to the user's name that you would like to edit
- Edit the desired fields
- Personal information can only be edited by a user
- Roles and Permissions can only be edited by a Weave Admin in your office
- A user or Weave Admin can send a password reset request
- Click Submit
Delete a User
Note: Only Weave users who have been assigned the role of Admin have access to delete users.
- Click the
menu icon at the top right corner of your desktop app
- Select
Admin Portal to open up the Weave Portal in your internet browse
- From the menu on the left, select
Account
- Select Users from the dropdown
- Click on the
trash icon next to the user's name that you would like to remove
- Select Delete
Tip: While the user has been removed from being able to log in to Weave, you will still be able to see the user’s past interactions using Weave software.
User Roles
Each user must be assigned at least one role. Multiple roles can be assigned to a user. View the chart below to see the permissions granted to each role:
Note: A user admin can change password settings, but does not possess the full role of admin.
You can also view this chart from your user settings by clicking on the info icon
next to Roles and Permission.
- Click the
-
Change Your Password Requirement Settings
Read moreEnsure the security of your Weave accounts by adjusting login settings to fit your office’s needs.
In order to change password settings, you must have the role of Admin or User Admin.
- Go to the Weave Portal
- Select Account in the menu on the left side
- Click Password Policy from the dropdown
- Select
Edit in the top right corner
- Choose from the list of requirements by selecting the box next to the setting
- Select Save
- Select I Agree in the pop-up window to verify your changes
You can change settings involving complexity requirements, password age, and the lock-out process.
Complexity Requirements are evaluated when a password is changed. Password Age and Lock Out rules are evaluated every time a user logs in.
These settings would be applied right away (with no change from user necessary). The exception is the "Enforce password history for 4 passwords" rule. This is part of the Password Age settings, but is only evaluated when a password is changed.
-
Data Owner Verification
Read moreSteps to verify your data source to get your data syncing to Weave.
Verify Your Data Source
Once Weave connects with your Practice Management Software, you will need to verify your data source in order for the data to start syncing. This keeps your data safe and secure in the data syncing process.
To verify your data source,
- Go to your Weave Portal
- Select
Data Sources from the left side menu
- Click on the settings icon
next to the data source you wish to verify
- Select Verify from the dropdown menu
- Answer the verification question
Note: You will need to reference your Practice Management Software and/or scheduling system to properly answer the question.
- Select Verify Data
If you answered the verification question correctly, the status will change to Verified and your data will be syncing with Weave.
If you answered the verification question incorrectly, it will lock the data source. You will need to contact our Support team to have it unlocked before trying again.
Verification Statuses
- Not Verified: This means that the data has not yet been verified by your office.
- Locked: This means that the data verification failed. Contact our Support team to have it unlocked before trying again.
- Verified: This means that you successfully verified the data source and your data is properly syncing with Weave.
-
Compliance with TCPA, CAN-SPAM, CASL, and Messaging Best Practices Using Weave
Read moreSeveral laws in the US and Canada regulate communications between businesses and their customers. These laws include, but are not limited to, the TCPA, CAN-SPAM, and CASL. Additionally, the US wireless communications industry has published principles and best practices regarding text communications. The underlying goal of these regulations and best practices is to protect consumers against unwanted communications. Weave is your partner in understanding these requirements and ensuring that your messages are delivered to your customers with minimal disruption.
The following information regarding these laws is not legal advice and is provided for information purposes only. You are encouraged to seek competent legal counsel for specific guidance related to compliance with these laws.
TCPA
The US Telephone Consumer Protection Act (TCPA) regulates telemarketing calls, auto-dialed calls and text messages, artificial or pre-recorded calls, and unsolicited faxes. The TCPA requires prior express consent to send text messages to customers. While there are some exemptions to TCPA requirements for certain healthcare-related communications under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), TCPA requirements still apply to marketing communications and any other non-healthcare-related communications. For example, text messages which contain marketing or advertising content require you to obtain prior express written consent from your customers.
You can learn more about the TCPA from the Federal Communications Commission’s (FCC) FCC website .
TCPA exemptions for healthcare providers
The TCPA provides exemptions specifically for healthcare-related calls and text messages which apply to HIPAA-covered entities, created by the FCC in its Declaratory Ruling and Order on July 10, 2015 . Under one exemption, calls or texts made by or on behalf of a covered entity or its business associate and which have a healthcare treatment purpose do not require the prior express written consent of the receiving party. Such calls or messages include:
- Appointment and exam confirmations and reminders
- Wellness check-ups
- Hospital pre-registration instructions
- Pre-operative instructions
- Lab results
- Post-discharge follow- up intended to prevent re-admission; prescription notifications
- Home health care instructions
The following additional conditions for each exempted voice call or text message, made by or on behalf of a healthcare provider, must be met:
- Call or text message must be sent only to the mobile number provided by the patient.
- Name and contact information of the healthcare provider must be stated at the beginning of each call or included in each text message.
- Limit calls and text messages to one per day and no more than three calls or text messages per week.
- Calls and texts messages must comply with the HIPAA Privacy Rule.
Despite these exemptions, you should always discuss with your customers what information may be communicated via text, especially sensitive information. It is important to note that texts related to accounting, billing, debt collection or containing other financial content or texts that include advertising content are not part of this exemption. Additional detail can be found in the FCC’s July 2015 Declaratory Ruling and Order.
CAN-SPAM
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) establishes requirements for commercial emails and gives recipients the right to have you stop emailing them. CAN-SPAM applies to all commercial email messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” CAN-SPAM’s primary requirements include:
- Email header and routing information must be accurate and identify the person or business who initiated the message.
- The subject line should not be deceptive and must accurately reflect the content of the message.
- Message must be identified as an ad.
- Messages must include your valid physical postal address.
- Messages must include a way to opt-out of receiving further messages.
- Honoring a recipient’s opt-out request within 10 business days.
You can learn more about CAN-SPAM from the Federal Trade Commission (FTC) website and the FTC’s compliance guidelines .
CASL
Canada’s anti-spam legislation (CASL) regulates commercial electronic messages (CEM) that are sent to or by Canadians. A CEM is any electronic message (including a text or email) that encourages participation in a commercial activity. For example, a CEM would include a text or an email that offers to provide a service or a product (including a text or email that contains a coupon or describes a promotion). CASL does not apply to a pure service message (such as a simple reminder of an existing appointment), unless the message also encourages participation in a commercial activity (such as a reminder of an existing appointment which also promotes a sale on other services).
Key requirements of CASL include:
- Before sending a CEM, the sender must have an express consent or an implied consent from the recipient, or fall within one of the exemptions specified in CASL. You can learn more about the requirements for express and implied consent and exemptions here .
- Unless the sender has a complete exemption from CASL, the CEM must include (1) the name by which the sender carries on business, if different from its name, and if not, its actual name, (2) the sender’s mailing address and either a phone number or an email address or web address, valid for 60 days, and (3) an unsubscribe mechanism that allows the recipient to opt-out of receiving all future CEMs.
- The unsubscribe mechanism must be available to the recipient without cost, be easy to use, and must use the same electronic means as the CEM. The sender must process an unsubscribe request without delay, and in any event within 10 business days.
- CASL regulators expect senders to have a CASL corporate compliance program and CASL training materials. CASL also imposes certain record keeping requirements relating to express consents, implied consents, opt-outs, and CEMs. Weave does not maintain those records for you. For information on these requirements, see the links provided below or speak with your lawyer.
You can learn more about CASL from the Canadian government’s overview and frequently asked questions .
CTIA Messaging Principles and Best Practices
The CTIA , an organization representing the US wireless communications industry and companies throughout the mobile ecosystem, has developed and published Messaging Principles and Best Practices (Principles and Best Practices). The Principles and Best Practices reflect the wireless industry’s efforts to preserve the trust in the messaging services provided by the mobile network operators (MNOs), such as Verizon, AT&T, and T-Mobile. The Principles and Best Practices also support a wireless messaging community where message senders and consumers can exchange wanted messages and while still protecting consumers from unwanted messages, in conformity with applicable laws and regulations, such as TCPA and CAN-SPAM.
The Principles and Best Practices include parameters for facilitating business text messages, also known as “non-consumer” or “Application-to-Person” (A2P) messages, such as those sent by Weave subscribers through the Weave service. Regardless of regulation, the CTIA recommends that all A2P message senders should take the following actions to maintain consumer confidence in messaging services:
- Obtain a consumer’s consent to receive messages generally.
- Obtain a consumer’s express written consent to specifically receive marketing messages.
- Ensure that consumers have the ability to revoke consent.
Consent may vary upon the type of message content exchanged with a consumer. The Principles and Best Practices provides examples of the types of messaging content and the associated consent that should be expected for A2P messages.
10DLC Brand and Campaign Registration
In addition to the CTIA Principles and Best Practices, the mobile network ecosystem has been working to find ways to better support businesses sending A2P messages to consumers and reduce the number of spam text messages that consumers receive. In 2021 the MNOs began implementing standards to register and validate businesses that send A2P messages using 10-digit long codes (10DLC) (a 10-digit telephone number designed for A2P messaging). This is referred to as “brand” and “campaign” registration and validation. Providing visibility into the source and content of A2P messages allows the MNOs to provide more reliable and trustworthy messaging services. Businesses that send A2P messages via 10DLCs are required to register their brand and messaging campaigns through their service providers, like Weave, to take advantage of increased messaging deliverability and throughput, and avoid potential fees or disruption to texting services. Businesses that are registered and verified with the MNOs are less likely to be flagged for sending spam messages. You can find more information about these requirements here .
Your Responsibility to Use Weave in Compliance with the TCPA, CAN-SPAM, CASL, and other best practices
Weave text and email features have been designed with features to support you in complying with the TCPA, CAN-SPAM and CASL and enable you to make the most of your communications with customers. However, primary responsibility for compliance with TCPA, CAN-SPAM, CASL, and other best practices rests with you. You are responsible for the communications that you cause to be sent through the Weave service and for ensuring that those communications comply with all applicable laws. This includes, but is not limited to:
- Obtaining, documenting, and tracking customer consent.
- The content and frequency of communications.
- Promptly honoring opt-out and withdrawal of consent requests.
More details on your responsibility for compliance with laws and regulations can be found in Weave’s Terms of Service .
Weave has implemented the following features which support you in complying with the TCPA, CAN-SPAM, CASL, and the CTIA Principles and Best Practices:
Text messaging
- All automated texts have opt-out instructions appended to the end of the message. Additionally, regardless of the type of text message, the standard "STOP" reply will automatically unsubscribe customers from further text message communications. You can learn more about how customers can opt out of texts here .
- Our default text message templates include the name of the subscriber (e.g., "Hello {first name}, this is {subscriber name}"). These templates can be modified by you to include additional information, including contact information, message frequency, and applicable terms and conditions.
- Weave is your partner in registering and validating your 10DLC messaging brand and associated messaging campaigns with the MNOs and their partners. The majority of our existing subscribers’ brands and campaigns are already registered and validated. New subscribers are registered and validated during the onboarding process.
Email marketing
- Weave’s email marketing tool includes the following information as standard at the bottom of every email campaign:
- Unsubscribe instructions and automatic opt-out when requests are received
- Business and contact information, including postal address
- Required email subject and “From” email address for every email campaign.
Keep in mind, we aren’t your lawyers, so we cannot give you legal advice. Compliance with the TCPA, CAN-SPAM, CASL and other applicable laws, regulations or best practices will depend on your particular use case and context. This information should not be relied upon as legal advice or to determine how legal requirements apply to your use of the Weave service. We encourage you to seek guidance from your legal counsel regarding the requirements of TCPA, CAN-SPAM, and CASL and other relevant laws and regulations to ensure compliance.
-
Compliance with HIPAA When Using Weave
Read moreThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that seeks to improve the efficiency and effectiveness of the healthcare care system, while also establishing national standards for privacy and security protections for health information. The following information regarding HIPAA is not legal advice and is provided for information purposes only. Weave encourages you to seek legal advice from an attorney to obtain specific guidance-related compliance with HIPAA and the requirements applicable to your business.
HIPAA includes three primary rules:
- The Privacy Rule establishes standards for the protection of certain protected health information (PHI).
- The Security Rule establishes security standards for protecting the confidentiality, integrity, and availability of PHI held or transmitted in electronic form, otherwise known as electronic protected health information (ePHI).
- The Breach Notification Rule establishes standards for notification following a breach of unsecured PHI.
HIPAA generally applies to health plans, health care clearinghouses, and to most healthcare providers. These are referred to as “covered entities.” Additionally, persons or entities (like Weave) who perform functions or activities on behalf of a covered entity that involve access to PHI may also be considered “business associates” subject to certain HIPAA standards.
You can learn more about HIPAA requirements from the Department of Health and Human Services (HHS).
It’s important to know that HHS does not endorse or recognize private organizations’ HIPAA “certifications”. Some service providers may claim that they or their systems are “HIPAA compliant” or “HIPAA certified”. These claims are misleading, as compliance with HIPAA and other applicable laws and regulations will depend on your particular use case and context.
Weave is committed to protecting your data, including the PHI of your patients. Weave has been designed with features to support you in complying with HIPAA, while also enabling you to make the most of your communications with patients. However, primary responsibility for compliance with HIPAA rests with you. You are responsible for your use of the Weave service and for ensuring that your use of the Weave service complies with HIPAA and other applicable laws. This includes, but is not limited to:
- Taking your own steps to maintain appropriate security and privacy protections, including properly limiting access to the Weave service.
- Ensuring that all communications sent through the Weave service comply with the HIPAA Privacy and Security Rules, including calls, texts, faxes and email marketing messages.
- Notifying Weave of any of your policies, agreements or restrictions to which you have agreed that may affect Weave’s performance of services, and any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Weave’s use or disclosure of PHI.
Our legal, compliance, and security teams work across the company and alongside our customers to understand and meet customer needs. Weave has implemented the following safeguards to meet HIPAA requirements:
- Weave has established and implemented policies governing the protection and use of PHI.
- Weave has implemented administrative, technical, and physical safeguards for protecting PHI. Weave regularly reviews and enhances safeguards based on risk assessments. Safeguards in place include:
- Logical and physical access controls are employed to ensure that only authorized personnel access PHI.
- Encryption of data in-transit and at rest. Weave employs industry standard TLS 1.2+ and HTTPS encryption when transferring data between subscribers and Weave’s infrastructure. All subscriber data is encrypted at rest using AES-128-bit symmetric encryption keys or better.
- Security awareness training and education for all Weave personnel.
- Incident detection and response capability to detect and respond to security incidents and appropriately report any unauthorized access or use of PHI.
- Data is regularly backed up and replicated to geographically dispersed locations, which allows us to quickly recover and restore data and systems in the case of data corruption or loss.
- Weave’s privacy and security safeguards are reviewed and assessed by independent advisors.
- Weave has established a standard business associate agreement (BAA), which is an addendum to our standard Terms of Service. Our Terms of Service and BAA, together with our Privacy Policy, are designed to address Weave’s commitments for protection and use of personal information and PHI, per HIPAA, and other applicable privacy laws and regulations. Weave only uses your data to provide the Weave service to you, except with your prior written consent or as otherwise expressly permitted under the Terms of Service or BAA.
- Weave ensures that its subcontractors and personnel authorized to access PHI are bound by appropriate obligations of confidentiality or a BAA.
Below is additional information of which you should be aware and that will help you comply with HIPAA when communicating through the Weave service:
Team Chat
- Team Chat is designed to support secure communication between team members, with all messages encrypted in transmission and at rest.
Messages
- Weave Messages can be used to communicate in a manner that is compliant with HIPAA. However, it is your responsibility to discuss with your patients what information may be communicated via text, especially sensitive information and PHI. Text messages sent through Weave are transmitted via traditional SMS text message methods. Traditional SMS text messages are generally considered an insecure mode of communication, as texts are not encrypted in transit and there are limited controls over the message after it is sent. Compliance with HIPAA when sending texts will depend on the content of the text and other factors.
Fax
- Faxes sent through Weave are encrypted at rest with a unique encryption key for each customer. Additionally, Weave encrypts faxes sent through Weave. However, you should apply reasonable safeguards when sending PHI through fax to protect the information from inappropriate use or disclosure. More guidance is available by visiting the HHS website.
Email Marketing
- The Email Marketing feature was designed for our subscribers to communicate updates, promotions, and newsletter-type information with their patient base. Weave's Email Marketing feature was not designed for the purpose of communicating ePHI. Accordingly, the Weave Email Marketing feature does not include end-to-end encryption or other security features which would protect the contents of an email, such as sensitive ePHI, while in transit to the intended recipient. Emails sent to customers through Weave Email Marketing should never include sensitive information, and you should always discuss with your customers what information may be emailed to them.
- The HIPAA Privacy Rule provides individuals important controls over whether and how their PHI is used and disclosed for marketing purposes as that term is defined by HIPAA. With some exceptions, the Privacy Rule requires an individual’s written authorization before a use or disclosure of his or her PHI can be used for marketing. Compliance with the Privacy Rule while using Weave’s Email Marketing will depend on the content of the email and other factors. You can learn more about HIPAA and marketing by visiting the HHS website.
Digital Forms
- Forms sent and received through the Digital Forms service are encrypted in transit and at rest.
Call Recordings
- Call recordings are encrypted at rest with a unique encryption key for each customer.
Keep in mind, Weave cannot give you legal advice. Compliance with HIPAA and other applicable laws and regulations will depend on your particular use case and context. This information should not be relied upon as legal advice or to determine how legal requirements apply to your use of the Weave service. Weave encourages you to seek guidance from your legal counsel regarding the requirements of HIPAA and other relevant laws and regulations to ensure compliance.
-
Using Weave Outside the U.S./Canada
Read moreThe Weave service may be purchased only by customers located in the United States (including Puerto Rico) or Canada and is intended for use only in those locations. Weave makes no representations or warranties that the service is appropriate or available for use outside of the United States or Canada.
Subscribers that choose to access or use the Weave service from outside the United States or Canada do so at their own risk and are entirely responsible for compliance with local law, including, but not limited to export and import regulations. In addition, the Weave service is subject to United States export laws and regulations and may not be exported or re-exported to certain countries or those persons or entities prohibited from receiving exports from the United States.
You can read more about the location of the Weave service and other restrictions on use of the service in our Terms of Service.
Before you attempt to use or access the Weave service in other locations, please consider the following:
- Weave does not provide support for customers using the service outside of the United States or Canada.
- Weave does not ship VoIP telephones to locations outside the United States or Canada.
- The Weave mobile app can only be downloaded in the United States or Canada.
- Weave may block individuals from certain geolocations from downloading and updating the Weave desktop app.
- Weave may restrict accessing or using the service if we reasonably believe you are using the service outside of the United States or Canada.
- E911 service is not supported for VoIP phones located outside of the United States, Puerto Rico, or Canada. (See additional information below.*)
- Your VoIP call quality may suffer if you use the VoIP phones and service outside the United States or Canada. (See additional information below.**)
* PLEASE NOTE: Weave cannot provide E911 support for customers who use the service outside of the United States, Puerto Rico, and Canada. We want to make sure that you are aware of important differences in the way 911 service operates with a VoIP phone when compared with traditional telephone service. With traditional phone services, your 911 call is sent directly to the nearest emergency response center. With VoIP phone service, your 911 call is forwarded to a third-party service provider that will automatically or manually route your call to the emergency response center. Weave will attempt to provide the emergency operator with your service address, so it is important that your information on file with us is always accurate and updated. Weave currently only supports registration of E911 addresses located in the United States, Puerto Rico, and Canada. If you attempt to call 911 from a Weave VoIP phone located outside of the United States, or Canada, the emergency operator may assume that you are calling from the last registered address. You can update your E911 address at any time in the Weave Admin Portal. For a complete description of our VoIP service and limitations of E9-1-1 service, please see this important E911 information and Weave’s VoIP Terms of Service.
** PLEASE NOTE: VoIP call quality is impacted by internet bandwidth and congestion, priority routing rules, and latency, among other factors. Call quality may be impacted by the location of your VoIP phone relative to Weave’s infrastructure, located in data centers located in the United States. If you choose to relocate your physical VoIP phones outside of the United States or Canada and attempt to receive or make calls, your call quality is likely to be significantly degraded. For example, typical round trip time between the United States and Australia is around 200-300 milliseconds. To avoid degraded call quality, round trip time should ideally be no more than 120 milliseconds.
-
Security Update on Log4j2
Read moreTo our customers –
You may have seen in the news that a critical vulnerability (CVE-2021-44228) was identified earlier this month impacting a commonly used open-source Apache “Log4j2" utility. We take the security of our systems and our customers’ data very seriously, and we wanted to give you a bit of detail on what Weave has done to verify that the Weave platform is not impacted.
Upon learning of this security issue, Weave swiftly conducted an internal review to identify potentially impacted systems and services providers. Our review showed that Weave’s systems and software do not use this and are therefore not vulnerable to this security issue. We also confirmed that all critical service providers have taken appropriate steps to identify impacted systems and implement corrective measures.
We will continue to monitor the impact of this vulnerability and to keep our systems secure. We will update you if there are any significant developments. If you have any questions regarding this or any other security issue, you can reach me and my team at security@getweave.com.
Matt Hillary, Chief Information Security Officer
-
Understanding Weave Security
Read moreWeave employs multiple layers of security to protect your data.
At the organization layer, Weave has a dedicated security team, with a Chief Information Security Officer leading a team with security compliance, security engineering, security operations, and application security expertise to influence the secure handling of your data, and secure development and operation of Weave’s products. These team members monitor for incidents, events, and insecure configurations that may lead to the compromise of Weave’s products or your data.
At the physical and infrastructure layers, Weave’s products are hosted on Google Cloud Platform (GCP) and Amazon Web Services (AWS) -- both of which have favorable compliance reports including an ISO 27001 certification and SOC2 Type 2 report, demonstrating their security practices adhere to industry best practices.
At the data layer, your data is encrypted in transit and at rest in backend databases and object stores using industry accepted encryption protocols (TLS 1.2 or higher; AES-128 or higher) with known strong ciphers. Patient images, voicemails, and call recordings are encrypted with unique encryption keys for each subscriber. Encryption keys are stored only in memory by our services, and are encrypted on disk behind our key management system.
At the systems and software layer, Weave’s products are developed using OWASP Top 10 to guide the secure development practices. Systems are scanned for known vulnerabilities, and vulnerabilities are provided to the appropriate internal engineering teams to remediate in a timely manner commensurate with the severity of the vulnerability. Code development uses Continuous Integration (CI) and requires code change peer reviews and approvals prior to code being merged into the main code branch.
-
Weave Operating System Requirements
Read moreWeave is committed to keeping your data secure as it builds great technology for small businesses. As operating systems stop receiving security updates, they can no longer protect your customer data effectively.
To benefit from everything Weave has to offer, a supported operating system must be installed on each of your desktops and/or servers.
Desktop App Requirements
The Weave Desktop App will be installed on each computer station in your office that needs access to Weave.
The following is a list of supported desktop operating systems and when each will no longer be considered secure, thus not supported by Weave.
Operating System Date No Longer Supported Microsoft Windows 8.1 January 10, 2023 Microsoft Windows 10 release 20H2 May 10, 2022 Microsoft Windows 10 release 20H2, Enterprise and Education version May 9, 2023 Microsoft Windows 10 release 21H1 December 13, 2022 Microsoft Windows 11 release 21H2 October 10, 2023 Microsoft Windows 11 release 21H2, Enterprise and Education version October 8, 2024 MacOS 10.15 Catalina October 1, 2022 MacOS 11.0 Big Sur October 1, 2023 MacOS 12.0 Monterey October 1, 2024 Software requirements change over time, so make sure to keep your computers updated. For more detailed information on how to upgrade to a supported desktop operating system, you can reference these pages from Microsoft and Apple.
Server Requirements
If you signed up for the integrated version of Weave and have a server-based Practice Management Software, a sync application will need to be installed on your server.
The following is a list of supported server operating systems and when each will no longer be considered secure, thus not supported by Weave.
Operating System Date No Longer Supported Microsoft Windows Server 2012 October 10, 2023 Microsoft Windows Server 2012 R2 October 10, 2023 Microsoft Windows Server 2016 January 12, 2027 Microsoft Windows Server 2019 January 9, 2029 Microsoft Windows Server 2022 October 14, 2031