VA Disability Center
Claims Guide Disability Ratings Appeals Process Conditions PTSD Claims TDIU Nexus Letters Resources FAQ About Us Contact Get Started Free

Privacy Policy

Last updated: January 2026

1. Information We Collect

Account Information: When you create an account, we collect your username, email address, and a securely hashed password. We do not store plaintext passwords.

Documents and Files: Files you upload to the Document Vault are encrypted with AES-256 encryption before storage. File names are also encrypted. We do not access, review, or analyze the content of your uploaded documents.

Claims Data: Information you enter into the Appeals Wizard (conditions, evidence descriptions, service history) is encrypted and stored to support your claim-building process.

Usage Data: We maintain an audit log of data access events (login, document access, file uploads/downloads) for security purposes. These logs include IP addresses, timestamps, and user agent strings.

Lead Information: If you submit your email through a contact form or lead capture, we store your email address to provide requested information.

2. How We Use Your Information

  • To provide and maintain our platform services
  • To authenticate your identity and secure your account
  • To store and organize your documents and claims information as you direct
  • To detect and prevent unauthorized access (security monitoring)
  • To respond to your support inquiries
  • To send service-related communications (account security, platform updates)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: All uploaded files are encrypted with AES-256-CBC before storage, with unique initialization vectors per file
  • Password security: Passwords are hashed using bcrypt with 12 salt rounds
  • Session security: Server-side session tokens with 24-hour expiration
  • Access controls: Rate limiting, account lockout after failed attempts
  • Secure deletion: When you delete a file, it is overwritten with random data before removal from disk
  • Audit logging: All data access events are logged for security monitoring
  • HTTPS: All data transmitted between your browser and our servers is encrypted in transit

4. Data Retention

Documents are retained for a default period of 7 years (consistent with VA record-keeping guidelines) unless you delete them sooner. Deleted documents are soft-deleted immediately and permanently purged after 30 days. Account data is retained as long as your account is active.

5. Your Rights

You have the right to:

  • Access your personal data stored on our platform
  • Download copies of your uploaded documents
  • Delete your documents and account data
  • Request information about what data we hold about you

6. Sensitive Health Information

We understand that documents uploaded to our platform may contain sensitive medical and health information. We treat all uploaded documents as confidential and apply the security measures described in Section 3. While we are not a HIPAA-covered entity, we implement security practices aligned with HIPAA technical safeguard requirements as a matter of best practice.

7. Third-Party Services

If you choose to connect with an attorney through our network, your data sharing with that attorney is governed by a separate agreement between you and the attorney. We will only share your data with a third party with your explicit consent.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date.

9. Contact

For privacy-related inquiries, please contact us.