No. VA Disability Pro is a direct-to-consumer software service. We are not a HIPAA covered entity or business associate, and HIPAA does not govern the information you give us. Rather than claim “HIPAA compliance,” we tell you plainly that we protect your health-related information with the strong safeguards described below, and that we are subject to the Federal Trade Commission Act and the FTC’s Health Breach Notification Rule (16 CFR Part 318).

• Identifiers / account: email, name, contact details, and account credentials.
• Veteran profile: legal name, date of birth, mailing address, phone, the last 4 digits of your SSN, and your VA file number.
• Health & claim data (sensitive): the conditions and symptoms you log, and medical or service documents you upload.
• AI-generated drafts created from your inputs.
• Payment: processed by Stripe — we do not store your full card number.
• Usage & device: analytics, device/browser data, and cookies used to run and improve the Service.

We collect this from you directly (and usage data automatically). The last-4 SSN, VA file number, and health data are sensitive personal information.

• To provide the Service and generate your drafts (via AI).
• To process your subscription and provide support.
• To secure, maintain, and improve the Service.
• To meet legal obligations and enforce our Terms.

We do not use your sensitive or health information to infer characteristics, for advertising, or for any purpose other than providing the Service to you.

We share data only with vendors who help us run the Service, under contract and only as needed:

• Amazon Web Services — hosting, storage, and the AI (Amazon Bedrock) that analyzes documents and generates drafts.
• Stripe — subscription payments.
• Error/usage monitoring — with sensitive fields scrubbed before they leave the app.

We do not sell or “share” your personal information (as those terms are defined under California law), and we never share your health data for advertising. We may disclose data if required by law or to protect rights and safety.

• 30-day deletion grace period: when you request deletion, you have 30 days to undo it before it becomes permanent. Deleting your account removes all of your data, including billing records and uploaded files.
• 7-year retention cap: we keep claim and health records no longer than 7 years, after which they are automatically purged. (This is our own retention limit — it is not a HIPAA requirement, since, as noted above, HIPAA does not apply to us.)

If your health information is acquired or disclosed without authorization, we will notify you without unreasonable delay (and no later than 60 days), and notify the FTC — and prominent media where 500 or more residents of a state are affected — consistent with the FTC Health Breach Notification Rule.

You can access, correct, export, or delete your data at any time from your account or by emailing privacy@vadisabilitypro.com. We will not discriminate against you for exercising these rights, and we respond within the timeframes the law requires (e.g., 45 days under California law). We may need to verify your identity, and you may use an authorized agent.

California (CCPA/CPRA): you have the rights to know, access, correct, and delete your personal information; to opt out of the “sale” or “sharing” of personal information; and to limit the use of your sensitive personal information. We do not sell or share personal information and we use sensitive personal information only to provide the Service, so no further limitation is needed — but you may still contact us. We honor Global Privacy Control (GPC) browser signals as opt-out requests.

If you are a Washington consumer (or your data is collected there), the following applies to your “consumer health data” — the conditions, symptoms, and medical documents you provide:

• What & why: we collect it from you to generate your claim materials and provide the Service, as described above.
• Consent: we collect and use your consumer health data only with your consent, for these purposes.
• Sharing: only with the subprocessors listed above, to provide the Service. We do not sell consumer health data (and would never do so without your separate written authorization).
• Your rights: to access, delete, and withdraw consent. Email privacy@vadisabilitypro.com to exercise them.

We use necessary cookies to keep you signed in and limited analytics to understand and improve usage. We do not use third-party advertising cookies. You can control cookies through your browser, and we honor GPC signals as described above.

The Service is for adults (18+) pursuing their own VA claim. It is not directed to children, and we do not knowingly collect personal information from anyone under 13 (or under 18). If we learn we have, we will delete it.

VA Disability Pro is operated by VA Disability Pro, LLC (Roswell, Georgia). We may update this policy; material changes update the version above and we will ask you to re-accept. Questions or privacy requests: privacy@vadisabilitypro.com.