Privacy Policy

Last Updated: October 1, 2025

Your Privacy Matters: VetStack is committed to protecting your privacy and securing your personal information. This Privacy Policy explains how we collect, use, and safeguard your data.

1. Introduction

VetStack ("we," "us," or "our") operates a mobile and web application that helps veterans access their VA benefits claims information. This Privacy Policy describes:

  • What information we collect and why
  • How we use and protect your information
  • Your rights regarding your personal data
  • How to contact us with privacy concerns

By using VetStack, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 VA Benefits Claims Data

When you authorize VetStack to access your VA benefits information, we collect:

  • Claims status and details
  • Claim submission and update dates
  • Claim types and categories
  • Associated documentation metadata

This data is accessed through the official VA Benefits Claims API and is used solely to display your claims information within the VetStack application.

2.2 Authentication Information

VetStack uses VA.gov OAuth authentication. We receive:

  • OAuth access tokens (used to access your VA data)
  • Basic profile information from your VA.gov account (name, email if provided)
  • Authentication timestamps

Important: We never see, store, or have access to your VA.gov password or credentials. All authentication is handled securely by VA.gov, ID.me, or Login.gov.

2.3 Usage and Analytics Data

To improve VetStack and understand how it's used, we collect:

  • App usage statistics (features used, pages viewed)
  • Device information (device type, operating system, app version)
  • Performance metrics (load times, error rates)
  • Crash reports and diagnostic data

This data is collected through Firebase Analytics and is used to improve app performance and user experience.

2.4 Email Notifications

If you sign up for launch notifications or updates, we collect:

  • Email address
  • Signup timestamp
  • Notification preferences

2.5 Information We Do NOT Collect

VetStack does not collect:

  • Your VA.gov password or login credentials
  • Medical records or health information
  • Financial information (bank accounts, credit cards)
  • Social Security Number
  • Precise geolocation data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Provide the Service

  • Display your VA benefits claims information
  • Sync data from the VA Benefits Claims API
  • Send notifications about claim updates
  • Provide offline access to previously loaded data

3.2 Improve the Service

  • Analyze usage patterns to enhance features
  • Identify and fix bugs and performance issues
  • Develop new features based on user needs
  • Conduct testing and quality assurance

3.3 Communicate with You

  • Send launch notifications (if you signed up)
  • Respond to support requests
  • Send important service updates
  • Notify you of changes to our policies

3.4 Ensure Security and Compliance

  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect the rights and safety of our users

4. How We Share Your Information

4.1 We Do NOT Sell Your Data

VetStack does not sell, rent, or trade your personal information to third parties. Period.

4.2 Third-Party Service Providers

We share limited data with trusted third-party services that help us operate VetStack:

  • Firebase (Google): Authentication, database, analytics, and hosting
  • Department of Veterans Affairs: VA Benefits Claims API for accessing your claims data

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Requests from law enforcement or government agencies
  • Protection of our rights, property, or safety
  • Emergency situations involving potential harm

4.4 Business Transfers

If VetStack is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your data.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Encryption

  • In Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
  • At Rest: All stored data is encrypted using industry-standard encryption algorithms

5.2 Access Controls

  • Limited employee access to user data
  • Multi-factor authentication for administrative systems
  • Regular security audits and assessments
  • Secure credential storage using industry best practices

5.3 OAuth Security

  • OAuth tokens are securely stored and encrypted
  • Tokens have limited permissions (read-only for claims data)
  • Tokens can be revoked at any time through VA.gov

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

6. Data Retention

6.1 Active Accounts

We retain your VA benefits claims data for as long as your VetStack account is active and you maintain authorization for us to access your VA data.

6.2 Account Deletion

When you revoke VetStack's authorization or delete your account, we:

  • Delete your cached VA benefits claims data within 30 days
  • Retain anonymous analytics data for service improvement
  • May retain certain data as required by law or for legitimate business purposes

6.3 Email Notifications

Launch notification email addresses are retained until you unsubscribe or VetStack launches, whichever comes first.

7. Your Privacy Rights

7.1 Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Request corrections to inaccurate information
  • Request a copy of your data in a portable format

7.2 Deletion and Revocation

You can:

  • Revoke VetStack's access to your VA data at any time through VA.gov account settings
  • Request deletion of your VetStack account and associated data
  • Unsubscribe from email notifications

7.3 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (note: we do not sell data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

7.4 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

8. Children's Privacy

VetStack is intended for use by veterans who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete that information promptly.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use essential cookies for:

  • Maintaining your login session
  • Remembering authentication state
  • Ensuring app functionality

9.2 Analytics Cookies

We use Firebase Analytics to collect usage data. These cookies help us understand:

  • How users interact with VetStack
  • Which features are most useful
  • Where improvements are needed

9.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect VetStack's functionality.

10. Third-Party Links

VetStack may contain links to third-party websites, including:

  • VA.gov
  • ID.me
  • Login.gov
  • VooStack.com

We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

11. International Data Transfers

VetStack is based in the United States, and your information is processed and stored in the United States. If you access VetStack from outside the United States, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email or in-app notification
  • Continued use of VetStack after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

14. Data Protection Officer

For privacy-related inquiries or to exercise your data rights, you may contact our Data Protection Officer at:

Summary: VetStack collects only the data necessary to provide our service. We never sell your data, we use industry-standard security measures, and you maintain full control over your information. Your privacy and security are our top priorities.