Is this service accredited by the VA?

We are an AI-powered platform and professional guidance service that helps veterans prepare and organize their claims. You remain in full control of your submission.

Can I use this for an appeal?

Yes. Our platform supports initial claims, supplemental claims, and appeals. The AI will guide you through the specific documentation and evidence needed for your appeal type.

Absolutely. We use 256-bit encryption, HIPAA-Compliant AI to store and process all personal data and medical records. Your information is never shared with third parties.

VA CLAIMS MADE EASY

Privacy Policy

Veterans deserve clarity — not legalese. Here's exactly what we collect, how we use it, and how we protect it.

Effective Date

22/04/2026

Last Updated

22/04/2026

17 sections

At VA Claims Made Easy, we take the privacy of veterans' information seriously. The information you share — service records, medical records, disability history — is some of the most sensitive data a person has. We've tried to write this honestly and clearly.

This Privacy Policy describes how VA Claims Made Easy, Inc. ("Company," "we," "us") collects, uses, discloses, and protects information when you use the VA Claims Made Easy mobile application, vaclaimsmadeasy.com, and related services (the "Service").

Personal Information

Information that identifies, relates to, or could reasonably be linked to you.

Sensitive Personal Information

Health, medical, military service, disability, financial, biometric, geolocation, and government-ID information.

Consumer Health Data

Information about your past, present, or future physical or mental health, as defined by applicable state health privacy laws.

The Company is not a HIPAA Covered Entity. We don't bill insurance or operate as a healthcare provider ourselves. However, we hold ourselves to HIPAA-equivalent safeguards, modeled on the HIPAA Security Rule (45 CFR §§ 164.308, 164.310, 164.312).

Our Infrastructure Commitments

Business Associate Agreements (BAAs) with AWS and OpenAI
Zero Data Retention with OpenAI — confirmed in writing
No training on your data — contractually prohibited
End-to-end encryption of data in transit and at rest
Role-based access controls, MFA, and comprehensive audit logging

Applicable Laws

FTC Act §5FTC Health Breach Notification RuleCCPA/CPRAColorado Privacy ActVirginia CDPAConnecticut DPAUtah CPATexas DPSAOregon CPAMontana CDPAWA My Health My Data ActNevada SB370

You Provide Directly

Name, date of birth, SSN, VA file number
Service branch, dates, DD-214
Medical records, diagnoses, treatment history
Claim-related content and buddy statements
Messages with staff and AI chatbot
Payment info (no full card numbers stored)

Collected Automatically

Device model, OS version, crash logs
Screens viewed, features used, timestamps
IP address, approximate location, connection type
Login attempts, access logs, audit logs

From Third Parties

Identity verification providers (if applicable)
Services you authorize for record retrieval
Payment and fraud-prevention providers

We don't knowingly collect information from anyone under 18. The Service is for adult veterans.

Provide the Service

Document organization, AI analysis, drafting assistance, and team review coordination.

Internal Team Review

Help our specialists review your materials for completeness.

In-App Messaging & AI Support

Enable chatbot and messaging features.

Authentication & Security

Verify identity, secure the Service, detect fraud or misuse.

Payments & Subscriptions

Process transactions and manage your plan.

Legal & Regulatory Compliance

Meet tax, audit, and legal obligations.

Service Improvement

Debug and improve using de-identified or aggregated data.

How AI Processes Your Information

No training on your data — contractually prohibited with all AI providers
Zero Data Retention with OpenAI — prompts not retained after each API call
U.S. data residency — AI inference performed in U.S. infrastructure
Human-in-the-loop — AI outputs are suggestions for review, not professional advice

Performance of Contract

Providing the Service you signed up for.

Your Consent

Required for sensitive personal information. You may withdraw by deleting your account or contacting us.

Legal Obligation

Tax, recordkeeping, fraud prevention, and lawful requests.

Legitimate Interests

Security, fraud prevention, service improvement — balanced against your rights.

WA, NV, CT residents: Specific consent for consumer health data is obtained through a distinct in-app consent flow. You can revoke anytime.

We do not sell your personal information. We do not share it for cross-context behavioral advertising. We do not share consumer health data for advertising, marketing, or lead-generation.

With your permission

When you submit your claim to VA or authorize retrieval of records from a third party.

Internal team

VA claims specialist, affiliated physician, admin, and support — on a need-to-know basis under confidentiality obligations.

Service providers

Under written contracts with BAAs/DPAs including AWS (BAA), OpenAI (BAA + Zero Data Retention), and other key vendors.

Department of Veterans Affairs

Only at your direction, as part of your own submission. You submit your claim yourself.

Affiliated physician

If you engage clinical services, records pass into the physician's separate clinical record system.

For legal reasons

To comply with law, lawful process, or government requests; to protect rights, property, or safety.

Business transfers

In connection with a merger or acquisition, subject to confidentiality and continued protection.

Technical Safeguards

TLS 1.2+ encryption in transit
AES-256 encryption at rest
RBAC with least-privilege enforcement
MFA required for all staff and privileged access
Comprehensive audit logging
Segregated dev, staging, and production environments

Administrative Safeguards

Workforce training on data protection
Background checks for staff with sensitive data access
Formal incident response and breach-notification procedures
Periodic vulnerability scanning and penetration testing

Physical Safeguards

U.S.-region AWS data centers with SOC 2, ISO 27001, and HIPAA-eligible configurations
No on-premise storage of production user data

Claim-related documents

Account lifetime + 7 years after closure

Account and billing records

7 years after last transaction

Server and security logs

Up to 24 months

Messaging with staff

Up to 7 years

AI inference data (OpenAI)

Zero retention — not stored after API call

De-identified / aggregate data

Indefinitely

If we determine that a breach of unsecured personal or health information has occurred, we'll notify affected users and relevant regulators as required by applicable law, including the FTC Health Breach Notification Rule (16 CFR Part 318) and state breach-notification statutes. Notice will include what happened, what information was involved, what we're doing to fix it, and what you can do to protect yourself.

Access — get a copy of your personal information
Correction — request correction of inaccurate data
Deletion — request deletion (subject to legal retention)
Portability — receive data in a portable format
Restriction / Objection — limit certain processing
Opt-out of sale / sharing / targeted advertising
Withdraw consent — including consumer health data consent
Appeal — appeal a denial of a privacy request
Non-discrimination — we won't penalize you for exercising your rights

Email reuben@vaclaimsmadeasy.com or use the in-app 'Privacy Request' option. We'll respond within 30–45 days.

The Service is not intended for children under 18, and we don't knowingly collect their information. If you think a child has provided information, please contact us to delete it.

The Service is hosted in the United States and is intended for U.S. veterans. If you access it from outside the U.S., your information is transferred to and processed in the U.S. under U.S. law.

Our web properties honor Global Privacy Control (GPC) signals where required by law and treat them as valid opt-out requests.

On vaclaimsmadeasy.com we use strictly-necessary cookies and limited analytics. Our cookie banner lets you manage non-essential cookies where applicable. The mobile app uses local storage and device identifiers you can reset in your device settings.

California (CCPA/CPRA)

We don't sell or share personal information, including sensitive personal information. We don't use or disclose sensitive personal information except for limited business purposes permitted under CCPA (§ 7027).

Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana

You have the rights in Section 10. Sensitive data processing is based on your consent, which you can withdraw.

Washington (My Health My Data Act)

Consumer health data is processed only with your consent or as strictly necessary. We do not sell consumer health data. We do not geofence healthcare or health-related locations.

Nevada

We do not sell personal information or consumer health data as defined by Nevada law.

Connecticut consumer health data

Processing is governed by the consent and revocation procedures in Section 5.

If we make material changes, we'll notify you at least 14 days before they take effect, via the app or email. Continued use after the effective date means you accept the updated Policy.

CompanyVA Claims Made Easy, Inc.

Legalreuben@vaclaimsmadeasy.com

Supporttech@vaclaimsmadeasy.com

Mailing Address265 Miller St, Hinesville, GA 31313

Important Notice

VA Claims Made Easy is a private company. We are not affiliated with, endorsed by, sponsored by, or connected to the U.S. Department of Veterans Affairs. Free assistance with VA claims is available through VA.gov and VA-accredited Veterans Service Organizations. Thank you for your service.