Your security.
Built into everything we do.
You're trusting us with your medical history, your military service record, and your personal health details. We don't take that lightly. Here's exactly how we protect it — no marketing language, no vague promises.
Your claim data belongs to you.
We do not sell it, share it with insurers or attorneys, or use it to train AI models. When you request deletion, we work to remove your data from active systems promptly. This is our operating principle — not something buried in a terms of service document.
How we protect your data
We never store your password
VA Claim Pilot uses Google OAuth for sign-in. Your credentials stay with Google — we never see, receive, or store your password. Sign-in security is handled entirely by Google's authentication infrastructure, not by us.
Your records are isolated at the database level
Every table in our database has Row Level Security (RLS) enforced — not just in the app, but at the database engine itself. We design the system so that access controls are applied at the database layer, making it significantly harder for application-level issues to expose another user's records. Your data is structurally isolated from other accounts.
Encrypted in transit and at rest
Your data is encrypted at rest using AES-256. All traffic between your browser and our servers uses TLS (HTTPS), so nothing you submit travels across the internet in plain text. We enforce HTTPS — there is no plain HTTP fallback.
We only collect what your claim needs
We ask for your conditions, symptoms, service history, and supporting details — because that's exactly what's required to build a strong claim packet. We do not collect your Social Security number, financial account information, or any data unrelated to your claim. If we don't need it to help you, we don't ask for it.
Your data is not sold or shared for profit
We do not sell your data to insurance companies, attorneys, data brokers, or advertisers. We do not use your health information to train AI models. We do not share your information with third parties for marketing purposes. Your claim data exists for one purpose: to help you build a stronger VA claim.
You can request deletion at any time
You have the right to request deletion of your account and the data associated with it. Email us at info@vaclaimpilot.com and we will process your request within 30 days, removing your data from active systems. A self-serve delete option is in development.
Built on certified infrastructure
We run on platforms that have earned recognized third-party certifications. Their compliance posture raises the baseline for everyone using VA Claim Pilot.
Supabase
Our database and authentication infrastructure. SOC 2 Type 2 certified, PostgreSQL-backed, with built-in encryption at rest and row-level security enforcement.
View security details →Vercel
Our hosting and deployment platform. SOC 2 Type 2 certified, with automatic HTTPS, DDoS mitigation, and global edge infrastructure.
View security details →Google OAuth
Authentication handled entirely by Google. No passwords stored by VA Claim Pilot. Google's security infrastructure protects your sign-in credentials.
View security details →What we're still working toward
We believe transparency builds more trust than a polished checklist. Here's what we haven't done yet — and what's on the roadmap:
Independent penetration testing
Planned — scheduled before public launch at scale.
SOC 2 Type 2 certification for VA Claim Pilot itself
On the roadmap. We currently inherit compliance from Vercel and Supabase, but plan to pursue our own certification as the platform grows.
In-app account deletion
Live. Your information is yours, and you can choose to remove it anytime using the account deletion option in your account settings.
Bug bounty program
Planned. Responsible disclosure contact available now at info@vaclaimpilot.com.
A note on HIPAA
VA Claim Pilot is a claim preparation tool, not a healthcare provider or health plan. We are not a HIPAA "covered entity." That said, because you share sensitive health information with us, we apply privacy- and security-conscious practices appropriate for that kind of data: minimum necessary collection, access controls, encryption, and no sharing of your information for commercial purposes.
If you have questions about how your specific data is handled, email us directly at info@vaclaimpilot.com. We will respond plainly, not with a legal form letter.
Ready to build your claim with confidence?
Your data is protected. Your claim is yours. Let's get started.