Last updated: 3/21/2026

1. Geographic and Eligibility Requirements

United States Only: ValorAI is designed exclusively for users located within the United States. Our services, including VA benefits assistance and claims support, are tailored to U.S. veterans and their families. By using this service, you confirm that you are located within the United States.

We may collect location data (with your consent) to verify eligibility and provide localized resources such as nearby VA facilities, VSO offices, and community events.

2. Information We Collect

We collect information that you provide directly to us, including:

Account information (name, email, password)
Profile information
Usage data and interactions with our services
Payment information (processed securely through Stripe)
DD-214 documents and military service records (only when you use our Benefits Report feature)
Veterans Affairs (VA) account information (only when you connect your VA account)
Location preferences (city, state, ZIP, and approximate coordinates when you consent)
Push notification subscriptions (encrypted browser endpoint and keys)
Notification settings and digest preferences (quiet hours, delivery channel, frequency)
Community participation data such as event RSVPs, attendance, and hosted events
Achievement progress (badges you unlock within ValorAI)

VA Benefits Report Feature

When you use our free VA Benefits Eligibility Report feature:

DD-214 Upload: Your DD-214 document is processed using AI to extract service information and assess benefits eligibility
Data Usage: Information from your DD-214 is used solely for generating your personalized benefits report and creating your ValorAI user profile
Temporary Storage: For anonymous users, reports are automatically deleted after 24 hours unless you sign up and claim the report
No Sharing: Your DD-214 data and service records are never shared with third parties or used for any purpose other than benefits analysis

VA Account Connection (VA.gov Integration)

When you connect your VA.gov account to ValorAI:

OAuth Authorization: We use VA.gov's secure OAuth 2.0 authentication to access your veteran information. You control which data you authorize us to access.
Data We Access: With your permission, we may access:
- Veteran verification status
- Service history (dates, branch, discharge type)
- Disability rating information
- Active claims status and updates
- Benefits enrollment data
How We Use VA Data: This information is used to:
- Auto-fill VA forms with accurate service information
- Track your claim status in real-time
- Provide personalized benefits recommendations
- Display your service history and disability ratings
Data Storage: VA data is encrypted at rest and in transit. OAuth tokens are stored securely and automatically refreshed.
You Control Access: You can disconnect your VA account at any time from Account Settings, which immediately revokes our access and deletes your VA data from our systems.
No Sharing: Your VA data is never sold, shared with third parties, or used for marketing. It is used exclusively to provide you with benefits services.
Compliance: We follow all VA security requirements and data handling policies. Our integration is subject to VA review and approval.

Location sharing & local matching

If you enable location services, we store only coarse information such as your city, state, ZIP code, and an approximate latitude/longitude. This allows us to recommend nearby events, mentors, and resources. You can remove this data or disable sharing at any time from the Privacy Center or Location Settings page.

Push notifications & digests

When you subscribe to browser push notifications, we store an encrypted endpoint provided by your browser along with your delivery preferences. We use this information to send digest summaries and critical updates that you opt into. You can revoke web push access from the Privacy Center or Notifications settings.

3. How We Use Your Information

We use the collected information to:

Provide and maintain our services
Process your transactions
Send you important updates and notifications
Improve our services and user experience
Match you with local resources, community events, and digest content when you grant location permissions

4. Data Storage and Security

We use industry-standard security measures to protect your data, including:

Encryption of sensitive data
Secure data platform hosting through Convex
Regular security audits and updates
Location and push subscription data encrypted in transit and at rest

Health Data Retention Policy

Automatic Data Deletion: To protect your privacy, health-related data (including medical records, nexus letters, DBQs, and VA medical records) is automatically deleted after 180 days of account inactivity. You will receive an email notification 30 days before any automatic deletion occurs. Simply logging into your account resets this timer and preserves your data.

This policy ensures that sensitive health information is not retained indefinitely for inactive accounts, reducing the risk of unauthorized access to your protected health information.

5. Your Data Rights

You have the right to:

Access Your Data: View all information we have collected about you
Delete Your Data: Request deletion of all your personal information, including DD-214 data, benefits reports, VA connection data, and account information
Export Your Data: Download a copy of your data in a portable format
Modify Your Data: Update or correct any information in your account
Manage Consent: Toggle location sharing, web push subscriptions, and digest delivery preferences via the Privacy Center

Privacy Center controls

The in-app Privacy Center lets you download a consolidated export, delete saved location data, revoke web push permissions, and adjust data sharing preferences in one place.

How to Delete Your Information

You can delete all your information at any time by:

Going to your Account Settings in the dashboard
Navigating to the Privacy & Data section
Clicking "Delete All My Data"

Important: Deleting your data is permanent and cannot be undone. All your benefits reports, VA connection data, documents, and account information will be permanently removed from our systems within 30 days.

6. Health Information Disclaimer

Important: This service is for educational and informational purposes only, not for clinical decisions. ValorAI is not a healthcare provider and does not provide medical advice, diagnosis, or treatment.

Any health-related information you share with ValorAI (such as medical records for disability claims) is used solely to assist with VA benefits applications. This information is encrypted at rest and in transit. We do not share your health information with third parties except as required to process your VA claims with your explicit consent.

7. Third-Party Service Providers

We use the following third-party service providers to operate ValorAI. Each provider has access only to the data necessary for their specific function:

Clerk (clerk.com) - Authentication and user management
Stripe (stripe.com) - Payment processing. Stripe handles all payment card data; we never store your full card number.
Convex (convex.dev) - Realtime application data platform and secure backend data storage
Sentry (sentry.io) - Error monitoring and performance tracking. No PII is intentionally logged.
PostHog (posthog.com) - Product analytics to improve user experience (loaded only with your explicit consent)
xAI (x.ai) - AI processing for chat and document analysis. Data is processed but not used for training.
VA.gov (va.gov) - Official VA integration for veteran verification and claims data (only when you connect your VA account)
Vercel (vercel.com) - Application hosting and content delivery

We have data processing agreements with each provider requiring them to protect your data and use it only for the purposes we specify. We do not sell your data to any third party.

8. Genetic, Biometric, and Family Medical History Data

We do NOT collect: ValorAI does not collect, store, or process genetic data, biometric identifiers (fingerprints, facial recognition, etc.), or family medical history information.

Any health or medical information you share with ValorAI (such as medical records for disability claims) is:

Voluntarily uploaded by you for the sole purpose of assisting with VA benefits claims
Never used to infer genetic or hereditary conditions
Never shared with insurance companies, employers, or other third parties
Subject to automatic deletion per our health data retention policy (180 days of inactivity)

9. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify you within 72 hours of discovering a breach that affects your personal data
Describe what happened including the nature of the breach and types of data affected
Explain our response including steps taken to contain and remediate the breach
Provide guidance on steps you can take to protect yourself
Offer support including a dedicated contact for questions and concerns

Notifications will be sent via email to the address associated with your account. We will also notify relevant regulatory authorities as required by law.

10. Business Transfers

If ValorAI is involved in a merger, acquisition, sale of assets, or bankruptcy:

Advance Notice: You will be notified via email at least 30 days before any transfer of your personal data
Same Protections: Your data will remain subject to the privacy protections in this policy
Right to Delete: You may delete all your data before the transfer takes effect
New Terms: If the acquiring entity has different privacy practices, you will be given the choice to consent or delete your data

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

Material Changes: We will notify you via email at least 30 days before significant changes take effect
Minor Changes: Non-material updates (clarifications, formatting) may be made without notice
Last Updated Date: The date at the top of this policy reflects the most recent update
Previous Versions: You may request previous versions of this policy by contacting support@tryvalor.ai

Continued use of ValorAI after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you may delete your account and data before they take effect.

12. Dormant Account Retention

For accounts that become inactive (no login or activity):

Health Data: Automatically deleted after 180 days of inactivity (see Section 4)
General Account Data: Retained until you delete your account or request deletion
2-Year Notice: After 2 years of inactivity, we will email you asking if you wish to keep your account
3-Year Deletion: If no response after 3 years of inactivity, your account and all data will be permanently deleted

Simply logging in resets the inactivity timer. We will always attempt to notify you before any automatic deletion.

13. Accessibility

ValorAI is committed to digital accessibility. Our website and applications are designed to meet:

WCAG 2.1 Level AA web accessibility standards
Minimum 4.5:1 contrast ratio for text readability
Screen reader compatibility with ARIA labels and semantic HTML
Keyboard navigation for all interactive elements

If you encounter accessibility barriers, please contact us at support@tryvalor.ai and we will work to address them promptly.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: support@tryvalor.ai