Last updated: 2/4/2026

1. Geographic and Eligibility Requirements

United States Only: ValorAI is designed only for users in the United States. Our services help U.S. veterans and their families with VA benefits and claims. When you use this service, you confirm you are in the United States.

We may collect location data with your consent. We use this to verify eligibility and provide local resources. This includes nearby VA facilities, VSO offices, and community events.

2. Information We Collect

We collect information you give us directly, including:

Account information (name, email, password)
Profile information
Usage data and interactions with our services
Payment information (processed securely through Stripe)
DD-214 documents and military service records (only when you use our Benefits Report feature)
Veterans Affairs (VA) account information (only when you connect your VA account)
Location preferences (city, state, ZIP, and approximate coordinates when you consent)
Push notification subscriptions (encrypted browser endpoint and keys)
Notification settings and digest preferences (quiet hours, delivery channel, frequency)
Community participation data such as event RSVPs, attendance, and hosted events
Achievement progress (badges you unlock within ValorAI)

VA Benefits Report Feature

When you use our free VA Benefits Eligibility Report:

DD-214 Upload: We use AI to process your DD-214 document. This extracts service information and checks benefits eligibility.
Data Usage: Information from your DD-214 is used only to generate your personalized benefits report and create your ValorAI user profile
Temporary Storage: For anonymous users, reports are deleted after 24 hours unless you sign up and claim the report
No Sharing: Your DD-214 data and service records are never shared with third parties. They are only used for benefits analysis.

VA Account Connection (VA.gov Integration)

When you connect your VA.gov account to ValorAI:

OAuth Authorization: We use VA.gov's secure OAuth 2.0 authentication to access your veteran information. You control what data you let us access.
Data We Access: With your permission, we may access:
- Veteran verification status
- Service history including dates, branch, and discharge type
- Disability rating information
- Active claims status and updates
- Benefits enrollment data
How We Use VA Data: We use this information to:
- Auto-fill VA forms with accurate service information
- Track your claim status in real-time
- Provide personalized benefits recommendations
- Display your service history and disability ratings
Data Storage: VA data is encrypted when stored and when sent. OAuth tokens are stored securely. They are automatically refreshed.
You Control Access: You can disconnect your VA account anytime from Account Settings. This immediately stops our access and deletes your VA data from our systems.
No Sharing: Your VA data is never sold, shared with third parties, or used for marketing. It is used only to provide you with benefits services.
Compliance: We follow all VA security requirements and data handling policies. Our integration must be reviewed and approved by the VA.

Location sharing & local matching

If you enable location services, we store basic information. This includes your city, state, ZIP code, and approximate location. We use this to recommend nearby events, mentors, and resources. You can remove this data or disable sharing anytime. Go to the Privacy Center or Location Settings page.

Push notifications & digests

When you subscribe to browser push notifications, we store an encrypted endpoint from your browser. We also store your delivery preferences. We use this to send digest summaries and updates that you choose to receive. You can revoke web push access from the Privacy Center or Notifications settings.

3. How We Use Your Information

We use the information we collect to:

Provide and maintain our services
Process your transactions
Send you important updates and notifications
Improve our services and user experience
Match you with local resources, community events, and digest content when you grant location permissions

4. Data Storage and Security

We use industry-standard security measures to protect your data, including:

Encryption of sensitive data
Secure database hosting through Supabase
Regular security audits and updates
Location and push subscription data encrypted when sent and when stored

Health Data Retention Policy

Automatic Data Deletion: To protect your privacy, we automatically delete health-related data after 180 days of account inactivity. This includes medical records, nexus letters, DBQs, and VA medical records. You will get an email 30 days before any automatic deletion. Logging into your account resets this timer and saves your data.

This policy makes sure sensitive health information is not kept forever for inactive accounts. This reduces the risk of unauthorized access to your protected health information.

5. Your Data Rights

You have the right to:

Access Your Data: See all information we have collected about you
Delete Your Data: Request deletion of all your personal information. This includes DD-214 data, benefits reports, VA connection data, and account information.
Export Your Data: Download a copy of your data in a portable format
Modify Your Data: Update or correct any information in your account
Manage Consent: Turn location sharing, web push subscriptions, and digest delivery on or off. Do this in the Privacy Center.

Privacy Center controls

The in-app Privacy Center lets you download a consolidated export. You can delete saved location data. You can revoke web push permissions. You can change data sharing preferences. All in one place.

How to Delete Your Information

You can delete all your information at any time by:

Go to your Account Settings in the dashboard
Go to the Privacy & Data section
Click "Delete All My Data"

Important: Deleting your data is permanent. It cannot be undone. All your benefits reports, VA connection data, documents, and account information will be permanently removed from our systems within 45 days.

6. Health Information Disclaimer

Important: This service is for education and information only. It is not for medical decisions. ValorAI is not a healthcare provider. We do not provide medical advice, diagnosis, or treatment.

Any health information you share with ValorAI is used only to help with VA benefits applications. This includes medical records for disability claims. This information is encrypted when stored and when sent. We do not share your health information with third parties. The only exception is when we need to process your VA claims. This only happens with your permission.

7. Third-Party Service Providers

We use third-party service providers to operate ValorAI. Each provider can only access the data they need for their specific job:

Clerk (clerk.com) - Authentication and user management
Stripe (stripe.com) - Payment processing. Stripe handles all payment card data; we never store your full card number.
Supabase (supabase.com) - Database hosting and storage with encryption at rest
Sentry (sentry.io) - Error monitoring and performance tracking. No PII is intentionally logged.
PostHog (posthog.com) - Product analytics to improve user experience (loaded only with your explicit consent; default off for signed-in veterans)
xAI (x.ai) - AI processing for chat and document analysis. Data is processed but not used for training.
VA.gov (va.gov) - Official VA integration for veteran verification and claims data (only when you connect your VA account)
Vercel (vercel.com) - Application hosting and content delivery

We have agreements with each provider. These agreements require them to protect your data. They can only use your data for the purposes we specify. We do not sell your data to any third party.

Third-Party Use and Disclosure Prohibition: Third parties cannot use or share your information without your permission. This includes de-identified, anonymized, or pseudonymized data. All third-party vendors and contractors must follow the same rules. These rules are about using and sharing your data. These rules are stated in this Privacy Policy.

De-identified and Anonymized Data: We do not share de-identified, anonymized, or pseudonymized data with third parties without your permission. This includes sharing for marketing, research, or analytics. Any aggregated or anonymized data we use to improve our service is processed internally. This data does not identify individual users.

8. Genetic, Biometric, and Family Medical History Data

We do NOT collect: ValorAI does not collect, store, or process genetic data, biometric identifiers like fingerprints or facial recognition, or family medical history information.

Any health or medical information you share with ValorAI is handled as follows:

Uploaded by you voluntarily to help with VA benefits claims
Never used to figure out genetic or hereditary conditions
Never shared with insurance companies, employers, or other third parties
Automatically deleted per our health data retention policy after 180 days of inactivity

9. Data Breach Notification

If a data breach affects your personal information, we will:

Notify you within 72 hours of discovering a breach that affects your personal data
Describe what happened including what type of breach occurred and what data was affected
Explain our response including steps we took to stop and fix the breach
Provide guidance on steps you can take to protect yourself
Offer support including a dedicated contact for questions and concerns

We will email you at the address on your account. We will also notify relevant regulatory authorities as required by law.

10. Business Transfers

If ValorAI is involved in a merger, acquisition, sale, or bankruptcy:

Advance Notice: We will email you at least 30 days before any transfer of your personal data
Same Protections: Your data will still be protected by the privacy protections in this policy
Right to Delete: You can delete all your data before the transfer takes effect
New Terms: If the new owner has different privacy practices, you can choose to consent or delete your data

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

Material Changes: We will email you at least 30 days before major changes take effect
Minor Changes: Small updates like clarifications or formatting may be made without notice
Last Updated Date: The date at the top of this policy shows the most recent update
Previous Versions: You can request previous versions of this policy by contacting support@tryvalor.ai

If you keep using ValorAI after changes take effect, you accept the updated policy. If you do not agree with changes, you can delete your account and data before they take effect.

12. Dormant Account Retention

For accounts that become inactive (no login or activity):

Health Data: Automatically deleted after 180 days of inactivity (see Section 4)
General Account Data: Kept until you delete your account or request deletion
2-Year Notice: After 2 years of inactivity, we will email you asking if you want to keep your account
3-Year Deletion: If you do not respond after 3 years of inactivity, your account and all data will be permanently deleted

Logging in resets the inactivity timer. We will always try to notify you before any automatic deletion.

13. Accessibility

ValorAI is committed to digital accessibility. Our website and applications meet:

WCAG 2.1 Level AA web accessibility standards
Minimum 4.5:1 contrast ratio for text readability
Screen reader compatibility with ARIA labels and semantic HTML
Keyboard navigation for all interactive elements

If you encounter accessibility barriers, please contact us at support@tryvalor.ai and we will work to address them promptly.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: support@tryvalor.ai