Data Privacy & Security Commitment

In-Transit Security: All data submitted through our intake forms is protected using Industry-Standard SSL/TLS Encryption (HTTPS), ensuring information cannot be intercepted during transmission.
At-Rest Protection: Veteran data is stored on encrypted volumes within secure, enterprise-grade cloud infrastructure.

Secure Cloud Provider: VCH is hosted on DigitalOcean, a trusted U.S.-based cloud provider.
HIPAA Compliance (BAA in Place): VCH maintains a signed Business Associate Agreement (BAA) with DigitalOcean, ensuring that our infrastructure meets HIPAA security and privacy requirements for handling sensitive data.

PII Minimization: Before any data is sent to AI systems, personally identifiable information (PII) is removed or masked to ensure sensitive veteran data is not exposed.
No Model Training: Data processed through VCH’s AI features is not used to train or improve external AI models.
Purpose-Limited Processing: AI is used strictly to assist with claim-related workflows such as document generation and form assistance — never for data profiling or secondary use.

100% U.S.-Based Operations: All VCH staff are U.S.-based and subject to domestic privacy laws and background checks.
Strict Access Controls: We follow the principle of Least Privilege. Access is logged and monitored so only authorized personnel assigned to a case can view records.
No Monetization: Veteran data is never sold, leased, or monetized. It is used strictly to support claims processing.

VA Form Automation: VCH securely automates official VA form population, reducing manual handling and limiting exposure of sensitive identifiers.
Transparency: Veterans maintain full ownership of their records.

“Our mission is to serve those who served. Protecting your data is the foundation of that trust.”