Privacy Policy
Effective Date: April 15, 2026 · Version 1.0
ClaimLock is committed to protecting the privacy and security of veteran health and disability information. This policy explains how we collect, use, protect, and manage your personal data in compliance with HIPAA (Health Insurance Portability and Accountability Act) principles.
Our commitment: Your veteran service and health information is encrypted at rest using AES-256-GCM military-grade encryption, transmitted exclusively over HTTPS/TLS, and never shared with third parties. We treat your data with the same respect your service deserves.
1. Information We Collect
When you use the ClaimLock Qualification Screener, we collect the following information that you voluntarily provide:
| Data Category | Specific Fields | Why We Need It |
|---|---|---|
| Service Information | Branch, service dates, discharge status, service era, deployment locations | Determine VA eligibility and identify presumptive conditions |
| Health Conditions | Claimed conditions, onset timing, whether service-connected | Match conditions to VASRD diagnostic codes |
| Documentation Status | Types of evidence available (medical records, nexus letters, buddy statements) | Assess evidence strength and identify gaps |
| Impact Information | Treatment status, daily life impact, employment impact, severity descriptions | Estimate disability rating based on VA criteria |
| Technical Data | IP address, browser type (user agent) | Security audit logging and abuse prevention |
2. How We Use Your Information
Your information is used exclusively for:
- Qualification screening: Evaluating your potential eligibility for VA disability compensation using AI analysis against VASRD criteria
- Result delivery: Generating and displaying your personalized screening results
- Security monitoring: Maintaining audit logs to detect unauthorized access attempts
- Service improvement: Aggregated, de-identified statistics to improve screening accuracy
We NEVER:
• Sell your personal information to third parties
• Share your identifiable health data with advertisers
• Use your data for purposes unrelated to VA disability screening
• Store your data longer than necessary (see data retention below)
3. How We Protect Your Information
We implement multiple layers of security to protect your data:
| Protection | Implementation |
|---|---|
| Encryption at Rest | All veteran PII and health data encrypted using AES-256-GCM before database storage. Encryption keys are managed separately from data. |
| Encryption in Transit | All data transmitted over HTTPS/TLS. HSTS headers enforce encrypted connections. |
| Access Controls | Sessions expire after 30 minutes of inactivity. Only your unique session ID can access your data. |
| Audit Logging | Every data access and modification is logged with timestamp, IP address, and action type. |
| Input Sanitization | All user inputs are validated and sanitized to prevent injection attacks. |
| Security Headers | HSTS, X-Frame-Options (DENY), X-Content-Type-Options, Referrer-Policy, and CSP headers prevent common web attacks. |
| Rate Limiting | API requests are rate-limited to prevent abuse and denial-of-service attacks. |
| PII Masking | Sensitive fields are never logged in plain text. All log output masks veteran health and service data. |
4. Data Retention
We retain your screener data as follows:
- Active sessions: Accessible for 30 minutes after last activity, then locked
- Completed screenings: Results stored for 90 days so you can revisit your assessment
- Audit logs: Retained for 1 year for security compliance purposes
- After retention period: Data is permanently deleted and cannot be recovered
5. AI Processing
Your screening data is processed by an AI system to evaluate your qualification. Important details:
- The AI evaluates your information against publicly available VA criteria (VASRD, 38 CFR)
- Your data is sent to OpenAI's API for processing, subject to their privacy policy
- We do not use your data to train AI models
- AI results are preliminary estimates, not legal or medical determinations
6. Your Rights
As a veteran using ClaimLock, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Deletion: Request permanent deletion of your screener data at any time
- Correction: Request correction of inaccurate personal information
- Withdraw Consent: Withdraw your consent for data processing (note: this will prevent us from providing screening results)
- Portability: Receive your data in a machine-readable format
To exercise any of these rights, contact us at the address below.
7. Consent
Before submitting any personal or health information through the screener, you are required to provide explicit consent. By checking the consent box and proceeding:
- You acknowledge you have read and understood this privacy policy
- You consent to ClaimLock collecting, encrypting, and processing your service and health information for the purpose of disability claim screening
- You understand your data will be processed by AI and stored securely
- You may withdraw consent at any time by contacting us
8. Cookies and Tracking
ClaimLock uses minimal tracking:
- Session ID: A unique identifier stored in your browser to track your screening session (not a cookie)
- Analytics pixel: A simple page view counter for internal analytics — no personal data is sent
- We do NOT use advertising cookies, retargeting pixels, or third-party trackers
9. Third-Party Services
- OpenAI: AI processing of screening data (subject to their privacy policy and data processing agreement)
- Google Fonts: Typography delivery (no personal data shared)
- Render / Neon: Infrastructure hosting with encryption at rest
10. Children's Privacy
ClaimLock is intended for use by veterans and their authorized representatives. We do not knowingly collect information from individuals under 18 years of age.
11. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the screener interface. The "Effective Date" at the top indicates when this version became active.
12. Contact Us
For privacy-related questions, data access requests, or to exercise your rights:
Email: claimlock@polsia.app
Subject Line: Privacy Request — [Your Name]
We will respond to all privacy requests within 30 days.