Skip Navigation or Skip to Content

Privacy Policy

Last updated: December 22, 2025

VeraGov is committed to protecting privacy and maintaining reasonable administrative, technical, and physical safeguards.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website or use our services. We collect information that is necessary to operate our business effectively, enhance your user experience, process payments, and fulfill applicable legal and regulatory obligations.

We may disclose personal information and other information when required by law, court order, or other legal processes, or if we believe in good faith that disclosure is reasonably necessary to enforce our policies, respond to claims, protect our rights, property, or safety, or that of others.

In providing solutions to government or enterprise customers, VeraGov may act as a data processor under applicable laws. In such cases, our clients control the personal data collected, and VeraGov processes such data solely under their instructions and agreements. Users should refer to the respective customer’s policies for further details.

Descriptions of security controls, safeguards, or compliance measures in this Privacy Policy describe VeraGov’s general practices and do not constitute contractual warranties or guarantees. Specific security, data protection, and compliance obligations applicable to our platform users are governed by our Terms of Use.

We use commercially reasonable encryption in transit and, where appropriate, at rest, consistent with our security practices. Our platform supports multi-tenant isolation, role-based access control (RBAC), and audit logging. VeraGov employs a security-first development lifecycle, which includes automated and manual vulnerability scanning. Our internal team practices least-privilege access, and any external vendor that handles sensitive information on our behalf must meet or exceed applicable standards or equivalent certifications.

VeraGov implements commercially reasonable audit logging, access controls, vulnerability management, encryption in transit and at rest, and multi-factor authentication for sensitive data access. In the event of a confirmed or suspected security incident involving user data, VeraGov will follow its incident response protocols and provide timely breach notification in accordance with applicable law.

Where applicable and required by law, we can enter into Business Associate Agreements (BAAs) with covered entities or business associates. In addition, our signature workflows comply fully with applicable regulations, and we provide downloadable, timestamped copies of signed documents to end users. Our incident response program includes timely breach notifications to users and regulators in accordance with applicable law.

We may collect the following categories of data:

  • Identifiers such as name, email address, phone number, and account credentials
  • Contact information and communications
  • Financial and billing information
  • Government-issued identifiers when required for VA-related submissions
  • Medical and health-related information provided for claims or eligibility review
  • Technical data such as IP address, device type, browser type, and log data
  • Usage and interaction data
  • Geolocation data derived from IP address

We do not collect personal contacts from a user’s device unless explicitly provided by the user.

Additionally, we may collect certain technical data through your interaction with our products or services, including your IP address, browser type, device information, and interaction behavior. We may collect sensitive data particularly when needed to support claims, eligibility reviews, or regulatory submissions related to systems like those of the Department of Veterans Affairs (VA).

We may retain data following service delivery or longer where required by applicable law or business necessity. Claim-related records, forms, and associated metadata may be retained for audit, evidentiary, or regulatory purposes as required by applicable law, contractual obligations or applicable government program requirements. Users acknowledge that such data may be subject to legal discovery or VA audit. We may anonymize and aggregate data to improve our services, conduct internal analytics, or develop new offerings, products or services.

De-identified, anonymized, or pseudonymized data may be used for internal analytics, service improvement, security monitoring, and product development. Such data will not be used to identify individual users.

Use of AI or analytics features within the VeraGov platform is subject to our Terms of Use and applicable Product Terms (as defined therein), which govern rights, limitations, and responsibilities associated with such features.

VeraGov retains personal data only for as long as necessary to provide our services, comply with legal obligations, and meet regulatory or audit requirements. Active account data is retained for the duration of the user’s account.

If an account becomes dormant, meaning no login or activity for a continuous period of 24 months, VeraGov will retain the data for up to 36 months from the date of last activity, unless a longer retention period is required by law or VA regulations.

After the applicable retention period, data will be securely deleted or irreversibly anonymized.

Information is collected through a combination of user-submitted forms, secure login sessions, browser cookies, and analytics tools. In some cases, we may receive data from third-party integrations. This data allows us to personalize your experience, maintain service reliability, comply with regulatory mandates (such as VA documentation submission), and provide technical and customer support. Your information may be processed in jurisdictions that may have different data protection laws than those of your jurisdiction.

VeraGov may share user data with the following categories of third parties:

  • Payment processors for billing and transactions
  • Cloud infrastructure and hosting providers
  • Identity verification and security vendors
  • Authorized VA systems and government APIs
  • VA-accredited professionals designated by the user

These entities may use data solely to perform services on VeraGov’s behalf and for no other purpose.

These parties assist us in delivering our services securely and efficiently. By using VeraGov, you acknowledge that your information may be disclosed, including claim-related data, to authorized persons and the VA and other authorized government systems, solely as necessary to process claims, verify eligibility, or comply with legal obligations.

VeraGov does not sell user data for profit or any other monetary consideration. User data is not used for targeted advertising or other transactions that could involve money.

Some information provided by users may also relate to other individuals. Users are responsible for ensuring they have the right to share such information.

Third-party use or disclosure of user data, including de-identified or anonymized data, is prohibited without the user’s explicit consent. All vendors and contractors are contractually bound to the same data protection and confidentiality obligations as VeraGov.

We honor applicable privacy rights, including those established under the California Consumer Privacy Act (CCPA/CPRA) for California residents. U.S. users may request access to, correction of, or deletion of their personal information, subject to our legal and regulatory obligations, including obligations to retain data for VA audit, claims verification, or other statutory requirements.

VeraGov is committed to supporting applicable Department of Veterans Affairs data protection, privacy, and security requirements where relevant to its services.

By using our website or services, you acknowledge and agree to these practices, including electronic consent where applicable under E-SIGN, UETA, or their international equivalents.

You are responsible for maintaining the confidentiality of your login credentials and any activity under your account. If you suspect unauthorized access, please contact us immediately.

From time to time, we may send you service updates, newsletters, or promotional messages. Even if you opt out of such messages, we may still send important service or transactional messages.

To protect personal information, VeraGov employs administrative, technical, and physical safeguards designed to support confidentiality, integrity, and availability. These measures include encryption in transit and, where appropriate, at rest, access controls, audit logging, and incident response procedures. No security program can guarantee absolute security.

Cookies and similar tracking technologies are used on our website to improve functionality and understand how visitors interact with our content. Session cookies help facilitate features such as report generation, while persistent cookies support login retention and analytics. You can disable cookies through your browser settings; however, doing so may limit functionality, performance or availability of features.

Our services may contain links to or integrate with third-party websites or applications. We are not responsible for the privacy practices, security, or content of these external sites or applications. We encourage you to review the policies of any Vendor, sites or applications that you interact with.

Our services and website are not intended for use by children under the age of 13, and we do not knowingly collect personal data from children under 13. If such data is inadvertently collected, it will be deleted as soon as we become aware of it.

Users may request permanent deletion of their data at any time. To request deletion, users must email support@veragov.com from the email address associated with their account and include the subject line “Data Deletion Request.”

Upon verification of the request, VeraGov will delete or irreversibly de-identify personal information that we are not required to retain for legal, regulatory, audit, security, or fraud-prevention purposes. Data deletion will be completed generally within 45 days of the request being verified.

If VeraGov undergoes a merger, acquisition, sale of assets, or business closure, users will be notified. Users will have the option to:

  • Download or securely transfer their data
  • Request secure deletion of their data
  • Close their account

Any new owner will be required to adhere to privacy practices consistent with this policy.

We may update this Privacy Policy from time to time at our discretion. We will notify users of material changes to this Privacy Policy by posting an updated Privacy Policy on the website and, where appropriate, by email. Continued use of our website after such updates constitutes your agreement to the revised policy.

If you have any questions relating to this Privacy Policy, please contact us at support@veragov.com.