Privacy Policy

1. Who We Are

VA Rating Assistant ("we", "us", "our") provides a platform to help users estimate VA disability ratings and manage related documents. For privacy matters, contact: [email protected] or 522 W Riverside Ave STE N Spokane, WA 99201-0580.

2. What Data We Collect

• Account information: Name, email, user ID, admin level
• Billing information: Phone number, address (via Stripe)
• Uploaded documents (may include health records)
• Document metadata
• Disability estimates
• Payment and subscription status (via Stripe)
• Order history (via Stripe)
• Support tickets (if submitted)
• Admin activity logs
• Analytics and usage data

3. How We Use Your Data

• Provide and improve our services
• Process payments and manage subscriptions
• Communicate with you (e.g., notifications, support)
• Ensure security and prevent fraud
• Comply with legal obligations

4. Special Category Data

Some uploaded documents may contain health information. This data is encrypted, only accessed for service purposes, and never sold or shared with third parties.

5. How We Store and Protect Your Data

• Data is stored securely in Supabase (database and encrypted S3 storage).
• Health records and sensitive documents are encrypted at rest.
• Access is restricted to authorized users and admins.
• We implement technical and organizational measures to protect your data.

Cookies and Tracking

We only use cookies and local storage that are strictly necessary for the website to function (such as authentication and your cookie consent choice). We do not use analytics, marketing, or tracking cookies. No third-party analytics or advertising scripts are loaded on this site.

6. Third-Party Processors

We use trusted third parties to process your data:

• Stripe (payments, billing info)
• Supabase (database, authentication, storage)

These providers are contractually required to protect your data and comply with GDPR.

7. Data Retention & Deletion

• You can delete your account and uploaded documents at any time.
• Payment and billing data is retained per Stripe's policy.
• Support tickets and admin logs are retained as needed for support and audit purposes.
• Data is deleted or anonymized when no longer required.

8. Your Rights

Under GDPR, you have the right to:

• Access your data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time (where applicable)
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at [email protected] or 522 W Riverside Ave STE N Spokane, WA 99201-0580.

9. International Transfers

Your data may be processed outside the EEA. We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

10. Changes to This Policy

We may update this policy. Changes will be posted on this page with a new "last updated" date.

11. Contact

For privacy questions or requests, contact: [email protected] or 522 W Riverside Ave STE N Spokane, WA 99201-0580.