Security & Privacy

Your Data Is Protected

We built Duty To Assist AI for veterans — people who have already sacrificed enough. Protecting your personal information and claim data is not optional. Here is exactly how we do it.

TLS 1.3 EncryptedFirebase SecuredGoogle Cloud FedRAMPAuto PII RedactionZero Data Selling

Our Privacy Principles

We cannot see your documents by default

Documents you upload are stored in your private storage bucket, accessible only by your authenticated account. Our staff cannot access your files without your explicit permission.

Your AI analysis is never permanently stored

When you use the AI Claim Interview, your symptoms and service history are sent to our AI for analysis on-the-fly and are not written to any database. Each analysis session is stateless.

PII is stripped before AI processing

Our server automatically detects and replaces SSNs, VA file numbers, phone numbers, and email addresses with redaction markers before sending any text to the AI model.

We do not sell your data

We do not sell, rent, or share your personal information or claim data with any third parties, advertisers, or data brokers.

You can delete your data at any time

From your account settings, you can permanently delete all your claim data, uploaded documents, and your account. Deletion is immediate and irreversible.

Security Technologies We Use

Every technology below is linked to its official documentation so you can verify our claims independently.

TLS 1.3 Encryption

All data transmitted between your browser and our servers is encrypted using Transport Layer Security 1.3 — the same standard used by banks and the DoD.

What is TLS?

Firebase Security Rules

Your Firestore database records and uploaded files are protected by Firebase Security Rules. Only you — authenticated as the owner — can read or write your own claim data.

Firebase Security Rules docs

Google Cloud Infrastructure

All data is stored on Google Cloud, which holds FedRAMP High authorization — the same authorization required for U.S. federal government systems handling sensitive data.

Google FedRAMP compliance

Automatic PII Redaction

Before any text you enter is sent to our AI for analysis, our server automatically scans and redacts Social Security Numbers, VA file numbers, phone numbers, and email addresses.

Firebase Authentication

Accounts are secured using Firebase Auth with support for Google Sign-In, email/password with bcrypt hashing, and optional multi-factor authentication.

Firebase Auth overview

Firebase Storage — Private by Default

Documents you upload are stored in private Firebase Storage buckets. Access requires a valid authenticated session token. Files are never publicly accessible.

Firebase Storage security

How Automatic PII Redaction Works

When you describe your symptoms or service history in the AI Claim Interview, our server runs an automatic redaction pass before the text ever reaches the AI model. Here is what gets automatically removed:

Social Security Numbers (e.g., 123-45-6789)
VA File Numbers (9-digit claim numbers)
Phone numbers (all formats)
Email addresses
Dates of birth (when labeled)
Credit card numbers
Names following keywords like "veteran:" or "patient:"

Example

Before:"My SSN is 123-45-6789 and I was born on 01/15/1985"

Sent to AI:"My SSN is [SSN REDACTED] and I was born on [DOB REDACTED]"

What We Can and Cannot See

We CAN see (with your consent)

  • Your name and email used for account login
  • Claim status notes you explicitly save to your dashboard
  • Anonymized usage analytics (pages visited, features used)

We CANNOT see

  • Documents you upload (private storage bucket)
  • Your Social Security Number or VA file number
  • Symptoms entered in the AI Interview (not stored)
  • Your passwords (hashed by Firebase Auth)

Questions About Your Data?

If you have any questions about how your data is handled, want to request a data export, or want everything deleted, contact us directly.

📞 804-898-5939Read Full Privacy Policy