Virginia Data Sciences ("we," "us," or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect information you provide when using our services, including the VA Claims Intelligence Tool and the Data Analytics Platform.
Account Information: When you create an account, we collect your email address and a securely hashed password. We do not store your password in plain text.
VA Claims Documents (VA Claims Tool): When you upload a PDF file through the VA Claims Tool, we extract the text content of that document. The original PDF is not stored after processing — only the extracted text is retained, and it is encrypted at rest using AES-256-GCM encryption before being saved to our database.
Business Data Files (Data Analytics Platform): When you upload spreadsheets, CSVs, or other data files through the Data Analytics Platform, processing occurs client-side in your browser whenever possible. On the free tier, no uploaded data is stored on our servers after your session ends. On paid tiers, data you explicitly choose to save is encrypted at rest before storage.
Usage Data: We maintain an audit log of actions taken with your documents (uploads, views, deletes) including timestamps and IP addresses. This is required for HIPAA compliance (VA Claims Tool) and general security purposes.
Technical Data: We may collect basic technical information such as your browser type and IP address for security monitoring.
We do not use your documents or personal data to train AI models. Your data is never shared with third parties for marketing purposes, never sold, and never accessed by our staff except to diagnose technical issues you report.
We may use de-identified, aggregated data that cannot be traced back to any individual for internal analytics and service improvement purposes. For example, we may analyze aggregate trends such as average document processing times, common document types, or feature usage patterns — with all personally identifying information removed.
This anonymized data helps us improve the accuracy, speed, and reliability of our tools. It is never shared with third parties in any form that could identify you or your organization.
We take the security of your health information seriously:
Right to Access: You can view all documents you've uploaded through the "My Documents" page.
Right to Delete: You can permanently delete any uploaded document and all associated data (extracted text, analysis results) at any time using the Delete button in "My Documents." Audit logs are retained per legal requirements but your content is permanently removed.
Right to Data Portability: Contact us to request a copy of your data in a portable format.
Right to Correct: Contact us to correct inaccurate account information.
VA Claims Tool: Uploaded document text and analysis are retained until you delete them. Audit logs are retained for 7 years to comply with HIPAA requirements.
Data Analytics Platform (free tier): Data processed in-browser is not retained on our servers. Any session data is discarded when your session ends.
Data Analytics Platform (paid tiers): Saved analyses and reports are retained until you delete them or close your account.
Account information is retained while your account is active and for a reasonable period after closure.
The VA Claims Intelligence Tool processes documents that may contain protected health information (PHI). Our architecture is designed to be BAA-ready, meaning we can enter into a Business Associate Agreement with covered entities upon request. Our data handling practices align with HIPAA Security Rule requirements including administrative, physical, and technical safeguards.
To request a Business Associate Agreement, contact us at privacy@virginiadatasciences.com.
We use the following third-party services:
We do not sell your data to third parties. We do not use advertising services or tracking pixels on authenticated pages.
We use session cookies and localStorage to maintain your login state. We do not use third-party advertising cookies. You can disable cookies in your browser, but this will prevent you from logging in.
Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of our services after changes constitutes acceptance of the updated policy.
For privacy questions, data requests, or to report a security concern: