Privacy, policies, and legal information
At VA, we take your privacy seriously. That’s why we collect only the personal information that you provide to us, and ask you to provide only the information we need to complete your requests. This page explains our website privacy policy, including how we collect, store, use, and disclose your information. You’ll also find other information to help you understand your rights and how we’re complying with federal regulations and user agreements.
VA.gov Privacy Policy
Thank you for visiting VA.gov and reviewing our Privacy Policy. The Department of Veterans Affairs (VA) applies leading privacy practices and adheres to data stewardship principles in managing our web user data. The data stewardship principles guiding our efforts include the following goals:
- Protecting web user privacy,
- Maintaining the confidentiality of web user data, and
- Ensuring appropriate levels of security for web user data
This policy describes how VA applies these principles to the handling of personal information you provide to us via VA.gov web pages and forms. Personal information may include your name; email, home, and/or business address; phone numbers; Social Security number; or other information that identifies you personally.
Key features of our privacy policy include:
- This General Web Page Privacy Policy (“General Policy”) applies to all VA.gov web pages. Some VA.gov web pages may provide additional policy guidance on privacy practices that is compatible with this General Policy. These additional policy guidance documents are called “Limited Privacy Policies.” Please review any appropriate Limited Privacy Policy which may be presented to you prior to submitting your information on any VA.gov web page.
- We will not require you to register or provide personal information in order to visit the VA.gov website. However, certain areas of our site may require you to register or provide personal information before you will be granted access.
- VA.gov does not collect personal information from web users unless the personal information is provided by you. A Limited Privacy Policy will apply in each case where you may provide personal information to VA through our website.
- VA.gov will never sell or rent your personal information to outside parties.
- VA.gov uses web analysis tools (e.g., cookies) for limited uses authorized in this policy.
- This General Policy and each Limited Privacy Policy promotes the privacy, confidentiality, security, and responsible handling of any information collected by VA.gov over the web.
Privacy Act rights
VA follows the requirements of the Privacy Act, which protects your personal information that VA maintains in “systems of records.” A system of records is a file, database, or program from which personal information is retrieved by name or other personal identifier. The Privacy Act provides a number of protections for your personal information. These typically include how information is collected, used, disclosed, stored, and disposed. VA System of Records Notices are available at: Department of Veterans Affairs Privacy Act System of Records Notices. VA.gov is a platform that uses your data from VA Systems of Record and is itself not a system of record.
VA.gov is a Department of Veterans Affairs computer system. This computer system, including all related equipment, networks, and network devices (specifically including Internet access) are provided only for authorized uses. VA computer systems may be monitored for all lawful purposes, including ensuring that their use is authorized, managing the system, protecting against unauthorized access, and verifying security procedures, survivability, and operational security. During monitoring, information may be examined, recorded, copied, and used for authorized purposes.
VA.gov will not disclose your personal information to third parties outside VA without your consent, except to facilitate the transaction, to act on your behalf at your request, or as authorized by law.
When VA.gov does collect personal information from you online, we will tell you in advance in any applicable Limited Privacy Policy’s Privacy Act Statement. The Privacy Act Statement will contain any additional privacy policies that apply to the information collected on a particular VA.gov web page. The VA.gov web pages that collect personal information will have a hyperlink to the Limited Privacy Policy that applies to that particular web page.
VA.gov will use your information to process requests for VA services or information. When VA.gov collects information from you, we will reference the relevant authority in the appropriate Limited Privacy Policy. Providing the information is voluntary, but if it is not provided, we may not be able to process your request and provide you with electronic services. When information is required to process your request, we will advise you of this fact in the appropriate Limited Privacy Policy. Any decision you make not to provide information will not have any effect on any benefits to which you may be entitled.
Information collected and stored automatically
VA.gov automatically collects certain information about your visit to VA.gov web pages. We limit the data collected to meet specific business needs and to protect your privacy. We may know what path(s) you took on our websites, but we don’t know who you are. We do not use this information to identify you personally without your express consent and an authorized purpose.
We automatically collect and store the following information about your visit to the VA.gov website:
- General log information. Examples of general log information include, but are not limited to: Internet domain (for example, “xcompany.com” or “yourschool.edu”); Internet Protocol (IP) address; operating system; the browser used to access our website; the date and time you accessed our site; and the pages that you visited.
- Referral and statistical information where we have links to or from the site you visited. Such data may include aggregate data such as the number of offsite links occurring during a visit to a VA.gov web page. It may also include specific data, such as the identity of the site which you visited immediately before or after our site. We do not use such data to identify you personally.
We use the general log information to help us make VA.gov sites more useful to visitors. We use it to learn about how locations on our site are being used, what information is of most and least interest, and how we can enhance ease of use by ensuring our sites can interface with the types of technology our visitors use. We also use such statistics to tell us of any possible site performance problems. Except for oversight, law enforcement investigations, or protection of the VA information technology infrastructure as authorized by law, no other attempts are made to identify you or your usage habits.
General logs are used for no other purposes than the purposes described above, and are scheduled for regular destruction in accordance with General Records Schedules published by the National Archives and Records Administration (NARA) and agency record control schedule requirements.
Use of cookies and tracking technologies
When you visit certain websites, they send a small piece of information called a “cookie” to your computer along with the web page. This is also true of VA.gov.
There are two kinds of cookies.
- A Session Cookie is a line of text that is stored temporarily in your computer’s random access memory (RAM). A Session Cookie is destroyed as soon as you close your browser.
- A Persistent Cookie is a line of text that is saved to a file on your hard drive and is called up the next time you visit that website. This lets the website remember information about your previous visits and use of the website. Persistent Cookies are generally not used by VA or other federal government websites, unless there is a compelling and authorized reason for their use. If any VA web page uses a Persistent Cookie, then the Limited Privacy Policy for that web page will clearly state the purpose and legal authority for such use. VA.gov does not use Persistent Cookies to retain information.
We use Session Cookies in the following manner:
- Log-in and log-off process: You do not have to log in and register to browse our site. However, if you decide to register with VA.gov, Session Cookies help with the log-in and log-off process. The cookies enable us to recognize your log-in ID when you log in so that we do not create a duplicate log-in or registration record for you.
- Transactions and site usability: We use Session Cookies to improve how you navigate through our website and conduct transactions. Session Cookies are used to maintain your online session as you browse over several pages, or to store and enter information on a web page so that you do not have to reenter the same information, repetitively. Session Cookies may also be used to collect referral statistics when you click on a link to or from a VA.gov web page.
Registration and log in
You are always welcome to use VA.gov without registering or logging in for certain services such as general content browsing, finding VA facilities, and completing forms to apply for health care or education benefits. Other areas of the site that use your personal information and VA records, such as when you save a benefit application for submission later, refill a prescription, use secure messaging with your health care provider, and check the status of claims and appeals will require an email address, password, and additional methods for identification.
Password protection
When you register for a VA.gov account, access to your personal information will be protected by multifactor authentication, which includes an email address, a password, and at least one other authentication factor such as a cellular phone that can receive security codes via text message. We strongly recommend that you do not divulge your password to anyone and that you change it on a regular basis, and that you do not share the device used for your additional authentication factor.
Saving of passwords by browser
Many Internet browsers allow users to save user information, including passwords. When prompted by a browser to save your VA.gov authentication credentials such as your email address and password, you should decline this option. Saving this information could potentially allow persons who gain access to a shared workstation to access your personal information, although you are protected to some extent in this case by the VA.gov requirement for multifactor authentication before accessing your personal information.
Logging out
Please remember to log out when you are finished using personalized VA.gov services. Logging out prevents someone else from accessing your personal information if you leave, share, or use a public computer (located, for example, in a library or an Internet cafe) and your session hasn’t automatically “timed out” or shut down. You should remember to log out. If you forget to log out or 30 minutes of non-activity pass, the session will time out.
Information sharing
We do not sell, rent, or otherwise provide your personal information to outside marketers. Information collected via VA.gov may be shared with employees, contractors, and other service providers as necessary to respond to a request, provide a service, or as otherwise authorized by law. If appropriate, additional information regarding the use and disclosure of information collected on specific web pages will be posted in the appropriate Limited Privacy Policy for that web page.
Digital analytics program
We participate in the Digital Analytics Program, a government-wide analytics tool for federal agencies. As part of this participation, this website uses Google Analytics Premium. Please refer to the following policies on Google’s website for more information:
- Google’s main privacy policy
- Cookies & Google Analytics on Websites
- Opt out of Google Analytics Cookies
Security
In those instances where we secure your personal information in transit to us over the Internet, and upon our receipt, VA.gov uses industry-standard encryption, including Secure Socket Layer (SSL). The connection icon area on your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked. Your browser may also display a lock symbol on the task bar at the bottom of your screen to indicate this secure transmission is in place. You should refer to the instructions for your particular Internet browser software to determine how to examine the security certificate from our website to verify the security of the connection.
For site security purposes and to ensure that VA.gov web pages remain available to all users, VA employs software programs to monitor network traffic in order to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for oversight or authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy.
Unauthorized attempts or acts to (1) access, upload, change, or delete information on this system, (2) modify this system, (3) deny access to this system, or (4) accrue resources for unauthorized use on this system, are strictly prohibited and may be considered violations subject to criminal, civil, or administrative penalties.
VA.gov takes the security of all personally identifiable information we receive very seriously. We implement various measures to protect the security and confidentiality of personally identifiable information. Such measures include access controls designed to limit access to personally identifiable information to the extent necessary to accomplish our mission. We also employ various security technologies to protect personally identifiable information stored on our systems. We test our security measures periodically to ensure that they remain operational.
Links to other sites
VA.gov provides access to other websites outside our control and jurisdiction. When you click on a link to these websites, you leave our website and your communications no longer are protected by our privacy policies. VA is not responsible for the privacy practices or the content of non-VA websites. We encourage you to review the privacy policy or terms and conditions of those sites to fully understand what information is collected and how it is used.
Contact VA Privacy Service
Please let us know if you have any questions or concerns regarding our privacy policy or use of your information. You can contact us online at Contact VA Privacy Service, or you can mail your question or concern to Department of Veterans Affairs, Privacy Service, 810 Vermont Avenue, N.W. (005R1A) Washington, DC 20420.
Your inquiry will be treated confidentially and will not be shared with third parties, except as necessary to respond to your inquiry and for other purposes as authorized by the Privacy Act and other relevant legal authority.
The VA Privacy Service works to minimize the impact on Veterans’ privacy, particularly Veterans’ personal information and dignity, while achieving the mission of the Department of Veteran Affairs.
Last reviewed on December 15, 2023
VA Privacy Service
Privacy policies, procedures, and regulations
Privacy Impact Assessments (PIAs)
System of Records Notices (SORNs)
Account policies
My HealtheVet Terms and Conditions
Other VA policies
Veterans Crisis Line privacy and security
Veterans Crisis Line text terms of service
Digital notifications terms and conditions
Vulnerability Disclosure Policy