Privacy, policies, and legal information

VA.gov Privacy Policy

Thank you for visiting VA.gov and reviewing our Privacy Policy. The VA applies leading privacy practices and adheres to data stewardship principles in managing our web user data. The data stewardship principles guiding our efforts include the following goals:

• Protecting web user privacy, and
• Maintaining the confidentiality of web user data, and
• Ensuring appropriate levels of security for web user data

This policy describes how VA applies these principles to the handling of personal information you provide to us via VA.gov web pages and forms. Personal information may include your name; email, home, and/or business address; phone numbers; Social Security number; or other information that identifies you personally.

Data stewardship principles outline clear responsibilities and standards for managing data safely and ethically. Key areas include accountability, transparency in data practices, maintaining high data quality, and protecting data with robust security and privacy measures. These principles promote effective data governance, lifecycle management, system integration, and compliance with legal and regulatory requirements. Adhering to them enables organizations to use data responsibly while minimizing risks related to security, privacy, and compliance.

Key features of our privacy policy include:

• This General Web Page Privacy Policy (“General Policy”) applies to all VA.gov web pages. Some VA.gov web pages may provide additional policy guidance on privacy practices that is compatible with this General Policy. These additional policy guidance documents are called “Limited Privacy Policies.” Please review any appropriate Limited Privacy Policy which may be presented to you prior to submitting your information on any VA.gov web page.
• We will not require you to register or provide personal information to visit the VA.gov website. However, certain areas of our site may require you to register or provide personal information before you are granted access.
• VA.gov does not collect personal information from web users unless the personal information is provided by you. A Limited Privacy Policy will apply in each case where you may provide personal information to VA through our website.
• VA.gov will never sell or rent your personal information to outside parties.
• VA.gov uses web analysis tools (e.g., cookies) for limited uses authorized in this policy.
• This General Policy and each Limited Privacy Policy promotes privacy, confidentiality, security, and responsibility for handling any information collected by VA.gov over the web.

Privacy Act compliance

VA complies with the requirements of the Privacy Act, which protects the personal information that the agency maintains in its “systems of records.” A system of records is any file, database, or program from which personal information about an individual is retrieved by name or another personal unique identifier. The Privacy Act provides safeguards for how your personal information is collected, used, disclosed, stored, and disposed of.

VA systems of records

VA System of Records Notices (SORNs), which describe how information is maintained in each system of records, are available here: Department of Veterans Affairs Privacy Act System of Records Notices.

Note that VA.gov uses your information from VA’s systems of records, but VA.gov itself is not a system of record. It is a platform that uses authorized data to provide secure online services to Veterans, families, caregivers, and other VA users.

Authorized use of VA.gov

VA.gov is a Department of Veterans Affairs computer system. This system—including all equipment, networks, and related devices (including internet access)—is provided for authorized use only.

VA systems may be monitored for lawful purposes, including:

• Ensuring authorized use
• Managing system performance
• Protecting against unauthorized access
• Verifying security procedures
• Maintaining operational security and survivability

During monitoring, information may be reviewed, recorded, copied, and used for authorized purposes.

Restrictions on disclosure

VA.gov will not disclose your personal information to third parties outside VA without your consent, except when necessary to complete your transaction, when acting on your behalf at your request, or when otherwise authorized by law.

Collection of personal information on VA.gov

When VA.gov collects personal information from you online, we will inform you in advance through a Privacy Act Statement included in the applicable Limited Privacy Policy for that page.

The Privacy Act Statement explains:

• Why the information is being collected
• How it will be used
• Whether providing the information is voluntary or required
• The authority that permits VA to collect the information

Any VA.gov web page that collects personal information will include a hyperlink to the Limited Privacy Policy that applies to that web page.

How VA.gov uses your information

VA.gov uses the information you provide to process requests for VA services, benefits, or information. When information is collected, the relevant legal authority will be referenced in the applicable Limited Privacy Policy. This helps ensure transparency about how and why your data is used.

We do not sell, rent, or otherwise provide your personal information to outside marketers. Information collected on VA.gov may be shared with employees, contractors, and other service providers as necessary to respond to a request, provide a service, or as otherwise authorized by law. If appropriate, additional information regarding the use and disclosure of information collected on specific web pages will be posted in the appropriate Limited Privacy Policy for that web page.

Voluntary vs. required information

Providing information on VA.gov is voluntary. However, choosing not to provide certain information may limit VA.gov’s ability to process your request or provide you with specific electronic services. When certain information is required to complete your request, this will be clearly stated in the Limited Privacy Policy for that page. Choosing not to provide optional information will not affect any benefits to which you are entitled.

Information collected and stored automatically

We automatically collect and store the following information about your visit to the VA.gov website:

• General log information. Examples of general log information include but are not limited to: internet domain (for example, “xcompany.com” or “yourschool.edu”), Internet Protocol (IP) address, operating system, the browser used to access our website, the date and time you accessed our site, and the pages that you visited.
• Referral and statistical information where we have links to or from the site you visited. Such data may include aggregate data such as the number of offsite links occurring during a visit to a VA.gov web page. It may also include specific data, such as the identity of the site which you visited immediately before or after our site. We do not use such data to identify you personally.

We use the general log information to help us make VA.gov sites more useful to visitors. We use it to learn about how locations on our site are being used, what information is of most and least interest, and how we can enhance ease of use by ensuring our sites can interface with the types of technology our visitors use. We also use such statistics to tell us of any possible site performance problems. Except for oversight, law enforcement investigations, or protection of the VA information technology infrastructure as authorized by law, no other attempts are made to identify you or your usage habits.

General logs are used for no other purposes than the purposes described above and are scheduled for regular destruction in accordance with General Records Schedules published by the National Archives and Records Administration (NARA) and agency record control schedule requirements.

How VA uses cookies

When you visit certain websites, they send a small piece of information called a “cookie” to your computer along with the web page. This is also true for VA websites. Here is how we use cookies:

• We gather anonymous, statistical information about how people use VA websites so we can improve our website. We use services to measure data about site activity. We only receive statistics on the traffic of the site as a whole and do not receive information related to a particular user.
• We remember your browser when you return to our site, so we do not invite you to participate in our customer satisfaction survey again within 90 days of completing the survey.

Most internet browsers automatically accept cookies. Using cookies on VA websites creates a much better user experience.

We use Session Cookies in the following manner:

• Log-in and log-off process: You do not have to log in and register to browse our site. However, if you decide to register with VA.gov, Session Cookies help with the log-in and log-off process. The cookies enable us to recognize your log-in ID when you log in so that we do not create a duplicate log-in or registration record for you.
• Transactions and site usability: We use Session Cookies to improve how you navigate through our website and conduct transactions. Session Cookies are used to maintain your online session as you browse over several pages, or to store and enter information on a web page so that you do not have to reenter the same information, repetitively. Session Cookies may also be used to collect referral statistics when you click on a link to or from a VA.gov web page.

If you do not want to accept cookies, you can edit your browser’s options to block cookies or to prompt you before accepting a cookie from the websites you visit. Learn how to block cookies

Registration and log in

You are always welcome to use VA.gov without registering or logging in for certain services such as general content browsing, finding VA facilities, and completing forms to apply for health care or education benefits. Other areas of the site that use your personal information and VA records, such as when you save a benefit application for submission later, refill a prescription, use secure messaging with your health care provider, and check the status of claims and appeals will require an email address, password, and additional methods for identification.

Password protection

When you register for a VA.gov account, access to your personal information will be protected by multifactor authentication, which includes an email address, a password, and at least 1 other authentication factor such as a cellular phone that can receive security codes via text message. We strongly recommend that you do not divulge your password to anyone and that you change it on a regular basis, and that you do not share the device used for your additional authentication factor.

Saving passwords by browser

Many internet browsers allow users to save user information, including passwords. When prompted by a browser to save your VA.gov authentication credentials, such as your email address and password, you should decline this option. Saving this information could potentially allow people who gain access to a shared workstation to access your personal information, although you are protected to some extent in this case by the VA.gov requirement for multifactor authentication before accessing your personal information.

Logging out

Please remember to log out when you are finished using personalized VA.gov services. Logging out prevents someone else from accessing your personal information if you leave, share, or use a public computer (located, for example, in a library or an internet cafe) and your session hasn’t automatically “timed out” or shut down. You should remember to log out. If you forget to log out or 30 minutes of non-activity pass, the session will time out.

Digital Analytics Program

We participate in the Digital Analytics Program, a government-wide analytics tool for federal agencies. As part of this participation, this website uses Google Analytics Premium. Refer to the following policies on Google’s website for more information:

• Google’s main privacy policy
• Cookies and Google Analytics on websites
• Opt out of Google Analytics cookies

Security

In those instances where we secure your personal information in transit to us over the internet, and upon our receipt, VA.gov uses industry-standard encryption, including Secure Socket Layer (SSL). The connection icon area on your browser will change to “https” instead of “http” when this security feature is invoked. Your browser may also display a lock symbol on the task bar at the bottom of your screen to indicate this secure transmission is in place. You should refer to the instructions for your internet browser software to determine how to examine the security certificate from our website to verify the security of the connection.

For site security purposes and to ensure that VA.gov web pages remain available to all users, VA employs software programs to monitor network traffic in order to identify unauthorized attempts to upload or change information or otherwise cause damage. Except for oversight or authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy.

Unauthorized attempts or acts to (1) access, upload, change, or delete information on this system; (2) modify this system; (3) deny access to this system; or (4) accrue resources for unauthorized use on this system, are strictly prohibited and may be considered violations subject to criminal, civil, or administrative penalties.

VA.gov takes the security of all personally identifiable information we receive very seriously. We implement various measures to protect the security and confidentiality of personally identifiable information. Such measures include access controls designed to limit access to personally identifiable information to the extent necessary to accomplish our mission. We also employ various security technologies to protect personally identifiable information stored on our systems. We test our security measures periodically to ensure that they remain operational.

Links to other sites

VA.gov provides access to other websites outside our control and jurisdiction. When you click on a link to these websites, you leave our website, and your communications no longer are protected by our privacy policies. VA is not responsible for the privacy practices or the content of non-VA websites. We encourage you to review the privacy policy or terms and conditions of those sites to fully understand what information is collected and how it is used.

Contact VA Privacy Service

Let us know if you have any questions or concerns regarding our privacy policy or use of your information.

You can contact us in any of these ways:

• Email us at [email protected]
• Call us at
• Contact us at this address:

Department of Veterans Affairs
Privacy Service
810 Vermont Avenue
N.W. (005X6F) Washington, DC 20420

Your inquiry will be treated confidentially and will not be shared with third parties, except as necessary to respond to your inquiry and for other purposes as authorized by the Privacy Act and other relevant legal authorities.

The VA Privacy Service works to minimize the impact on Veterans’ privacy, particularly Veterans’ personal information and dignity, while achieving the mission of the Department of Veteran Affairs.

VA Privacy Service

Privacy Service

Web policies

Privacy policies, procedures, and regulations

Privacy Impact Assessments (PIAs)

System of Records Notices (SORNs)

Account policies

ID.me privacy policy

Login.gov privacy policy

VA.gov online services terms of use

Other VA policies

Veterans Crisis Line privacy and security

Veterans Crisis Line text terms of service

Digital notifications terms and conditions

Vulnerability Disclosure Policy

Federally required links

Freedom of Information Act (FOIA)

No FEAR Act

Office of Inspector General

USA.gov

White House