Privacy Policy

Last Updated: March 11, 2026

What Information We Collect

Information You Provide:

• Condition/disability information: Details about the condition you're claiming
• Service connection details: Including service locations, dates, and circumstances
• Current symptoms: Your current functional limitations and symptoms
• Treatment history: Medical treatment information (optional)
• Contact preferences: How you'd like to be contacted

Automatically Detected Information:

• Service locations: We detect mentions of EPA Superfund sites (e.g., Camp Lejeune)
• Chemical exposures: We detect mentions of common military exposures (e.g., burn pits, Agent Orange)
• Applicable regulations: We identify relevant VA regulations (CFR 38 sections)

Technical Information:

• IP address: For rate limiting and abuse prevention only
• Browser type and version: To ensure compatibility
• Usage timestamps: To analyze service usage patterns

Medical Records Upload (Optional Feature)

How Medical Records Upload Works:

StoryLine VA offers an optional feature to upload medical records (PDFs, images) so the AI can reference your actual diagnoses, treatment dates, and medical terminology when generating documents.

Processing Steps:

• Step 1 — File Processing (In Your Browser): When you upload a file, it is read and processed entirely within your web browser using open-source libraries (PDF.js for PDFs, Tesseract.js for image OCR). Your files are never transmitted to our servers.
• Step 2 — PII Scrubbing (In Your Browser): Before any text leaves your browser, we automatically detect and remove Social Security Numbers, phone numbers, email addresses, and similar personally identifiable information.
• Step 3 — Your Consent (In Your Browser): You can review exactly what extracted text will be sent. You must explicitly consent before any data is transmitted.
• Step 4 — AI Generation (Transient): Only extracted text (not original files) is sent to our server as part of the document generation request. This text is passed to the AI and is not stored in any database, file storage, or logging system.
• Step 5 — Immediate Disposal: After your document is generated, extracted medical records text is discarded. It exists only during the single API request.

What We Collect From Medical Records:

• Original files: NEVER collected, stored, or transmitted to our servers
• Extracted text: Processed transiently for document generation only — never stored
• Metadata: We log only that records were uploaded (yes/no) and character count — never content

Third-Party Processing of Medical Records:

• Anthropic (Claude AI): Extracted text is included in the AI prompt sent to Anthropic's API. Per Anthropic's API data policy, inputs are not used for model training and are not stored after processing.
• PDF.js (Mozilla): Open-source library that runs entirely in your browser. No data is sent to Mozilla.
• Tesseract.js: Open-source OCR library that runs entirely in your browser. No data is sent externally.

How We Use Your Information

Generate Your Statement:

We use your provided information to generate a VA-compliant personal statement through AI assistance.

Enhance Your Documentation:

We automatically detect mentions of:

• Publicly-known contaminated military sites (EPA Superfund database)
• Common military chemical exposures (OSHA databases)
• Applicable VA regulations (Title 38 CFR)

This detection provides you with relevant supporting documentation including regulatory references and medical research citations.

Ensure Compliance:

Your statement is automatically checked to remove medical diagnoses and legal advice that could harm your claim.

Improve Our Service:

We analyze aggregated, anonymized usage patterns to improve StoryLine VA.

Prevent Abuse:

We use IP addresses and usage data to prevent system abuse and ensure fair access for all veterans.

Research Enhancement

We may automatically detect publicly-known exposures or contaminated sites mentioned in your information (such as service locations or chemical exposures) and provide relevant references from public databases including:

• Title 38 Code of Federal Regulations (CFR)
• EPA Superfund Sites database
• OSHA chemical exposure databases
• Peer-reviewed medical research (citations only)

This automated detection helps strengthen your claim by identifying relevant regulations and supporting documentation. No additional personal information is collected or shared.

Data Storage and Security

How Long We Keep Your Data:

• Personal statements: Not stored after generation
• Usage data: Anonymized and aggregated for up to 90 days
• Rate limiting data: Stored for 24-48 hours only

Security Measures:

• All data transmitted using industry-standard encryption (HTTPS/TLS)
• Data processed in secure cloud infrastructure (Cloudflare Workers)
• No permanent storage of personal health information
• Regular security audits and updates

Third-Party Services

We use the following third-party services:

• Anthropic (Claude AI): AI model for statement generation. Your data is sent to Anthropic's API for processing but not stored by them. See Anthropic's privacy policy.
• Cloudflare: Hosting and security services. See Cloudflare's privacy policy.

Your Rights

You have the right to:

• Access: Request information about data we've collected
• Deletion: Request deletion of your data (we don't store statements long-term)
• Correction: Correct any inaccurate information
• Opt-out: Stop using the service at any time

Children's Privacy

StoryLine VA is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last Updated" date at the top of this policy.

Contact Us

← Back to Home