Privacy Policy

Last updated: March 9, 2026

ClaimDuty is operated by ClaimDuty LLC, a veteran-owned company based in the United States. This policy explains what data we collect, how we use it, and your rights as a user. We wrote this in plain language so you can understand exactly what happens with your information.

1. Information We Collect

We collect the following types of information when you use ClaimDuty:

  • Account information: Your name, email address, and password when you create an account.
  • Military and medical information: Branch of service, service dates, current disability rating, conditions, symptoms, and service history that you choose to enter.
  • Generated documents: Personal statements, buddy letters, and other documents created using our AI tools.
  • Uploaded files: Documents you upload for analysis, such as VA Recordss or decision letters.
  • Usage data: Pages visited, features used, and general interaction patterns. We do not use advertising trackers.
  • Payment information: Processed by Stripe. We never see or store your credit card number.

We do not collect geolocation data, contacts, or financial information beyond what is needed for payment processing.

2. How We Use Your Information

  • To provide our services, including ClaimDuty AI document generation and condition research.
  • To manage your account and process payments.
  • To send you service-related emails (account confirmation, password resets, subscription updates).
  • To improve our tools and fix bugs.
  • To enforce our terms of service and protect against misuse.

We do not use your data for targeted advertising. We do not use your data for any transactions that could involve monetary benefit to us beyond the subscription fees you pay.

3. AI Processing

When you use our AI features, your input is sent to Microsoft Azure OpenAI for processing. This data is used only to generate your response and is not stored by Microsoft beyond the duration of the request. Microsoft does not use your data to train their AI models. Our Azure OpenAI service is covered under a HIPAA Business Associate Agreement.

4. Data Sharing and Third Parties

We do not sell your personal information. Period. We do not sell, rent, trade, or otherwise monetize your data in any form, including de-identified, anonymized, or pseudonymized data.

We share data only with the following service providers, and only as needed to operate ClaimDuty:

  • Microsoft Azure (cloud hosting, database, AI processing, and email delivery) — hosts our entire application stack. Covered under Microsoft's HIPAA Business Associate Agreement and operating on FedRAMP-authorized infrastructure.
  • Stripe (payment processing) — handles subscription billing. Stripe receives only payment-related data and never sees your health information.

Each provider is contractually bound to the same commitments we make to you. They may not use or disclose your information for any purpose other than providing their service to ClaimDuty. Third-party use or disclosure of your information is prohibited without your consent.

We may also share data when required by law, court order, or to protect our legal rights.

5. Data Storage, Security, and Infrastructure

ClaimDuty runs entirely on Microsoft Azure, a HIPAA-eligible cloud platform operating on FedRAMP High authorized infrastructure. We take veteran data privacy seriously.

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
  • Encryption at rest: All stored data, including uploaded documents and generated statements, is encrypted at rest using AES-256.
  • HIPAA Business Associate Agreement: Microsoft Azure is covered under a BAA through Microsoft's enterprise Data Protection Agreement, which satisfies the HIPAA requirement for Business Associate coverage of cloud service providers.
  • FedRAMP-authorized infrastructure: Azure holds FedRAMP High authorization, the highest level for U.S. government cloud systems. ClaimDuty's application is hosted on this infrastructure.
  • Geo-redundant backups: Your data is automatically backed up across multiple U.S. geographic regions, ensuring availability and durability.
  • Access control: Production systems are accessible only to authorized personnel. All document access is logged and auditable.
  • Web Application Firewall: Azure Front Door WAF protects against injection attacks, cross-site scripting, and automated threats.

5a. Protected Health Information (PHI)

ClaimDuty processes information that may constitute Protected Health Information (PHI) under HIPAA, including medical conditions, disability ratings, treatment history, and uploaded medical documents. We handle this information with the following protections:

  • PHI is stored exclusively on HIPAA-eligible Microsoft Azure infrastructure within the United States.
  • PHI is never shared with third parties for marketing, advertising, or any purpose beyond operating the service you requested.
  • AI processing of your health information is performed by Microsoft Azure OpenAI, covered under Microsoft's HIPAA BAA. Microsoft does not retain your data or use it to train AI models.
  • Access to PHI is logged and restricted to you and, in limited cases, authorized ClaimDuty personnel for support purposes.
  • You have the right to access, correct, and delete your PHI at any time. See Section 7 for instructions.

6. Data Retention

We retain your data as follows:

  • Active accounts: Your data is retained for as long as your account is active.
  • Dormant accounts: If your account is inactive for 24 months, we will notify you by email before taking any action. You will have 30 days to reactivate. After that period, your data may be deleted.
  • Deleted accounts: When you request account deletion, we permanently delete 100% of your data, including all generated documents, uploaded files, profile information, and any non-VA data you shared with us. Deletion is completed within 45 days of your request.
  • Payment records: Stripe retains transaction records as required by financial regulations, separate from your ClaimDuty account data.

7. Your Rights and Data Deletion

You have the right to:

  • Access your data: View all information we have about you through your profile settings.
  • Update your data: Edit your profile and account information at any time.
  • Export your data: Download your generated documents and profile information.
  • Delete your data: Request permanent deletion of your account and all associated data. To delete your account, email info@claimduty.com with the subject line “Delete My Account.” We will confirm your identity and complete deletion within 45 days.

8. Data Breach Notification

If we discover a security breach that affects your personal information or PHI, we will:

  • Notify you by email within 72 hours of becoming aware of the breach, consistent with HIPAA Breach Notification Rule requirements.
  • Describe the nature of the breach, the specific types of data involved, and the approximate number of individuals affected.
  • Explain the steps we are taking to contain the breach and prevent future occurrences.
  • Provide specific instructions for any protective action you may need to take.

Breaches involving PHI will also be reported to the U.S. Department of Health and Human Services as required by law. For breaches affecting 500 or more individuals in a state, we will also notify prominent media outlets in that state as required.

To report a suspected security issue, email support@claimduty.com with the subject line “Security Issue.”

9. Business Transfers

If ClaimDuty LLC is acquired, merges with another company, or sells its business, we will notify you by email before any transfer of your data. In that event, you will have the option to:

  • Download and export all of your data before the transfer.
  • Close your account and have your data permanently deleted.

Any new owner or entity will be required to honor the commitments in this privacy policy or provide you with notice of changes before they take effect.

10. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

11. Children's Privacy

ClaimDuty is not intended for use by individuals under 18 years of age. We do not knowingly collect data from anyone under 18.

12. Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. For significant changes that affect how we use or share your data, we will notify you by email at least 30 days before the changes take effect. Your continued use of ClaimDuty after changes are posted means you accept the updated policy.

13. Contact Us

If you have questions about this policy or want to exercise any of your data rights, contact us at info@claimduty.com.

ClaimDuty LLC

Terms of Service·Home

Scout

VA Claims Assistant

Hey! I'm Scout, your VA claims assistant. I can help with questions about conditions, ratings, secondary connections, C&P exams, and more. What can I help you with?

Powered by ClaimDuty AI · Not legal or medical advice