- Protecting web user privacy,
- Maintaining the confidentiality of web user data, and
- Ensuring appropriate levels of security for web user data
This policy describes how VA applies these principles to the handling of personal information you provide to us via VA.gov web pages and forms. Personal information may include your name; email, home, and/or business address; phone numbers; Social Security number; or other information that identifies you personally.
- We will not require you to register or provide personal information in order to visit the VA.gov website. However, certain areas of our site may require you to register or provide personal information before you will be granted access.
- VA.gov will never sell or rent your personal information to outside parties.
- VA.gov uses web analysis tools (e.g., cookies) for limited uses authorized in this policy.
Privacy Act rights
VA follows the requirements of the Privacy Act, which protects your personal information that VA maintains in “systems of records.” A system of records is a file, database, or program from which personal information is retrieved by name or other personal identifier. The Privacy Act provides a number of protections for your personal information. These typically include how information is collected, used, disclosed, stored, and disposed. VA System of Records Notices are available at: Department of Veterans Affairs Privacy Act Systems of Records. VA.gov is a platform that uses your data from VA Systems of Record and is itself not a system of record.
VA.gov is a Department of Veterans Affairs computer system. This computer system, including all related equipment, networks, and network devices (specifically including Internet access) are provided only for authorized uses. VA computer systems may be monitored for all lawful purposes, including ensuring that their use is authorized, managing the system, protecting against unauthorized access, and verifying security procedures, survivability, and operational security. During monitoring, information may be examined, recorded, copied, and used for authorized purposes.
VA.gov will not disclose your personal information to third parties outside VA without your consent, except to facilitate the transaction, to act on your behalf at your request, or as authorized by law.
Information collected and stored automatically
VA.gov automatically collects certain information about your visit to VA.gov web pages. We limit the data collected to meet specific business needs and to protect your privacy. We may know what path(s) you took on our websites, but we don’t know who you are. We do not use this information to identify you personally without your express consent and an authorized purpose.
We automatically collect and store the following information about your visit to the VA.gov website:
- General log information. Examples of general log information include, but are not limited to: Internet domain (for example, “xcompany.com” or “yourschool.edu”); Internet Protocol (IP) address; operating system; the browser used to access our website; the date and time you accessed our site; and the pages that you visited.
- Referral and statistical information where we have links to or from the site you visited. Such data may include aggregate data such as the number of offsite links occurring during a visit to a VA.gov web page. It may also include specific data, such as the identity of the site which you visited immediately before or after our site. We do not use such data to identify you personally.
We use the general log information to help us make VA.gov sites more useful to visitors. We use it to learn about how locations on our site are being used, what information is of most and least interest, and how we can enhance ease of use by ensuring our sites can interface with the types of technology our visitors use. We also use such statistics to tell us of any possible site performance problems. Except for oversight, law enforcement investigations, or protection of the VA information technology infrastructure as authorized by law, no other attempts are made to identify you or your usage habits.
General logs are used for no other purposes than the purposes described above, and are scheduled for regular destruction in accordance with General Records Schedules published by the National Archives and Records Administration (NARA) and agency record control schedule requirements.
When you visit certain websites, they send a small piece of information called a “cookie” to your computer along with the web page. This is also true of VA.gov.
There are two kinds of cookies.
- A Session Cookie is a line of text that is stored temporarily in your computer’s random access memory (RAM). A Session Cookie is destroyed as soon as you close your browser.
We use Session Cookies in the following manner:
- Log-in and log-off process: You do not have to log in and register to browse our site. However, if you decide to register with VA.gov, Session Cookies help with the log-in and log-off process. The cookies enable us to recognize your log-in ID when you log in so that we do not create a duplicate log-in or registration record for you.
- Transactions and site usability: We use Session Cookies to improve how you navigate through our website and conduct transactions. Session Cookies are used to maintain your online session as you browse over several pages, or to store and enter information on a web page so that you do not have to reenter the same information, repetitively. Session Cookies may also be used to collect referral statistics when you click on a link to or from a VA.gov web page.
Registration and log in
You are always welcome to use VA.gov without registering or logging in for certain services such as general content browsing, finding VA facilities, and completing forms to apply for health care or education benefits. Other areas of the site that use your personal information and VA records, such as when you save a benefit application for submission later, refill a prescription, use secure messaging with your health care provider, and check the status of claims and appeals will require an email address, password, and additional methods for identification.
When you register for a VA.gov account, access to your personal information will be protected by multifactor authentication, which includes an email address, a password, and at least one other authentication factor such as a cellular phone that can receive security codes via text message. We strongly recommend that you do not divulge your password to anyone and that you change it on a regular basis, and that you do not share the device used for your additional authentication factor.
Saving of passwords by browser
Many Internet browsers allow users to save user information, including passwords. When prompted by a browser to save your VA.gov authentication credentials such as your email address and password, you should decline this option. Saving this information could potentially allow persons who gain access to a shared workstation to access your personal information, although you are protected to some extent in this case by the VA.gov requirement for multifactor authentication before accessing your personal information.
Please remember to log out when you are finished using personalized VA.gov services. Logging out prevents someone else from accessing your personal information if you leave, share, or use a public computer (located, for example, in a library or an Internet cafe) and your session hasn’t automatically “timed out” or shut down. You should remember to log out. If you forget to log out or 30 minutes of non-activity pass, the session will time out.
Digital analytics program
We participate in the Digital Analytics Program, a government-wide analytics tool for federal agencies. As part of this participation, this website uses Google Analytics Premium. Please refer to the following policies on Google’s website for more information:
- Cookies & Google Analytics on Websites
- Opt out of Google Analytics Cookies
In those instances where we secure your personal information in transit to us over the Internet, and upon our receipt, VA.gov uses industry-standard encryption, including Secure Socket Layer (SSL). The connection icon area on your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked. Your browser may also display a lock symbol on the task bar at the bottom of your screen to indicate this secure transmission is in place. You should refer to the instructions for your particular Internet browser software to determine how to examine the security certificate from our website to verify the security of the connection.
For site security purposes and to ensure that VA.gov web pages remain available to all users, VA employs software programs to monitor network traffic in order to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for oversight or authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy.
Unauthorized attempts or acts to (1) access, upload, change, or delete information on this system, (2) modify this system, (3) deny access to this system, or (4) accrue resources for unauthorized use on this system, are strictly prohibited and may be considered violations subject to criminal, civil, or administrative penalties.
VA.gov takes the security of all personally identifiable information we receive very seriously. We implement various measures to protect the security and confidentiality of personally identifiable information. Such measures include access controls designed to limit access to personally identifiable information to the extent necessary to accomplish our mission. We also employ various security technologies to protect personally identifiable information stored on our systems. We test our security measures periodically to ensure that they remain operational.
Links to other sites
Contact VA Privacy Service
Your inquiry will be treated confidentially and will not be shared with third parties, except as necessary to respond to your inquiry and for other purposes as authorized by the Privacy Act and other relevant legal authority.
The VA Privacy Service works to minimize the impact on Veterans’ privacy, particularly Veterans’ personal information and dignity, while achieving the mission of the Department of Veteran Affairs.
Last reviewed on April 28, 2022
VA privacy service
Other VA policies
Digital notifications terms and conditions
Vulnerability Disclosure Policy
Federally required links
Freedom of Information Act (FOIA)
No FEAR Act
Office of Inspector General