Legal
Privacy Policy
Effective Date: April 2, 2026 · Last Updated: April 2, 2026
The short version: Your PDF is processed in your browser — it never reaches our servers as a file. We do not store your medical records, your analysis results, or any personally identifiable information beyond what is strictly required to process your payment and deliver your report.
1. Who We Are
VeteranCalc is a service operated by Delvir LLC ("Delvir," "we," "our," or "us"). If you have questions about this Privacy Policy, please contact us at team@delvir.co.
2. Information We Collect
Information you provide:
- Medical record text: When you upload a PDF, your browser extracts the text locally using pdf.js. That extracted text is transmitted to our servers solely to perform the AI analysis and is never written to disk or stored in any database.
- Payment information: When you purchase a full report, your payment is processed by Stripe. Delvir never sees, stores, or has access to your credit card number or other payment credentials.
Information collected automatically:
- Standard web server logs may capture your IP address, browser type, and referring URL for security and diagnostic purposes. These logs are retained for no more than 30 days and are not used for marketing purposes.
3. How We Use Your Information
We use the information we collect exclusively to:
- Perform the AI-powered disability analysis on your uploaded medical record text.
- Generate and deliver your paid report upon successful payment.
- Temporarily store your extracted record text and the resulting report in our database (Neon Postgres, encrypted at rest) only as long as needed to verify payment, generate, and deliver your report — at most 24 hours — after which it is automatically and permanently deleted. Your report is deleted immediately upon your first retrieval.
- Diagnose technical errors and maintain the security and integrity of the Service.
4. What We Do Not Do
- We do not retain your military medical records or health information after your report is delivered — any text stored transiently during processing is automatically deleted (at most 24 hours).
- We do not sell, rent, lease, or share your personal information with any third party for marketing or commercial purposes.
- We do not use your data to train AI models.
- We do not retain your analysis results after your report is delivered.
- We do not use cookies for tracking or advertising.
5. Third-Party Service Providers
- Anthropic: We transmit your extracted medical record text to Anthropic's API to generate the disability analysis. Anthropic does not use API inputs to train its models by default.
- Stripe: Payment processing under their own privacy policy.
- Neon: Serverless Postgres database used for transient, encrypted-at-rest storage of your extracted record text and report while your analysis is processed. Automatically deleted within 24 hours or upon first retrieval.
- Vercel: Web hosting and serverless function execution.
6. Data Security
All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). Your extracted medical record text is stored only transiently in our database (encrypted at rest) while your report is generated, then permanently deleted. No method of transmission or storage over the Internet is 100% secure, but we apply commercially reasonable measures to protect your information.
7. Data Retention
- Medical record text: Stored transiently in our database (encrypted at rest) only until your report is generated and delivered (at most 24 hours), then permanently deleted. Not used to train AI; never sold.
- Report data: Stored transiently in Neon Postgres for a maximum of 24 hours, deleted upon your first retrieval.
- Server logs: Retained for up to 30 days, then automatically purged.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, delete, or correct personal information we hold. Given our minimal data retention practices, there is typically no personally identifiable information stored that would be subject to these requests. To submit a privacy request, contact us at team@delvir.co.
9. Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy.