PRIVACY POLICY

Veteran Claims LLC

Effective Date: March 20, 2026

Last Updated: April 21, 2026

────────────────────────────────────────────────────────────────

1. INTRODUCTION

Veteran Claims LLC ("Company," "we," "us," or "our") is committed to protecting the privacy and personal information of our clients, including veterans and their families. This Privacy Policy explains how we collect, use, disclose, and safeguard your information — including Protected Health Information (PHI) — when you use our services or visit our website.

We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164), the Florida Information Protection Act (FIPA), and all other applicable federal and state privacy laws.

Please read this policy carefully. By using our services, you consent to the practices described herein. A separate Notice of Privacy Practices (NPP) governing our use and disclosure of your Protected Health Information is provided at the time of engagement and is available upon request.

────────────────────────────────────────────────────────────────

2. INFORMATION WE COLLECT

We may collect the following categories of information:

a. Personal Identification Information

Full name, date of birth, Social Security Number, contact information (address, phone number, email address), and military service information (branch, dates of service, discharge status, DD-214).

b. Protected Health Information (PHI)

Medical records, disability ratings, treatment histories, mental health records, clinical notes, nexus letters, Independent Medical Opinions (IMOs), and any other health-related documentation provided in connection with your VA claim. This information is governed by HIPAA and handled accordingly.

c. Financial Information

Income information, direct deposit details, and other financial records required for benefits processing.

d. Communications

Records of correspondence, calls, emails, or messages between you and Veteran Claims LLC.

e. Technical Information

IP address, browser type, device identifiers, and usage data collected when you visit our website.

────────────────────────────────────────────────────────────────

3. HOW WE USE YOUR INFORMATION

We use collected information to:

- Prepare, file, and manage VA disability claims and appeals on your behalf

- Communicate with the Department of Veterans Affairs and related federal and state agencies

- Coordinate with medical providers for nexus letters, IMOs, and supporting documentation

- Respond to your inquiries and provide client support

- Comply with legal, regulatory, and HIPAA obligations

- Conduct internal quality assurance and improve our services

- Send relevant updates about your claim or our services

We apply the HIPAA Minimum Necessary Standard — we use, disclose, and request only the minimum amount of PHI necessary to accomplish the intended purpose.

We do not use your personal or health information for marketing purposes without your explicit written authorization.

────────────────────────────────────────────────────────────────

4. HIPAA COMPLIANCE

a. Covered Information

Veteran Claims LLC handles Protected Health Information (PHI) as defined under HIPAA. PHI includes any individually identifiable health information relating to your past, present, or future physical or mental health condition, healthcare, or payment for healthcare.

b. Notice of Privacy Practices (NPP)

We maintain a Notice of Privacy Practices as required by the HIPAA Privacy Rule. The NPP describes in detail how we may use and disclose your PHI and your rights with respect to that information. The NPP is provided to you at the time of engagement and is available at any time upon request by contacting us at [email protected].

c. Authorization

We will not use or disclose your PHI for purposes beyond treatment, payment, and healthcare operations — or as otherwise permitted by HIPAA — without your written authorization. You may revoke any authorization at any time in writing, subject to actions already taken in reliance on that authorization.

d. Minimum Necessary Standard

We limit our use, disclosure, and requests for PHI to the minimum necessary to fulfill the purpose of the use or disclosure, consistent with 45 C.F.R. § 164.502(b).

e. Business Associates

We may share PHI with third-party service providers ("Business Associates") who perform functions on our behalf, such as document management, secure communications, or technology services. All Business Associates are required to execute a Business Associate Agreement (BAA) and are contractually obligated to safeguard your PHI in compliance with HIPAA.

f. Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and within sixty (60) calendar days of discovering the breach, as required by the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414). In compliance with the Florida Information Protection Act (FIPA), notification will also be provided within thirty (30) calendar days where FIPA applies. Notification to the U.S. Department of Health and Human Services (HHS) will be made as required by law.

────────────────────────────────────────────────────────────────

5. DISCLOSURE OF YOUR INFORMATION

We may share your information with:

a. Government Agencies

The U.S. Department of Veterans Affairs, Social Security Administration, and other federal or state agencies as required to process your claim.

b. Medical Providers

Physicians, psychologists, and other healthcare professionals involved in preparing supporting documentation for your claim, pursuant to your authorization.

c. Service Providers / Business Associates

Third-party vendors who assist in operating our business (e.g., document management, secure communications, IT services), subject to confidentiality agreements and, where applicable, Business Associate Agreements.

d. Legal and Compliance

Law enforcement or regulatory authorities when required by law, subpoena, or court order, or when necessary to prevent serious harm.

e. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, which will be required to honor this Privacy Policy.

We do not sell, rent, or trade your personal information or PHI to third parties for their marketing purposes.

────────────────────────────────────────────────────────────────

6. YOUR HIPAA AND PRIVACY RIGHTS

As our client, you have the following rights with respect to your PHI and personal information:

a. Right to Access

You may request access to and copies of your PHI and personal information maintained by us. We will respond within thirty (30) days of your request.

b. Right to Amend

You may request that we correct or amend inaccurate or incomplete PHI. We may deny the request under certain circumstances as permitted by HIPAA, and will provide a written explanation if denied.

c. Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your PHI, as provided under 45 C.F.R. § 164.528.

d. Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. We are not always required to agree, but will notify you of our decision.

e. Right to Confidential Communications

You may request that we communicate with you through alternative means or at an alternative location.

f. Right to Withdraw Authorization

You may revoke any written authorization you have provided at any time, in writing, subject to actions already taken in reliance on the authorization.

g. Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us at [email protected] or with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr. We will not retaliate against you for filing a complaint.

────────────────────────────────────────────────────────────────

7. DATA SECURITY

We implement administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements (45 C.F.R. §§ 164.302–318) to protect your PHI and personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

- Encrypted data storage and transmission

- Access controls limited to authorized personnel on a need-to-know basis

- Workforce training on HIPAA policies and procedures

- Secure document handling and retention protocols

- Regular risk assessments

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using industry-standard practices.

────────────────────────────────────────────────────────────────

8. RETENTION OF INFORMATION

We retain PHI and personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations (including HIPAA's six-year retention requirement for privacy-related policies and records), resolve disputes, and enforce our agreements. VA claims-related records are retained for a minimum of seven (7) years following resolution of your claim, or longer as required by applicable law.

────────────────────────────────────────────────────────────────

9. FLORIDA INFORMATION PROTECTION ACT (FIPA)

In addition to HIPAA, we comply with the Florida Information Protection Act (Fla. Stat. § 501.171). In the event of a breach of personal information as defined under FIPA, we will notify affected Florida residents within thirty (30) calendar days of determining that a breach has occurred. We will also notify the Florida Department of Legal Affairs if the breach affects 500 or more Florida residents.

────────────────────────────────────────────────────────────────

10. CHILDREN'S PRIVACY

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information or PHI from minors. If you believe we have collected information from a minor, please contact us immediately at [email protected].

────────────────────────────────────────────────────────────────

11. CHANGES TO THIS POLICY

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via our website or direct notification. We will update the "Last Updated" date at the top of this policy. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

────────────────────────────────────────────────────────────────

12. CONTACT US

For questions, requests, or complaints regarding this Privacy Policy or your privacy rights:

Veteran Claims LLC

5172 Vizcaya St

Ave Maria, FL 34142

Email: [email protected]

Website: www.veteranclaims.com

To file a complaint with the federal government:

U.S. Department of Health and Human Services

Office for Civil Rights

www.hhs.gov/ocr

────────────────────────────────────────────────────────────────

ATTORNEY REVIEW NOTE: This document is a draft template. It should be reviewed and finalized by a licensed attorney familiar with HIPAA, FIPA, and VA claims regulations before publication or client distribution.

────────────────────────────────────────────────────────────────