VA Web and Mobile App Privacy Policy

VA Web and Mobile App Privacy Policy

About Federal Web Data Privacy Protection

All U.S. Federal web pages that you view, or interact with, in a browser must comply with a set of general rules to protect your private data. These include all pages in the .gov domain, including web sites like this one on, and the VA Web apps (apps that run on any device in a browser), and VA Mobile apps that run on Apple or Android devices, listed in the VA App Store. These rules include:

  • Rules under the Privacy Act rights
  • Information collected and stored automatically
  • Use of cookies and tracking technologies
  • Registration and log in
  • Password protection
  • Saving of passwords by browser
  • Logging out
  • Information sharing
  • Digital analytics

You can read more about how the VA Privacy Services addresses these issues, here:

About Google Analytics

Veterans Health Administration (VHA) Office of Connected Care (OCC) apps do not employ Google Analytics. These are apps in the VA App Store that have VA Health in their logo.

Some Federal agencies may participate in the Digital Analytics Program (DAP). As part of this program, Federal web sites may analyze their web traffic with Google Analytics 360 tools. DAP forbids passing any personally identifiable information -- including health information -- to Google Analytics. Information is "anonymized" (scrambled) before Google Analytics receives it. Users can receive recommendations related to personal privacy by accessing the Google Privacy Checkup. Google Analytics also has an opt-out tool to prevent sharing of information from web browsers.

About VA Apps Privacy Protection

In addition to the general federal rules listed above, The VA's Privacy Service ensures that all VA online applications listed on the VA App Store comply with rules specific to web or mobile apps. These rules include:

  • Passing data to or from the VA, like health records.
  • Terms protecting private data are included in the End User License Agreement (EULA)
  • How a device may store private data

You can read an overview of these topics from an app developer's perspective, here: Privacy and Application Data Security.

Protecting Personal Health Information

The Veterans Health Administration (VHA) also ensures that the apps developed by the Office of Connected Care OCC further protect your personal health information. Apps with the padlock symbol on their app logos protect any online exchange by requiring they must occur over a secure connection within the VA network. Veterans and their designated Caregivers typically need a DS-Logon, ID.ME or My HealtheVet subscription to satisfy this requirement. VA Providers and Staff must be logged into the VA network via their Personal Identification Verification (PIV) card to review any user data.

About Third Party Apps Privacy Protection

The VA App Store includes apps from three sources: Veterans Health Administration (VHA) Office of Connected Care (OCC) apps, VA-Sponsored apps, and suggested Third Party Apps. (See OCC App Ownership for more information about these app types. Third Party apps are only recommendations: VA does not test them.) The VA Privacy Services office tests and certifies that OCC apps and VA-Sponsored apps have passed its rules to ensure that the apps cannot reveal private information to unapproved parties.