Skip to main content
Back to Home

Privacy Policy

Last updated May 2026

OUR COMMITMENT

Pathfinders handles veterans' sensitive information. We never sell your data to advertisers. We only collect what is needed for the service you signed up for, plus anything you explicitly opt into via the consent controls in Settings. You can revoke optional consents at any time.

1. What We Collect

We collect: your email address (account), name (when provided), military service information (branch, dates, MOS) that you voluntarily share for claim matching, condition descriptions you share with the chat or consultation form, payment information (handled by Stripe — we never see card numbers), and basic technical metadata (IP address, user agent) used for security and compliance logging.

We never collect Social Security numbers or VA file numbers. The chat and research tools automatically detect and redact these patterns from your input before processing.

2. Three Consents

Pathfinders uses a multi-consent model. Each consent is recorded as its own opt-in event with the version of this policy you agreed to.

  • Primary use (required): we use your information to deliver the service — match you to an accredited claims agent, prepare your consultation, operate Pathfinders.
  • Research & training (optional): we use anonymized information to improve our AI, study aggregate veteran outcomes, and publish aggregate insights. We never include identifying details.
  • Third-party sharing (optional): we may share information with vetted research partners, foundations, or — in the event of a corporate transaction — an acquirer.

Manage consents at Settings → Privacy & Consent. Revoking a consent stops the future use immediately but does not retroactively delete past uses that occurred while the consent was active.

3. How We Use Your Information

Operating the service: account creation, authentication, matching you to a consultation, recordkeeping for accredited representation engagements, payment processing, support.

AI processing: the chat assistant and the Research Desk send your queries to Anthropic's Claude API to generate responses. AI claim strategy generation is gated to accredited claims agents only — your personal facts are not sent to the AI for strategy generation unless you are engaged with an accredited agent or partner-firm reviewer.

Notifications: we send emails for invites, consultation routing, and engagement-related updates via Resend.

4. Partner Organization Data Sharing

When you request a consultation and your case is routed to a partner law firm or partner VSO organization (with or by your selection), the contents of your consultation request — name, contact information, claim summary, service summary, and prior decisions — are shared with that organization so they can offer representation. The receiving organization handles the information under their own privacy policy and engagement letter.

We log every routing decision in our audit log (see Section 6).

5. AI Vendors and Subprocessors

Anthropic (Claude API): processes your queries for the chat assistant and the Research Desk, and processes your claim materials during accredited representation strategy generation. Voyage AI: generates embeddings of the regulations knowledge base and reranks search results. Stripe: payment processing. Supabase: database and authentication. Sentry: error monitoring. Langfuse: AI request observability. Resend: transactional email delivery. Cloudflare Turnstile (when enabled): bot protection on signup.

6. Audit Logging

For compliance and accountability, we maintain an append-only audit log of material actions: AI strategy generations, consent grants and revocations, organization membership changes, and consultation routing events. The log is accessible to CODEXr administrators and to authorized organization administrators for their own organization's events.

7. Data Retention and Deletion

You can delete your account from Settings → Danger Zone. Account deletion removes your personal account record and associated claim data. Records that we are required to retain for regulatory purposes (e.g. accredited representation engagement records, audit log entries) are retained as required by law.

[WSGR FINAL — placeholder]

Retention periods per record type; treatment of strategy work product after accredited representation ends; coordination with VA recordkeeping requirements for representation under 38 C.F.R. § 14; deletion handling for B2L customers (org-level rather than user-level).

8. State-Specific Disclosures

[WSGR FINAL — placeholder]

California (CCPA / CPRA): right-to-know, right-to-delete, right-to-correct, opt-out from sale or sharing (we do not sell). Washington (MHMDA): consumer health data disclosures live in the Consumer Health Data Policy. Connecticut (CTDPA), Virginia (VCDPA), Colorado (CPA), Utah (UCPA): applicable rights and contact procedures. State-by-state addendums.

9. Children

Pathfinders is intended for U.S. military veterans aged 18 or older. We do not knowingly collect information from anyone under 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we materially change how we handle your information, we will notify you and re-prompt for the affected consents.

11. Contact

Questions about your data, our handling of it, or to exercise a state-law privacy right: jonrowles939@gmail.com.

© 2026 CODEXr Inc. All rights reserved.