What VBN does not do
- Does not ask for a name, email, phone, or address.
- Does not capture Social Security numbers, claim numbers, medical records, school enrollment or GPA, loan amounts, or property addresses.
- Does not transmit any profile data to a server. The entire app runs in your browser.
- Does not use third-party analytics, ad networks, heat-mapping, session recording, or trackers.
- Does not file VA claims, submit forms on your behalf, or contact any VA system.
- Does not sell, share, or broker data with anyone, ever.
The one thing VBN may send (Core Web Vitals)
When deployed with the optional NEXT_PUBLIC_VITALS_ENDPOINTenvironment variable set, VBN sends anonymous Core Web Vitals (page-timing measurements) to a same-origin Netlify Function. The endpoint is first-party (no third-party domain, no analytics SDK). The payload is small and privacy-stripped: the metric name (CLS, INP, LCP, FCP, or TTFB), its numeric value, the web-vitals library’s per-page-view UUID, a rating bucket (“good” / “needs-improvement” / “poor”), the navigation type, the route path (no query string, no URL fragment), and a millisecond timestamp. No profile data, no IP, no User-Agent, no cookies (the request sets credentials: "omit"). Source: src/components/perf/web-vitals-reporter.tsx. When the environment variable is not set the function is a no-op.
What VBN stores (and where)
VBN uses your browser’s localStorage to save the inputs you give it. Nothing is transmitted off your device. The storage keys are:
| Key | What it holds | Set by |
|---|---|---|
| vbn-profile | Saved plan: service summary, conditions, dependents, and the sections of the profile you have engaged. | Using “Save to Plan” on any tool. |
| vbn-wizard-draft | In-progress intake wizard state. Lets the wizard survive a refresh or tab close. | Starting the intake wizard. |
| web-vitals-last | The last Core Web Vitals reading per metric (CLS/INP/LCP/FCP/TTFB) for QA inspection. No profile data. | Automatic on page load (when web-vitals reporter is enabled). |
| vn:…, vbn:…, vbn.… | Per-session UI-state keys: which banners you dismissed, which tools you recently viewed, your accessibility preferences (font size, contrast, motion), whether the “what’s new” toast has been seen, your saved scenarios, and similar interface state. None of these hold profile data. | Automatic as you use the site. |
These keys live only in this browser. Opening VBN on a different device will not see them unless you use the QR or “transfer to another device” feature to explicitly encode the data into a URL you move yourself. The “Clear all VBN data” button below removes every key above (and clears the service worker cache) in one click.
Share links and transfer URLs
When you use “Share” on a tool, VBN encodes the inputs into the URL itself (after #share= or #transfer=). The data lives in the URL, not on any server. Anyone who has the URL can see the encoded data and load it into their browser.
Two implications worth naming clearly:
- A share link is not authenticated. Treat the URL the way you would treat a photo of the same data: share it only with people you trust. Verify the origin of any share link you receive before saving it to your plan.
- Transfer links are size-capped.VBN rejects transfer payloads larger than 64 KB before decoding, and validates the shape of the decoded data before accepting it. Malformed or oversize links are silently ignored.
Offline behavior and cached files
VBN installs a service worker so the site keeps working on poor connections (useful for rural veterans and for VSO offices with patchy Wi-Fi). The service worker caches the static assets of the site: HTML, CSS, JavaScript bundles, and images. It does not cache your profile data or any inputs.
Clearing the cache, uninstalling the service worker, and removing localStorage are all offered by the button below.
What you do not have to trust us on
Because the entire app is client-side and the source is public, every claim on this page can be verified directly:
- Open the browser developer tools, go to the Network tab, and watch for requests to any third-party domain. Aside from same-origin asset loads (the site itself, the search index, and the optional Core Web Vitals beacon described above), there are none.
- Search the repository for
fetch(orXMLHttpRequest. The only runtime calls are same-origin: site assets, the search index, and — when enabled for the current deployment — the anonymized Core Web Vitals beacon. - Inspect the
Applicationtab →Local Storage. The keys listed above are all that is written.
Clear all VBN data from this browser
This button removes the two localStorage keys above, clears sessionStorage, unregisters the service worker, and wipes the service worker cache. It is the digital equivalent of closing the book and returning it to the shelf.
Accounts and cross-device sync
VBN does not currently offer accounts. If accounts are added in a future release they will be strictly opt-in, use email-only login (no social logins), store no Protected Health Information server-side, offer one-click account-plus-data deletion, and separate veteran-facing data from any commercial adjacency behind a hard firewall.
Non-accreditation
VBN is not accredited by the Department of Veterans Affairs and does not provide legal advice, file claims, or represent veterans before the VA (38 U.S.C. § 5904). For official claims assistance, contact a VSO, CVSO, or VA-accredited attorney. The VA.gov representative directory lists every accredited representative.
Corrections and questions
If you find an error on this page or anywhere else, please tell us via the project repository. Substantive corrections are acknowledged in the commit message for the affected page. For more on editorial standards, see the About page.