VA Loan Network
VALN Veteran Owned Banner
Get Started

VA Loans

Reviews

Learn

Skip to Contact

Security Policy

how we protect information and reduce risk

Security Policy

Related:
Privacy Policy

Terms of Use

Advertising Disclosures

VA Loan Network prioritizes the protection of information. No system is perfectly secure, but we apply layered controls aligned with common industry practices. This page summarizes safeguards we use to reduce risk and protect users.

Transport and In Transit Encryption

  • HTTPS: Site traffic is served over HTTPS using modern TLS configurations supported by major browsers.
  • Security headers: We use common browser security controls such as HSTS and secure redirects where supported.
  • Admin access: Administrative access uses encrypted channels and modern authentication controls.

Data at Rest and Secrets

  • Encryption at rest: Databases and storage use encryption at rest through provider controls or equivalent protections.
  • Secrets handling: API keys and tokens are restricted to minimum required access and are managed using standard secret handling practices.
  • Least privilege: Access is limited to what is needed for operations and support.

Application and Browser Side Protections

  • Cookie protections: Session cookies use common security flags such as Secure and HttpOnly where applicable.
  • Hardening headers: We use standard hardening headers where compatible with site functionality.
  • Input controls: We validate and encode inputs to reduce common risks such as XSS, injection, and CSRF.

Access Control and Operations

  • Role based access: Administrative permissions are role based and limited to what is needed.
  • Multi factor authentication: MFA is used for administrative accounts where supported.
  • Backups: Backups are maintained and tested on a rolling schedule to support recovery.

Monitoring, Logging, and Detection

  • Logging: Systems record security relevant events such as authentication activity and key configuration changes.
  • Alerting: Alerts are used to flag suspicious behavior, availability issues, and security concerns.
  • Review: We review signals and investigate issues as appropriate to reduce risk.

Third Party Providers

We use reputable vendors for hosting, analytics, email or SMS delivery, and other services needed to operate the site. Vendors are expected to protect data and use it only to provide services under contract.

  • Vendor evaluation: We consider security posture and contract protections when selecting providers.
  • Minimum necessary data: We share only what is needed for the vendor to perform services.
  • Access controls: Vendor access is limited and monitored where feasible.

Forms, Introductions, and Data Minimization

We collect the minimum information needed to provide the Services, coordinate introductions when requested, and operate tools. We do not pull credit reports.

  • Minimum collection: We aim to collect only what is needed to respond and provide requested help.
  • No credit pulls: Credit reports and scores are obtained by lenders if you choose to apply, and lender policies apply.
  • Sensitive data: Avoid sending sensitive information such as full Social Security numbers by email.

Incident Response

  • Procedure: We maintain an incident response process covering identification, containment, investigation, remediation, and post incident review.
  • Notification: When legally required, we notify affected users and regulators within applicable timelines.

Responsible Disclosure

If you believe you have found a vulnerability, email contact@valoannetwork.com with a description, reproduction steps, and potential impact. We will acknowledge receipt, investigate, and take appropriate action. Please avoid public disclosure until we confirm a fix.

Security.txt

We may also honor messages sent to /.well-known/security.txt once published.

Your Security Steps

  • Stay updated: Use current browsers and operating systems and keep them updated.
  • Protect sensitive info: Do not send sensitive information such as full Social Security numbers or bank numbers by email.
  • Verify HTTPS: Check that you are on an HTTPS page before submitting forms.

Contact

Related policies: Privacy Policy · Terms of Use · Advertising Disclosures · Product Notice

Pin It on Pinterest