Security Policy
Updated: October 17, 2026
VA Loan Network prioritizes the protection of your information. While no system is perfectly secure, we apply layered controls in line with industry practices. For related details, see our Privacy Policy and Terms of Use.
Transport & In-Transit Encryption
- All pages are served over HTTPS using TLS 1.2 or higher; modern browsers typically negotiate TLS 1.3.
- We enforce HSTS, secure redirects, and disable legacy protocols and weak ciphers.
- Administrative access uses encrypted channels with modern key exchange and forward secrecy where available.
Data at Rest & Secrets
- Databases and file storage use encryption at rest (e.g., AES-256 or provider-equivalent).
- Secrets (API keys, tokens) are stored in restricted vaults or provider KMS; rotation and least-privilege access apply.
Application & Browser-Side Protections
- Session cookies use Secure and HttpOnly flags; SameSite is set to reduce cross-site request risks.
- We deploy common hardening headers (Content-Security-Policy, X-Content-Type-Options, Referrer-Policy) where compatible.
- Inputs are validated and encoded to mitigate XSS, injection, and CSRF.
Access Control & Operations
- Role-based, least-privilege access with MFA for administrative accounts.
- Change management and separation of duties for production changes.
- Backups are encrypted and tested on a rolling schedule for restorability.
Monitoring, Logging & Detection
- Infrastructure and application logs capture authentication events, configuration changes, and security-relevant activity.
- Alerts notify our team of suspicious activity, availability issues, and policy violations.
Third-Party Providers (Vendors)
- We use reputable hosting, analytics, email/SMS, and other services. Vendors are evaluated for security posture and contractually required to protect data.
- Only the minimum necessary data is shared with vendors to perform services.
Forms, Matching & Data Minimization
- We collect the minimum information needed to match you with VA-approved lenders and to operate our tools.
- Credit reports and FICO® scores are obtained by lenders, not by VA Loan Network. Lender privacy and security policies apply to their processing.
Incident Response
- We maintain an incident response procedure covering identification, containment, investigation, remediation, and post-incident review.
- When legally required, we notify affected users and regulators within applicable timelines.
Responsible Disclosure
If you believe you have found a vulnerability, please email contact@valoannetwork.com with a description, reproduction steps, and impact. We will acknowledge receipt, investigate, and take appropriate action. Please avoid public disclosure until we confirm a fix.
Optional best practice: we also honor messages sent to /.well-known/security.txt once published.
Your Security Steps
- Use current browsers and operating systems and keep them updated.
- Do not send sensitive information (full SSNs, bank numbers) by email.
- Verify you are on https://valoannetwork.com before submitting forms.
Contact
Email: contact@valoannetwork.com
Phone: (800) 230-7201
Address: 3128 Napier Pk suite 103, San Antonio, TX 78231
Related policies: Privacy Policy • Terms of Use • Advertising Disclosures • Product Notice