Privacy Policy

Effective: March 24, 2026

Flat Rate Nexus, operated by Kasky Online Health, PLLC ("we," "us," "our"), provides independent medical opinion letters for VA disability claims. This policy describes how we collect, use, and protect your personal and health information.

Information We Collect

When you submit an intake form, we collect: your name, date of birth, email address, phone number, branch of service, service dates, military occupational specialty, claimed conditions, and a description of the in-service events related to your claim.

We also receive the medical records and documents you upload, which may include DD-214s, service treatment records, VA medical records, private medical records, personal statements, and buddy statements. These records contain protected health information (PHI).

We collect payment information through Stripe, our third-party payment processor. We do not store credit card numbers on our systems.

How We Use Your Information

We use your information to evaluate your case, draft a medical opinion letter if your case is supportable, communicate with you about the status of your case, and process payments and refunds.

Your medical records are reviewed by our physician as part of preparing your letter. The physician reviews, evaluates, and signs every letter before it is delivered.

HIPAA Compliance

We handle your protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Your records are submitted through HIPAA-compliant intake forms, stored securely, and accessed only by our physician and authorized staff involved in the preparation of your letter.

We do not sell, rent, or share your health information with third parties for marketing purposes. Your PHI is used solely for the purpose of evaluating and preparing your nexus letter.

Third-Party Services

We use the following third-party services to operate:

Jotform (HIPAA plan) for secure intake form submission and file uploads. Stripe for payment processing. Google Workspace for email communications from info@flatratenexus.com.

Data Retention

We retain your case records for a period necessary to fulfill our service obligations and comply with applicable record-keeping requirements. If you request deletion of your records after your case is complete, we will honor that request within 30 days, subject to any legal retention requirements.

Data Security

All intake data is transmitted over encrypted connections (HTTPS/TLS). Records are stored on encrypted, password-protected systems. Access to veteran records is restricted to the reviewing physician and authorized staff involved in letter preparation. We do not store your information on publicly accessible servers.

Your Rights

You have the right to request a copy of the information we hold about you, request correction of any inaccurate information, and request deletion of your records (subject to legal retention requirements).

To exercise any of these rights, contact us at info@flatratenexus.com.

Cookies and Tracking

Our website does not use cookies for tracking or advertising purposes. We do not use third-party analytics that track individual visitors. Third-party services embedded on our site (such as Jotform and Stripe) may use their own cookies as necessary to provide their services.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of our service after changes are posted constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or our data practices, contact us at info@flatratenexus.com.