Privacy Policy & Terms of Use

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website or services.

1. Introduction

​

Spearhead Solutions, Inc., is a Texas corporation headquartered in New York and doing business as Spearhead Veteran Services (“Spearhead,” "Company," "we," "our," or "us"). Spearhead is committed to protecting the privacy and security of the personal information of our clients.

​

This Privacy Policy applies to how Spearhead collects, uses, discloses, and protects personal information provided by individuals in connection with our services.

​

Spearhead is a technology company that delivers services through a distributed team of employees, independent contractors, and advisors. With personnel and clients located across the United States, Spearhead complies with all applicable federal and state privacy laws governing the collection, use, and protection of personal information.

​

2. Information We Collect

​

We collect the following categories of personal information in connection with the services we provide. Your information is collected through phone call, secure email, secured folder sharing, web forms, and SMS (with opt-in):​

​

• Personally Identifiable Information (“PII”): Name, address, phone number, email, date of birth, and other identifiers voluntarily provided.

• Sensitive Information: Veteran-specific medical information such as military service history and medical history, discharge status, and Department of Veteran Affairs (“VA”) information, if applicable. Medical-related information voluntarily provided to assist clients with the preparation of Department of Defense (“DoD”) medical addendums and compensation and pension exam guides. Spearhead does not operate as a healthcare provider and does not collect health information subject to the Health Insurance Portability and Accountability Act (“HIPAA”).

• Financial Information: Records of transactions made for Spearhead’s services, including invoices, receipts, and payment confirmations. Spearhead does not store or directly process credit card or bank account information.

•  Technical Information: Information collected from website visitors such as IP address, browser type, device information, and usage data for analytics and security purposes.

​

3. How We Use Your Information

​

We use the information we collect for the following purposes:

​

• To create medical addendums for Department of Defense (DoD) medical records.

• To provide educational resources and personalized support related to Department of Veterans Affairs (VA) programs, benefits, and services.

• To communicate with clients about our services, respond to inquiries, and provide important updates or support.

• To improve our services and enhance platform functionality based on user feedback, usage analytics, and system performance trends.

• To comply with applicable legal and regulatory obligations.

• To detect, prevent, and respond to fraud, unauthorized access, or misuse of data.

​

3.2 Use of SMS Communications

​

• Spearhead leverages the use of SMS communications to share important information such as but not limited to updates in policies or outstanding actions needed to move forward with our services.

• To opt in, simply fill out our Client Questionnaire and answer yes to question #28.

• If you would like to stop receiving text messages simply reply STOP to opt-out or call our business line 817-766-7753. Alternatively, you can send an email to Christian.lopez@sprhdvet.com with subject “SMS opt-out”.

• SMS communications are completely optional and do not hinder our ability to serve our clients if consent is not obtained.

​

4. How We Share Your Information

​

Spearhead does not sell or rent your personal information. We only share personal information as necessary to support our services, comply with legal obligations, or protect our rights and clients. This may include sharing information with:

​

• Government Agencies: When required by law or with client's consent.

• Third-Party Service Providers: Trusted vendors who support our operations (e.g., secure cloud storage, communication platforms, or payment processors), all of whom are bound by confidentiality and data protection obligations.

• Legal Authorities: When necessary to comply with applicable laws, regulations, subpoenas, or other lawful requests, or to protect the rights, safety, or property of Spearhead or its clients.

We do not share your personal information for cross-context behavioral advertising or targeted advertising purposes.

​

5. Data Security

​

Spearhead takes data security seriously and implements industry-standard safeguards to protect personal information from unauthorized access, disclosure, or misuse.

​

These measures include:

• AES-256 encryption for secure data storage and transmission.

• Multi-Factor Authentication (MFA) to control access to internal systems and client data.

• Role-based access controls to ensure only authorized personnel can access sensitive information.

• Regular security assessments, including vulnerability scanning and penetration testing, conducted by or through our infrastructure provider (e.g., Microsoft), where applicable.

• Endpoint protection to safeguard devices used by team members and contractors.

• Employee and contractor training on data security, privacy practices, and recognizing cybersecurity risks.

• Incident response protocols to detect, respond to, and mitigate the impact of potential data security incidents.

These measures are reviewed and updated as necessary to adapt to evolving security threats.

​

6. Health Related Information and HIPAA

​

HIPAA Disclaimer: Spearhead may collect or process health-related information to assist clients in preparing medical addendums and compensation and pension exam guides. However, Spearhead is not a “Covered Entity” or “Business Associate” as defined under the Health Insurance Portability and Accountability Act (HIPAA) and HIPAA therefore does not apply to our operations.

​

Spearhead does not receive data directly from healthcare providers or transmit information through HIPAA-covered systems. Nonetheless, Spearhead implements industry best practices for the protection of health-related data, including encryption, secure storage, and strict access controls.

​

7. Your Privacy Rights and Choices:

​

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.

• Correction: You may request that we correct inaccurate or incomplete personal information.

• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.

• Withdraw Consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time.

• Lodge a Complaint: You may file a complaint regarding our data handling practices with us or with a regulatory authority.

​

To exercise any of these rights, please contact us at aimee.cooper@sprhdvet.com. We will respond to your request in accordance with applicable data protection laws.

​

These rights may not be available to all users depending on their jurisdiction.

​

7.1 California Privacy Rights (CCPA & (CPRA)

​

Spearhead recognizes the rights of California residents under the CCPA and the CPRA. As such:

• California residents have the right to request the deletion of their personal data collected by Spearhead.

• Spearhead will respond to verified deletion requests within 45 days of receipt, in accordance with California law.

• Certain data may be retained if required for legal, security, or compliance purposes (e.g., tax records, fraud prevention, or contractual obligations).

• If additional time is required, Spearhead will provide notice within the initial 45-day period with an expected resolution timeframe.

• ​

Spearhead does not sell or share personal data, as defined under CPRA.

​

Opt-Out and Data Deletion Request Process:

• How to Submit a Request: California residents may request data deletion by:

  • Completing the Data Deletion Request Form

  • Emailing aimee.cooper@sprhdvet.com with the subject: "CCPA Data Deletion Request"

  • Calling Spearhead’s Privacy Office at 402-315-8610

• Verification Process:

  • Spearhead may require identity verification (e.g., email confirmation, government-issued ID) to prevent fraudulent deletion requests.

  • If a request is submitted on behalf of another individual, the requester must provide legal authorization or power of attorney.

• Exceptions to Deletion Requests:

  • Spearhead may deny a request if data retention is required under federal, state, or contractual obligations.

  • If a request is denied, Spearhead will provide a written explanation of the reason.

​

We do not discriminate against individuals for exercising their privacy rights under applicable laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

​

8. Data Retention & Disposal

Spearhead retains personal information only for as long as necessary to fulfill the purposes for which it was collected, including providing services to clients, complying with legal and regulatory obligations, resolving disputes, and enforce our agreements.

​

The specific retention period may vary depending on the type of information and the applicable legal requirements. When personal information is no longer required, we securely delete, de-identify, or anonymize it in accordance with industry standards.

​

If you have questions about our data retention practices or wish to request deletion of your information, you may contact us at aimee.cooper@sprhdvet.com.

​

We maintain a data retention schedule to ensure data is not kept longer than necessary in accordance with applicable data classification and disposal policies.

​

9. International Data Transfers

​

Spearhead is based in the United States, and the personal information we collect is processed and stored in the U.S. If you access our services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States or other jurisdictions that may not provide the same level of data protection as your home country.

​

Where required by applicable law, we implement appropriate safeguards to protect international data transfers, such as standard contractual clauses or other lawful mechanisms.

​

By using our services or providing us with your information, you acknowledge and consent to the transfer of your information to the United States and the processing of that information in accordance with this Privacy Policy.

​

If applicable, we rely on Standard Contractual Clauses or equivalent mechanisms for cross-border data transfers.

​

9.1 General Data Protection Regulation (GDPR) Rights

​

Spearhead acknowledges the requirements of the GDPR for service members stationed in the European Union (EU). As such:

• Under Article 17 of the GDPR ("Right to Erasure"), individuals have the right to request the deletion of their personal data.

• Spearhead will respond to verified deletion requests within 30 days of receipt, in accordance with GDPR regulations.

• Certain data may be retained if required for legal, security, or compliance purposes (e.g., tax records, fraud prevention, or contractual obligations).

• If additional time is required, Spearhead will provide notice within the initial 30-day period with an expected resolution timeframe.

​

Spearhead primarily assists U.S. Service Members stationed abroad; we do not market our services to EU residents as a business.

​

Opt-Out and Data Deletion Request Process for EU-Based Clients:

• How to Submit a Request: EU-based service members may request data deletion by:

  • Complete the GDPR Data Deletion Request Form

  • Email aimee.cooper@sprhdvet.com with the subject: "GDPR Data Deletion Request"

  • Call Spearhead’s Privacy Office at 817-766-7737

  • Verification Process: Spearhead may require identity verification (e.g., email confirmation, government-issued ID) to prevent fraudulent deletion requests.

  • If a request is submitted on behalf of another individual, the requester must provide legal authorization or power of attorney.

• Exceptions to Deletion Requests:

  • Spearhead may deny a request if data retention is required under federal, state, or contractual obligations.

  • If a request is denied, Spearhead will provide a written explanation of the reason.

​

10. Changes to This Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes to this Policy, we will notify you by updating the “Effective Date” at the top of this page and, where appropriate, by providing additional notice (such as by email or through our platform).

​

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

​

11. Contact US

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, you may contact us at:

​

Email:  aimee.cooper@sprhdvet.com.

Phone: 402-315-8610