Skip to content
LASTVET

← Back to LastVet

LastVet Privacy Policy

Effective Date: April 3, 2026 Last Updated: April 3, 2026

Plain Language Summary

LastVet exists to give you control of your health information. Here's what that means:

  • You own your data. Your health record belongs to you, not us.
  • You decide who sees it. You grant and revoke access to providers, organizations, and individuals — one by one, category by category.
  • We never sell your data. Period. No exceptions. No fine print.
  • You can leave anytime. Export your full record or delete your account. Your data, your choice.
  • We exceed HIPAA. Our SHIELD standard goes beyond what the law requires to protect you.

If anything in the detailed policy below contradicts this summary, the summary wins. We mean what we say.

1. Who We Are

LastVet (last.vet) is operated by Last 1 Enterprises and is part of the Last 1 ecosystem. LastVet is a veteran-controlled health record platform that enables veterans to aggregate, own, and manage their complete health and life data.

Contact:

  • Email: support@last.vet
  • Organization: Last 1 Enterprises
  • Nonprofit Governance: Last 1 Nonprofit (last1.org)

2. The SHIELD Standard

LastVet is built on the SHIELD data standard, which exceeds HIPAA requirements in every dimension:

  • Sovereign: You own your data. You are the root authority on your record. No institution, provider, or partner can access your information without your explicit consent.
  • Holistic: Your record includes your complete health and life picture — medical history, social determinants, housing, employment, behavioral signals, peer connections, and self-reported data. Not just clinical notes.
  • Integrated: Your data connects across systems — VA, Community Care Network, out-of-network providers, and community organizations — on your terms, not the institution's.
  • Encrypted: All data is encrypted at rest and in transit. Every access is authenticated. Every session is auditable. Security is the default, not a policy.
  • Live: Your record updates in real time. Every check-in, every provider interaction, every engagement signal. Your record is alive because your story doesn't stop between appointments.
  • Distributed: Your data moves with you across a permissioned network. It doesn't live behind one institution's wall. It follows you, secured by your Last1 ID, governed by your consent.

3. What Data We Collect

3.1 Data You Provide Directly

  • Account information (name, email, phone number)
  • Call sign (your chosen display name)
  • Service history (branch, rank, MOS, deployment history, discharge status)
  • Self-reported health information (housing status, employment, goals, wellness check-ins)
  • Radio Check responses and engagement data
  • Care preferences and provider preferences
  • Consent decisions

3.2 Data We Pull From the VA (With Your Authorization)

  • Health records via the VA Lighthouse Patient Health API (FHIR), including:
    • Conditions and diagnoses
    • Medications
    • Allergies
    • Procedures
    • Immunizations
    • Lab results
    • Clinical notes
  • Service history and eligibility (via VA Veteran Verification API)

You authorize this pull. We use the OAuth 2.0 Authorization Code Grant flow — you log in through the VA's identity system (Login.gov or ID.me) and explicitly grant LastVet permission to access your data. You can revoke this authorization at any time.

3.3 Data Contributed by Providers (With Your Consent)

  • Clinical notes from non-VA providers
  • Treatment plans and care summaries
  • Referral outcomes and follow-up records
  • Structured data (diagnosis codes, treatment types, outcome measures)

Providers can only write to your record if you have granted them explicit permission. Provider-contributed data is clearly tagged in your record timeline so you always know who wrote what.

3.4 Platform-Generated Data

  • Radio Check engagement signals (check-in frequency, response patterns)
  • Help signal history
  • Referral tracking (request to resolution)
  • XP, reputation, and engagement metrics
  • Audit logs (who accessed what, when)

3.5 Technical Data

  • Device information (for mobile app functionality)
  • IP address and session data (for security and authentication)
  • App usage analytics (anonymized, for platform improvement)

4. How We Use Your Data

We use your data for:

  1. Building and maintaining your living health record — aggregating, displaying, and updating your health and life information across all sources
  2. Connecting you with care — matching you to providers, services, and resources based on your record and preferences
  3. Radio Check and peer accountability — facilitating check-ins with your unit and detecting when you may need support
  4. Help signal routing — ensuring that when you signal for help, the right people are notified immediately
  5. Care coordination — tracking referrals from request to resolution and measuring outcomes
  6. Platform improvement — using anonymized, aggregated data to make LastVet better for all veterans

We do not use your data for:

  • Selling to advertisers, data brokers, or any third party
  • Targeted advertising of any kind
  • Making automated decisions about your care without your knowledge
  • Any purpose you have not explicitly consented to

5. How We Share Your Data

5.1 Only With Your Consent

Your data is shared only with the people and organizations you explicitly authorize through the consent dashboard. You control:

  • Who can access your data (specific providers, organizations, individuals)
  • What they can see (granular by data category — you can share medications but not mental health history, for example)
  • For how long (you set the duration, or leave it open and revoke anytime)
  • For what purpose (treatment, care coordination, research, etc.)

5.2 Substance Use Disorder Records (42 CFR Part 2)

Records related to substance use disorder treatment receive additional protections under federal law. These records:

  • Are displayed separately in your consent dashboard
  • Require specific, separate consent before sharing
  • Cannot be used in criminal or civil proceedings against you without your specific consent or a court order
  • Are subject to stricter controls than standard health information

5.3 Aggregated, Anonymized Data (Only With Your Opt-In)

If you choose to participate, your anonymized data may be included in population-level analytics through RealOutcomes. This data:

  • Is fully anonymized — it cannot be traced back to you
  • Requires your explicit opt-in (not opt-out)
  • Is used to prove what works in veteran care and direct resources to impact
  • May generate compensation for you (via the future $LST1 token program)

You can opt out at any time with immediate effect.

5.4 When Required by Law

We may disclose your information when required by law, such as in response to a valid court order or subpoena. We will notify you of any such request unless legally prohibited from doing so.

6. Your Rights

You have the right to:

  1. Access your complete record at any time through the LastVet platform
  2. Export your data in a portable format (PDF, FHIR, or secure link)
  3. Correct inaccurate information in your record
  4. Revoke any consent at any time with immediate effect
  5. Delete your account and all associated data
  6. See who has accessed your data through the audit log
  7. Restrict data categories — share some information while keeping other categories private
  8. Withdraw from data sharing programs (RealOutcomes, research) at any time
  9. File a complaint if you believe your rights have been violated

To exercise any of these rights, contact us at support@last.vet or use the controls in your consent dashboard.

7. Data Security

  • All data is encrypted at rest and in transit (AES-256, TLS 1.3)
  • Access controls enforce the principle of least privilege
  • All data access is logged and auditable
  • Sessions expire automatically after inactivity
  • Multi-factor authentication is available and recommended
  • We conduct regular security assessments and penetration testing
  • Our infrastructure is hosted on HIPAA-compliant, BAA-covered cloud services

8. Data Retention

  • Your record exists as long as your account is active
  • If you delete your account, your data is permanently removed within 30 days
  • Audit logs are retained for 6 years in compliance with HIPAA requirements
  • Anonymized, aggregated data that has already been included in RealOutcomes reports cannot be individually recalled (because it is no longer identifiable)

9. Children's Privacy

LastVet is not intended for use by individuals under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We will notify you of material changes to this privacy policy via email and in-app notification at least 30 days before they take effect. We will never retroactively reduce your privacy protections without your explicit consent.

11. Contact Us

Questions, concerns, or complaints about this privacy policy or our data practices:

  • Email: support@last.vet
  • Privacy Officer: [To be appointed]
  • Governing Organization: Last 1 Nonprofit (last1.org)

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint.

This privacy policy is a living document. It will be updated as our platform evolves, always in the direction of more transparency and more veteran control — never less.