Privacy Policy

DHA Mobile Apps Privacy Policy
(Applies to: Virtual Hope Box, DreamEZ, Breathe2Relax, Decide + Be Ready, Provider Resilience, Biodefense and DHA MedCard)
Last Updated:05/28/2026
This privacy policy describes how certain Defense Health Agency (DHA) mobile applications (“the Apps”) handle information. This policy applies to the following Apps:
• Virtual Hope Box
• DreamEZ
• Breathe2Relax
• Decide + Be Ready
• DHA MedCard
• Provider Resilience
• Biodefense
These Apps support health, wellness, and readiness across the Military Health System. Use of the Apps is voluntary.
________________________________________
1. Information You Enter Into the Apps
Some of the Apps allow you to enter personal notes, coping tools, preferences, medication or prescription information, contacts, or other content.
• All information you enter is stored locally on your device.
• DHA does not receive, collect, transmit, or store any personal information you enter into the Apps.
• DHA cannot access your in-App data unless you choose to share it—for example, by showing your device to a provider or sharing screenshots.
You control what information you enter and how it is shared.
________________________________________
2. Information Automatically Collected
A. Analytics collected by some DHA Apps (DAP)
Five Apps (Breathe2Relax, DreamEZ, Decide + Be Ready, Provider Resilience, Biodefense) use the federally required Digital Analytics Program (DAP) to collect non-personal, aggregate usage analytics.
DAP collects only standard technical information, such as:
• Page views
• Session counts
• Device type (mobile/tablet/desktop)
• Operating system or browser type
• General navigation paths
• Timestamp of visits
DAP does not collect:
• Personal identifiers
• User-entered content
• Contact information
• Health information
• Custom in-App events
• Advertising IDs
• Persistent identifiers
• Retained IP addresses
DAP analytics are processed within a GSA-managed analytics environment compliant with federal digital policy. More information: https://dap.digitalgov.gov.
________________________________________
B. Apps with no DHA analytics
Two Apps do not use any DHA analytics service:
• Virtual Hope Box
• DHA MedCard
These Apps do not transmit any analytics or user data to DHA servers.
________________________________________
C. Analytics collected by Apple and Google (all Apps)
Regardless of whether an App uses DAP:
Your mobile operating system or app store provider (such as Apple or Google) may independently collect diagnostic, crash, or usage information under their own privacy policies. DHA does not control this collection, does not receive this data, and does not use it to identify users.
For details, please refer to Apple’s and Google’s published privacy policies.
________________________________________
3. Permissions and Device Access
Depending on the App and features you choose to use, the Apps may request access to:
• Local storage / photos / media – allows adding images or files for personal use
• Camera – for capturing photos you choose to store locally
• Contacts or phone dialer – for “Call a Friend” or similar features
• Notifications – for reminders you enable
• Network access – only to open external websites (e.g., crisis resources, DHA pages, or patient portals)
Permission use is limited to enabling functionality on your device only.
The Apps do not use these permissions to transmit personal information to DHA or third parties.
________________________________________
4. How DHA Uses Information
Because DHA does not receive or store personal information entered into the Apps:
• No user profiles are created
• No personal data is shared or sold
• No advertising or marketing tracking is conducted
DAP analytics (B2R, DEZ, DBR, PR, Biodefense only) are used solely to understand general, anonymous usage patterns to improve public digital services. These analytics cannot be used to identify individual users.
________________________________________
5. Data Sharing
The Apps do:
• NOT share your personal in-App content
• NOT send your information to third-party advertisers
• NOT transfer, sell, or disclose personal data
Any sharing of information occurs only when you choose to disclose data from your device.
________________________________________
6. Data Retention and Deletion
• All in-App content remains stored locally on your device until you delete it.
• You may delete entries individually (where supported).
• Uninstalling an App removes all data stored within that App from your device.
Data you voluntarily share with your provider, pharmacy, or other external systems is not affected by uninstalling the App.
________________________________________
7. Children’s Privacy
These Apps are primarily intended for adults, including service members and beneficiaries. Some Apps may be used with adolescents under parental or clinical supervision.
The Apps do not create user accounts and do not knowingly collect personal information from children under 13.
________________________________________
8. Security
Because your information is stored locally on your device, the security of that information depends on your device’s protections. DHA recommends:
• Enabling a passcode or biometric lock
• Keeping your device software updated
• Following applicable DoD or organizational cybersecurity policies
DAP analytics are transmitted and stored using federally compliant security standards.
________________________________________
9. Relationship to Other DHA Privacy Policies
This notice describes how the Apps listed above handle information on your device.
For broader DHA privacy practices, including HIPAA and civil liberties information, please visit:
https://www.health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties
________________________________________
10. Contact
Defense Health Agency – Privacy & Civil Liberties Office
7700 Arlington Blvd., Suite 1M300
Falls Church, VA 22042
Phone: 703-275-6363
Contact information is also available on the DHA Privacy & Civil Liberties Office website.