GoVA Foundation Privacy Policy

GoVA Foundation, Inc. (“the Foundation” and referred to in the first person as “we,” “us,” and “our” at times in this “Privacy Policy”) is committed to protecting the privacy of our clients and other users of our website, (however accessed and/or used, whether via personal computers, mobile devices or otherwise (collectively, “Device”) and other interactive features, applications or downloads that are operated by us that are available through this site or that interact with this site and post this Privacy Policy (collectively, “Website”).  This Privacy Policy (“Policy”) governs the way in which we collect, use, and disclose your information personal information collected from you through the Website and any other product or service that the Foundation provides (the “Services”). This Privacy Policy is only applicable to the Website, and not to any other websites that you may be able to access from the Website, each of which may practices and policies that differ from this Privacy Policy.


Data Collected

The Foundation collects three types of information: Personal Data, Non-Personal Data, and Financial Data.  All such information is either provided by you or through a third-party source.

We obtain information from third-party sources in certain situations.  For example, we may collect information about you from identity or other verification services, credit bureaus (including your credit report), advertising networks, mailing list providers, service providers and data brokers.  Our Services also may allow or require you to integrate or connect with third-party services through service providers.

The information we receive from such third parties varies depending on the information made available by those entities.  Examples of the types of information we receive include financial account information, information about account balance, information about credit accounts, information about loan accounts, information about investment accounts, identifiers and information about account owners, information about account transactions and employment information.

Personal Data

The Foundation will only collect Personal Data when it is provided through any forms, applications, surveys, or any other means in which data is collected through the Services.  Personal Data is data that can be used to uniquely identify or contact a single person, such as names and email addresses.  We do not collect any Personal Information from you unless you voluntarily provide it to us.  You do not have to give us any personal information to browse this Website.  However, to use the Services offered through this Website, you may be asked to provide personal information to submit or request information from us, or, and by doing so, you consent to our processing of such information as described in this Privacy Policy.  Once you provide us with your personal information, you are no longer anonymous to us.   This information may include your full name, e-mail address, postal address, other demographic information, location, photographs, videos, your relationship to us, and any other information that you provide to us, including through feedback, messages, emails, answers to surveys or questionnaires that you may submit. 

This Personal Data is used to facilitate the foundation’s donations and mission and provide you with the most efficient and personally beneficial version of the Site.  When you make a donation on behalf of a third-party, we may collect information you provide us with such as the name, address, and phone number of the third-party.

Non-Personal Data

The Foundation collects Non-Personal Data automatically when you visit this website or any other website, portal, or interface related to the Services.  We may collect, use, transfer, and disclose non-personal information for any purpose.  The following are some examples of non-personal information that we collect and how we may use it: (1) we may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where one of our products is used so that we can better understand customer behavior’ and improve our products, services, and advertising; and (2) we also may collect information regarding customer activities on our Website and from our other products and services.  This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our Website, products, and services are of most interest.  Aggregated data is considered non-personal information for the purposes of this Privacy Policy.

This Non-Personal Data is used for internal purposes to analyze the usage of this website and any of the Services.

Disclosure of Collected Data

We will only share personal data with third party service providers as required to facilitate the provision of the Services.  We will not disclose any data we collected with third parties except as follows:

We may also disclose collected data in certain circumstances in which we believe in good faith that disclosure is necessary to comply with a subpoena, to protect the personal safety of the clients that use the Services, or to protect the rights of the Foundation.

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure.  We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody.  However, no method of transmitting or storing data is completely secure.  As a result, although we strive to protect personal information about you, we cannot guarantee the security of any information you transmit to us through or in connection with the Website.  If you have reason to believe that personal information is no longer secure, please notify us immediately by contacting us in accordance with the last section below. 

Third-Party Services

This website or any of our other Services may contain links to the website or services of a third-party that is operated independently of The Foundation, and that we have no control over.  Any such third-party websites or services are not subject to the terms of this Policy, and we assume no responsibility for the privacy practices of the third-party.  We strongly advise you to thoroughly review any such third-party’s privacy policy before visiting their websites or using their services.


The Website, online services, interactive applications, email messages and advertisements may use a variety of technologies, now and hereafter devised, that automatically collect certain website usage information whenever you visit or interact with the Website.  Website usage information may be collected by various methods, including “cookies” and other technologies such as pixel tags, web beacons, mobile device identifiers and embedded scripts.  Cookies are small data files that are placed on your device when it is used to visit our website.  We cannot use them to identify you and thus the information collected is treated as nonpersonal information.  However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information.  Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.  Cookies allow website managers to adapt materials to your computer and include information such as what pages you visited, how often you visited them, what your preferences may be, and they may enable certain features on this Website.  Most web browsers accept cookies, but you may be able to adjust your browser settings to not allow them or to let you know when they are being sent.  Your use of some features on this Website may be limited if you disable cookies.

Pixel tags enable us to send email messages in a format our customers can read, and they tell us whether the email has been opened.  We may use this information to reduce or eliminate the number or type of messages sent to our customers.  Web beacons are small graphic images or other web programming code inserted into a web page or email that count visitors to the Website, monitor how users navigate the Website, count how many emails that were sent are actually opened, or count how many particular articles or links were actually viewed.  Certain mobile service providers uniquely identify mobile devices and we or our third-party service providers may receive such device information if you access the Website through mobile devices.  Certain features of our Website may require collection of mobile phone numbers, and we may associate that phone number with mobile device identification information.  An embedded script is programming code that is designed to collect information about your interactions with the Website, such as the links you click on.  The code is temporarily downloaded onto your computer from our web server or a third-party service provider, is active only while you are connected to the Website and is deactivated or deleted thereafter.

In some of our email messages, we use a “click-through URL” linked to content on our Website.  When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our Website.  We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications.  If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

We and our partners use cookies and other technologies in mobile advertising services to control the number of times you see a given ad, deliver ads that relate to your interests, and measure the effectiveness of ad campaigns.  If you do not want to receive ads with this level of relevance on your mobile device, you can opt out by emailing:  If you opt out, you will continue to receive the same number of mobile ads, but they may be less relevant because they will not be based on your interests.  You may still see ads related to the content on a web page or in an application or based on other non-personal information.  This opt-out applies only to our advertising services and does not affect interest-based advertising from other advertising networks. 

Children’s Privacy

The Website is not intended for children under the age of 18.  The Foundation does not knowingly solicit or collect Personal Information from children under 18.  If you are under the age of 18, please do not submit your e-mail address or any other personal information to us through the Website.  If you have reason to believe that a child under the age of18 has provided Personal Information to us through our Website, please contact us.


By filling in information on our website or through any of our services, you may receive various communications including phone calls and emails regarding the Foundation services, including but not limited to newsletters, bulletins, status updates, account verifications, or other communications such as marketing information.  You may opt-out of any of these communications by following an unsubscribe link on email, or by expressing your wishes to opt-out on the phone.  You can also opt-out by contacting by using the contact information provided in this Policy.

The Foundation will also be required to communicate with you throughout the provision of the Services.  You will not be able to opt out of these communications that are directly related to your transaction.


The states of California and Virginia afford their citizens certain rights to privacy under the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA).  The CCPA and VCDPA requires companies to disclose the type of personal information that has been collected about their consumers, a list of the personal information that they have sold about their consumers, and a list of the categories of personal information in which they have disclosed about consumer for a business purpose in the preceding 12 months.

In the previous 12 months, we have collected personal information about our consumers from the consumers themselves, other third parties such as consumer credit reporting agencies, and publicly available sources.  The information collected includes the personal, non-personal, and financial data as described above in this Policy.  This information is considered to be, under California law, in the categories of Personal Identifiers, Personal Information, and Internet or other similar network activity.

In the previous 12 months, we have not knowingly sold any of our consumers’ personal information.

We have only disclosed this information to the companies indicated in the table above for the state in which you have applied for our Services.  This information has been disclosed solely for the purposes of providing the Services.  We may also disclose any information we have collected to any other third-party that the consumer and/or customer gives us permission to disclose such information to.

We will not collect additional information, sell information, or use any information collected for purposes other than those laid out above without notifying you.

The CCPA and VCDPA give California and Virginia residents additional rights that include the Right to Opt-Out, the Right to Know, the Right to be Forgotten, and the Right to Non-Discrimination.  These rights must be exercised.

The Right to Opt-Out gives California and Virginia consumers the right to opt-out of a business selling or sharing their personal information.

The Right to Know gives California and Virginia consumers the right to have access to their information that is collected, to know from which sources it is collected, to know how it is used, and to know to whom the information is disclosed.

The Right to be Forgotten gives California and Virginia consumers the right to request that all their personal information and any record pertaining to them be removed from a company’s database.

The Right to Non-Discrimination gives California and Virginia consumers the right not to be discriminated against for the exercise of their privacy rights in which they are entitled to under the CCPA.

Exercising Your Rights under the CCPA and VCDPA

To Exercise your rights under the CCPA or VCDPA, you may make a request by sending us an email at with either “CCPA Request” or “VCDPA Request” in the subject line.  You may also make a request by phone at 833-825-6261.

Upon these requests, we may ask for additional personal information to verify we are dealing with the correct individual.  These requests are not final, as the law may not require or allow us to honor your request.  Please do not consider the request fulfilled until you receive a confirmation message in writing from  If for any reason a Virginia resident is denied, such individual shall be provided notice of such denial.  Such Virginia resident shall have a right to appeal which shall be met with a response including the reason for any such denial.

Important Notice to Non-U.S. Residents
The Website is hosted in the United States and is intended for use by residents of the United States of America only.  All matters relating to the Website are governed exclusively by the laws of the State of North Carolina in the United States of America and not the jurisdiction in which you are located.  By providing us with any information through the Website, you consent to the collection, processing, maintenance, and transfer of such information in and to the United States in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.


Along with the rest of this Policy, individuals or businesses that are in the European Union at the time of the collection of any data subject to this Policy are afforded additional rights. The General Data Protection Regulation (“GDPR”) affords individuals or business in the European Union the following rights:


Description of Right

Right to Access

Individuals and Businesses protected under the GDPR have the right to request access to any data that we collect pertaining to them and request copies of such data.  Note that there may be a small fee associated with the request of copies of the data.

Right to Rectification

Individuals and Businesses protected under the GDPR have the right to request that The Foundation corrects any information that you believe is inaccurate, as well as the right to request that we complete any information that you think is incomplete.

Right to Data Portability

Individuals and Businesses protected under the GDPR have the right to request that the information we have collected be transferred to another organization or directly to you, under certain conditions laid out in the GDPR.

Right to Erasure

Protected Individuals and Businesses have the right to request that we erase your personal information in which we have collected.

Right to Restrict Processing

Individuals and Businesses that are protected under the GDPR have the right to request that we restrict the processing of your personal data, under conditions laid out in the GDPR.

Right to Object to Processing

Individuals and Businesses that are protected under the GDPR have the right to object to our processing of your personal data.

For more information regarding the GDPR please click here.

Contacting the Appropriate Authority for GDPR Complaints

Should you wish to file a complaint regarding your GDPR rights or if you feel we have not addressed any concerns you have in a manner in which satisfies you, you should contact the Information Commissioner’s Office regarding your concerns.

You can initiate your complaint by clicking here.


If you have any questions about this Policy, the Terms of Use, or any data that we keep pertaining to you, or if you would like to exercise one of your data protection rights or have questions about the rights, please do not hesitate to contact us.


Phone: 833-825-6261


This Privacy Policy was last updated on May 1, 2024.

About Our Partnership with TowneBank Mortgage

At GoVA, we’re proud to partner with a lender that delivers peace of mind to those who have served and continue to serve our county. Together, GoVA and TowneBank Mortgage are committed to helping our military service members achieve their dreams of homeownership, as well as providing them with valuable resources along the way. As experienced lenders, TowneBank Mortgage understands the need for a quick and easy mortgage process, especially during life’s transitional moments. Headquartered in Norfolk, just miles from the world’s largest naval base, TowneBank Mortgage has had the honor of helping thousands of military families through their VA loan offerings. Their team is knowledgeable about VA products and the local market, and in-house operations allow them to respond to questions and concerns in a timely manner. Together, we can get you to closing in 30 days or less. Trust TowneBank Mortgage and GoVA loans to get you home.

Click the button below
to begin your application.