Privacy Policy
MoneySweep is a private aggregation service that compiles publicly available unclaimed-property and benefit databases. This policy describes what we collect, how we use it, who we share it with, and your rights.
Sections
1. Scope and definitions
This policy applies to moneysweep.co, guide.moneysweep.co, and any subdomains, sub-pages, emails, and PDF resources we publish. It does not apply to third-party government agency websites we link to, which have their own policies.
"Personal information" means information that identifies, relates to, describes, or could reasonably be linked with you, as defined under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020), and equivalent definitions under other privacy laws applicable to where you live.
2. What we collect
We collect only what you provide voluntarily and what is required to operate the service.
From watchlist signup (guide.moneysweep.co)
- First name (optional, used for personalization)
- Email address (required)
- State of residence (optional, used to flag state-specific updates)
- IP address and basic browser metadata at moment of submission (fraud prevention, audit trail)
- UTM parameters and referrer URL if present (attribution analytics)
From email engagement
- Open and click events (to improve content relevance and honor unsubscribe preferences)
- Bounce and complaint events (to maintain sender reputation)
What we do not collect on this site
- Social Security numbers
- Banking credentials or account numbers
- Payment card information (handled exclusively by our payment processor when the paid product launches)
- Driver's license, passport, or other government ID numbers
- Health, biometric, or genetic information
- Precise geolocation data
3. How we use it
We use the information we collect to:
- Deliver the resources you requested (the protection report PDF, future issues of MoneySweep Watch, the paid product when it launches)
- Send protective updates that match the topics you signed up for
- Honor your communication preferences and unsubscribe requests
- Detect, investigate, and prevent fraud, abuse, or illegal activity
- Comply with legal obligations (subpoenas, court orders, regulatory requests)
- Conduct aggregate analytics that contain no personally identifiable information
We do not use your information to train AI/ML models, build third-party advertising profiles, or sell to data brokers.
4. How we share it
We do not sell, rent, or trade your personal information. We share information only in the following narrow situations:
- Service providers who process data on our behalf under standard data processing agreements (see Vendors below).
- Legal compliance: when required by law, subpoena, court order, or to protect the rights, property, or safety of MoneySweep, our users, or the public.
- Business transfer: if MoneySweep is acquired or merged, your information may be transferred to the acquirer subject to this policy. We will notify affected users via email at least 30 days before any such transfer takes effect, where the law allows.
5. Categories of service providers
We use third-party service providers to operate the service. Each receives only the minimum information required to perform its function under standard data processing agreements. We disclose the categories below; specific vendor names are kept confidential for operational security.
| Category | Function | Information shared |
|---|---|---|
| Database and authentication infrastructure | Storing account information, processing sign-in, running serverless functions | All personal information (encrypted at rest) |
| Transactional and marketing email delivery | Sending account, security, and update emails | Email address, first name, engagement events |
| Network security and content delivery | DNS, web application firewall, bot detection, edge caching | IP address, browser metadata at request time |
| Application hosting | Serving the website and authenticated app | IP address, browser metadata at request time |
| Payment processing (paid product, post-launch) | Processing subscription payments and refunds | Name, email, payment method handled directly by processor |
If you need the specific identity of any service provider for a privacy or security request, contact privacy@moneysweep.co and we will provide it under a confidentiality understanding.
6. Cookies and tracking
We use a minimal set of first-party cookies and similar technologies:
- Session cookies: to keep you signed in. Expire when you close your browser or after inactivity.
- Preference cookies: to remember settings like your unsubscribe link click. Persistent up to 1 year.
- Anti-fraud cookies: Cloudflare Turnstile (form anti-bot). Per-request, not persistent.
We do not use third-party advertising cookies on this site. We do not participate in any advertising network's audience matching or retargeting on the marketing site. The Meta Pixel is loaded only inside the authenticated paid app (when launched), and only after explicit consent, with an option to opt out without losing access.
7. Data retention
- Active subscribers: data retained while subscription is active, plus 90 days for offboarding.
- Unsubscribed contacts: contact record retained for compliance audit (CAN-SPAM, CCPA consent history) and purged on user request, or after 5 years, whichever is earlier.
- Payment records: retained for 7 years per IRS recordkeeping rules.
- Aggregate analytics with no personally identifiable information: may be retained longer for trend analysis.
- Backups: encrypted backups are retained on a 30-day rolling window. Data deletion requests are honored in active databases immediately and propagated to backups within 30 days.
8. Security measures
- Encryption at rest with AES-256 (database, backups)
- Encryption in transit with TLS 1.3 only; HSTS preloaded
- Passwordless authentication via verified-domain magic link
- Role-based access control with least-privilege principle
- Audit log of every administrative action retained for 7 years
- Annual third-party security review (planned, post-launch)
- Incident response: confirmed breach affecting your data will be notified to you within 72 hours, in compliance with CCPA, GDPR, and applicable state breach notification laws
9. Your rights
If you live in California (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, disclose, and sell or share
- Access a copy of your personal information
- Delete your personal information (with limited legal exceptions)
- Correct inaccurate personal information
- Opt out of sale or sharing of personal information (we do not sell or share, but you may exercise the right anyway via /ccpa)
- Limit use of sensitive personal information (we do not collect sensitive PI on this site)
- Non-discrimination for exercising any of these rights
To exercise: email privacy@moneysweep.co. We respond within 45 days. We may extend by another 45 days with notice.
If you live in the EU/UK (GDPR / UK GDPR)
You have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. The lawful bases we rely on are: consent (for marketing), contract (for delivering the service you signed up for), and legitimate interest (for fraud prevention and security). You can withdraw consent at any time without affecting prior processing.
You also have the right to lodge a complaint with your supervisory authority. Email privacy@moneysweep.co to exercise rights.
If you live in another US state with a privacy law (CO, CT, VA, UT, OR, TX, etc.)
You have rights substantially similar to California. Same email contact, same response window.
Universal: opt-out signals
We honor the Global Privacy Control (GPC) signal as a request to opt out of sale/sharing for browsers that send it.
10. Children and minors
MoneySweep is not directed at children under 18 and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact privacy@moneysweep.co and we will delete it promptly.
11. Changes to this policy
Material changes will be notified to active subscribers via email at least 14 days before they take effect. Non-material changes (formatting, clarifications, vendor list updates) will be reflected here without separate notice but will be timestamped in the meta line at the bottom of this page.
12. Contact
- General privacy: privacy@moneysweep.co
- Security disclosure: security@moneysweep.co
- Data Protection Officer: privacy@moneysweep.co (DPO designation pending formal launch)
- EU representative: to be designated before launching in EU markets, in compliance with GDPR Article 27
- Postal: Address to be published before paid product launch.