myMoneyBot
Working on it
Search Testimonials
Learn
How It Works About Us Cities FAQ Contact Us
Account
Log In Sign Up Free

Privacy Policy

Version 1.0  ·  Effective date: April 16, 2026

1. Who We Are

myMoneyCA LLC is a California limited liability company operating a California unclaimed property search and claims filing service at mymoneyca.com. We are a registered California State Controller's Office (SCO) Investigator, licensed to file unclaimed property claims on behalf of clients under California law.

myMoneyCA is independent and is not affiliated with, endorsed by, or operated by the California State Controller's Office.

Privacy contact:
Christopher Lo, Founder & CEO
Email: clo@mymoneyca.com
Mail: 703 Red Barn Pl, Lathrop, CA 95330

2. What Data We Collect and Why

We collect only the information we need to operate your account, search for your unclaimed property, and file your claim with the SCO. Each category below lists what we collect, where it is stored, how we use it, and how long we keep it.

2.1 Account Registration Data

  • What: first name, last name, email address, phone number, password (hashed using Werkzeug — never stored in plaintext).
  • Collected at: signup.
  • Stored in: our PostgreSQL account database, hosted by Render in the United States.
  • Purpose: account creation, authentication, account recovery.
  • Retention: life of your account plus 30 days after a deletion request.

2.2 Search Data

  • What: names searched, addresses searched, ZIP codes, and timestamps.
  • Stored in: PostgreSQL on Render.
  • Purpose: returning search results and supporting the Search Again feature on your dashboard.
  • Retention: the last 10 searches per user. Older searches are auto-purged. You may delete any saved search at any time from your dashboard.

2.2a Aggregate Search Analytics

  • What: name, city, ZIP, search type, result count, and timestamp of each search submission. Your IP address is truncated to a 24-bit network prefix before storage (the last 8 bits are dropped) so individual users cannot be identified from this log. We never store Social Security numbers in this log — only a boolean flag indicating one was supplied during the search.
  • Stored in: PostgreSQL on Render. Separate table from your per-user search history (Section 2.2).
  • Purpose: service quality (identifying searches that return zero results so we can improve our matching), abuse and scraper detection, and aggregate analytics on what California unclaimed property is searched for.
  • Retention: 90 days, then automatically purged. Aggregate statistics derived from this data (e.g., "the top 10 most-searched cities last month") may be retained indefinitely in deidentified form.

2.3 Claim Data

  • What: property details, claim status, timestamps, your myMoneyCA claim number, date of birth, current mailing address on file, and audit trail for your electronic signature on the myMoneyCA Fee Agreement (IP address and browser user-agent at the moment of signing, per the federal ESIGN Act and California Uniform Electronic Transactions Act).
  • Stored in: PostgreSQL on Render.
  • Purpose: managing the filing of your claim with the SCO and maintaining the audit trail required of a registered SCO Investigator.
  • Retention: 4 years after claim closure (warrant issuance for approved claims, final denial for denied claims, or cancellation date for cancelled claims). This is the statute of limitations for a written services agreement under California Code of Civil Procedure §337(a). During this window, the claim record is our authoritative evidence of the services we performed under your signed Fee Agreement. After 4 years we purge the claim record or deidentify it to aggregate statistics.

2.4 Identity Verification Documents

These items are collected only at Stage 2 of the claim flow. They are never stored in our application database.

  • What: your Social Security Number (SSN), government-issued photo ID, proof of SSN, proof of address, and your signed SCO Claim Affirmation Form.
  • Transmitted: server-side from our Flask application to Cloudflare R2. We never issue direct-to-browser upload URLs. Your browser sends the file to our server; our server sends the file to R2.
  • Stored in: Cloudflare R2, Western North America (WNAM) region, in a private bucket (mymoneyca-claims-pii). Contents are encrypted at rest by Cloudflare and are never publicly accessible. Our staff retrieves these files only via short-lived (1 hour max) signed URLs generated server-side, with every generation logged in our internal audit trail.
  • Purpose: required by the SCO to process your unclaimed property claim. Submitted to the SCO on your behalf as your authorized investigator.
  • Retention: automatically destroyed 90 days after your claim reaches a final disposition (Complete, Final Denial, or Cancellation). This 90-day window is shorter than the California Code of Civil Procedure §337(a) four-year ceiling for written-contract disputes — a deliberate choice under the California Privacy Rights Act data-minimization principle (Cal. Civ. Code §1798.100(c)). Our contractual defense is carried by the signed Fee Agreement and its e-signature audit trail (retained four years, see Section 2.5), not by the underlying identity documents. Governed by Cloudflare's Data Processing Addendum (Version 6.4, dated April 3, 2026) at cloudflare.com/cloudflare-customer-dpa.

2.5 Claim Filing Documents

  • What: the fully-executed Fee Agreement, the fully-executed SCO Investigator Agreement, your signed SCO Claim Form, filing packets we produce on your behalf, and SCO correspondence we receive on your claim. Signed PDFs carry an embedded e-signature audit trail (IP address, browser user-agent, timestamp, cryptographic hash, and an RFC-3161 trusted timestamp from DigiCert).
  • Stored in: Cloudflare R2, WNAM, in a private bucket (mymoneyca-claims-docs). Same access controls as 2.4.
  • Purpose: SCO Investigator compliance recordkeeping, dispute resolution, and e-signature evidentiary preservation.
  • Retention: 4 years from signing of each document (4 years from Fee Agreement execution, 4 years from Investigator Agreement execution, 4 years from your signing of the SCO Claim Form). Under the federal ESIGN Act (15 U.S.C. §7001(d)) and the California Uniform Electronic Transactions Act (Cal. Civ. Code §1633.12(a)), the signed record must be preserved in its original executed form for the applicable records-retention period. The controlling period is the California Code of Civil Procedure §337(a) four-year statute of limitations for written-contract claims. We do not redact personally identifiable information from signed PDFs during the retention window, because doing so would break the cryptographic seal that binds your signature to the document. After 4 years the signed PDF and its paired audit trail are purged together.

2.6 Payment Data

  • We do not charge you upfront. When post-recovery proceeds are processed, Stripe is our payment processor. myMoneyCA does not store card numbers or payment credentials. Stripe's handling of payment data is governed by stripe.com/privacy.

2.7 Communications Data

  • What: email inquiries you send us.
  • Purpose: responding to your inquiries.
  • Retention: 2 years after the last message in the thread.

2.8 Technical Data

  • What: IP address, browser user-agent, pages visited, session data, login events, failed authentication attempts, admin actions, deletion-request processing logs.
  • Purpose: security, fraud prevention, account-takeover detection, and service operation. Permitted under Cal. Civ. Code §1798.105(d)(2) (detection of security incidents and fraud).
  • Retention: 1 year baseline. May be extended to 2 years where the log entry supports a concrete security or fraud-detection purpose. After expiration, entries are hard-purged. This category is distinct from the e-signature audit trail in Section 2.5, which is retained 4 years and is co-terminous with the signed PDF it belongs to.

2.9 MoneyBot Chat Interactions

  • What: messages you send to our AI assistant (MoneyBot) during a chat session.
  • Stored in: not stored on myMoneyCA servers. Chat history lives only in your browser during the session. Each time you send a new message, your browser transmits the prior messages back to our server so we can forward them to Anthropic (see Section 3). Closing the chat window or navigating away clears the history from your browser.
  • Purpose: powering the MoneyBot AI assistant.
  • Retention (myMoneyCA side): zero persistent retention. Anthropic's retention of API content is governed by their Commercial Terms (see Section 3). Do not include Sensitive Personal Information (SSN, government ID numbers, date of birth) in chat messages.

2.10 Retention Summary

The table below consolidates the retention period for every data category above, per the California Privacy Rights Act §1798.130(a)(5) disclosure requirement.

Category Retention period Trigger / start
Account registration (2.1)Life of account + 30 days after deletion requestLast login / deletion request
Inactive account (no claim filed)12 months of inactivity, with a reactivation notice at month 11Last login / last activity
Search history (2.2)Last 10 per user; older entries auto-purged. Delete any time from your dashboard.Search timestamp
Aggregate search analytics (2.2a)90 days rolling. Anonymized at write time (IP /24, no SSN values).Search timestamp
Claim metadata (2.3)4 years after claim closure (CCP §337(a))Warrant issuance, final denial, or cancellation
Identity verification documents (2.4) — SSN, gov ID, proof of SSN, proof of address90 days after final disposition (deliberately tighter than CCP ceiling)Complete, final denial, or cancellation
Signed PDFs + e-signature audit trail (2.5)4 years from signing (ESIGN / UETA / CCP §337(a))Signing event
Payment data (2.6) — StripeNot retained by myMoneyCA; governed by Stripe's privacy noticeTransaction
Communications (2.7) — email threads2 years after last message in threadLast message timestamp
Technical / security logs (2.8)1 year baseline; up to 2 years for active security or fraud investigationsEvent timestamp
MoneyBot chat (2.9)Zero on myMoneyCA; Anthropic retention governed by their termsn/a
Deletion-request audit record24 months (CCPA verifiable-request log)Request date

Litigation and regulatory holds. If we receive a legal claim, subpoena, regulatory inquiry, or similar notice, we may suspend the automated purge schedule for affected records until the hold is released. This is necessary to preserve evidence and is authorized under the litigation-hold exception to the data-minimization principle in Cal. Civ. Code §1798.100(c).

3. Third-Party Data Processors

We use the following service providers to operate myMoneyCA. Each processes data only for the purposes stated and under contractual obligations to protect your information.

  1. RenderCloud hosting & database. Application hosting and PostgreSQL. Processes all personal information stored in our primary datastore, including Sensitive Personal Information indirectly by reference. United States.
  2. Cloudflare R2Cloud storage & infrastructure. Document storage for identity verification documents (mymoneyca-claims-pii, processes SPI) and signed claim filings (mymoneyca-claims-docs). United States (WNAM region). Governed by the Cloudflare Data Processing Addendum Version 6.4, April 3, 2026.
  3. DigiCertE-signature infrastructure. RFC-3161 Trusted Timestamp Authority for the PAdES seals applied to signed PDFs. Only a cryptographic hash of the document is transmitted; no personal information is sent to DigiCert.
  4. StripePayment processing. Handles post-recovery proceeds when that feature is active. Stripe is a separate CCPA-covered business and applies its own privacy policy; stripe.com/privacy. (Not yet active; will be disclosed here when activated.)
  5. Google (Places API)Address verification. When you type an address, the partial text is forwarded to Google's Places API to return suggestions. Subject to Google's Privacy Policy.
  6. Google (reCAPTCHA)Automated-abuse prevention. Used on login, signup, and password-reset pages. May collect hardware and software information from your device. Subject to Google's Privacy Policy and Terms of Service.
  7. AnthropicCustomer support & AI processing. Powers our MoneyBot AI assistant via the Claude API. If you use MoneyBot, the text of your message is sent to Anthropic. Do not include Sensitive Personal Information (SSN, government ID numbers, date of birth) in chat messages. Anthropic's Commercial Terms prohibit using customer inputs to train their models.
  8. Gmail / Google SMTPTransactional email delivery. Account creation, password reset, and claim status updates.

We do not sell, rent, or trade your personal information. We do not share your information with advertisers, data brokers, or marketing partners.

4. Data Security

  • All traffic between your browser and our servers, and between our servers and Cloudflare R2, is encrypted in transit with TLS.
  • Documents stored in Cloudflare R2 are encrypted at rest by Cloudflare. Buckets are private and never publicly accessible.
  • Passwords are hashed with Werkzeug before storage. We never store or log plaintext passwords.
  • Sensitive credentials (database password, R2 access keys, API keys) live only in environment variables on our hosting provider and are never committed to source control or included in log output.
  • Your Social Security Number is never written to our PostgreSQL database, never written to any application log, never displayed in the administrative interface, never included in a URL, and never passed to our AI assistant. Its only location in our infrastructure is inside the supporting documents you upload to R2.
  • Administrative document access uses short-lived signed URLs (1 hour maximum). Every signed URL generated is logged with the admin's identity, timestamp, claim ID, document type, and object key.
  • Cross-site request forgery (CSRF) protection is enforced on every state-changing form in the application.
  • Access to user data is restricted to authorized myMoneyCA personnel only, using account-level access controls on both Render and Cloudflare.

Incident response. We maintain a written incident-response playbook with step-by-step procedures for detection, containment, notification, and post-incident review. In the event we identify unauthorized access to your personal information, we will investigate promptly, contain the issue, and notify affected California residents and the California Attorney General in accordance with California Civil Code §1798.82. Where the breach involves your Social Security Number or government identification, we will notify within the 72-hour window that section §1798.82 imposes for those identifiers.

No method of transmission or storage is 100% secure. While we use reasonable industry-standard measures to protect your information, we cannot guarantee absolute security.

5. Cookies and Local Storage

myMoneyCA uses only session cookies required for you to stay logged in. We do not use advertising cookies, third-party analytics cookies, or tracking cookies.

We use browser localStorage to save your dark/light mode preference. This preference stays on your device and is never transmitted to our servers.

Google reCAPTCHA (on login, signup, and password-reset pages) may set its own cookies to verify that you are not a bot. Those cookies are managed by Google under Google's Privacy Policy.

6. Children's Privacy

myMoneyCA is not directed at individuals under 18 years of age. Our service requires entering into a fee agreement, which requires the user to be an adult capable of entering a contract under California law. We do not knowingly collect personal information from anyone under 13 (as defined by the Children's Online Privacy Protection Act). If you believe we have collected information from a child under 13, please contact us immediately at clo@mymoneyca.com and we will delete it.

7. California Residents — Your CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights regarding your personal information:

  • Right to Know. You may request a report of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we have shared it.
  • Right to Delete. You may request deletion of the personal information we have collected from you, subject to exceptions (for example, information we must retain to complete an active SCO filing or to meet our investigator recordkeeping obligations).
  • Right to Correct. You may request that we correct inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing. We do not sell or share your personal information for cross-context behavioral advertising. This right is already honored by default; there is nothing for you to opt out of.
  • Right to Limit the Use and Disclosure of Sensitive Personal Information. Under CPRA, SSN and government identification are categories of Sensitive Personal Information. We use these categories only for the purpose of filing your unclaimed property claim with the SCO — never for advertising, profiling, or any secondary purpose. This limitation is built into our practices; no separate request is needed.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.

How to submit a privacy request. You may submit a request by either of the two methods below:

  • Email clo@mymoneyca.com with the subject line "Privacy Request" and a description of the request.
  • Mail a written request to myMoneyCA LLC, 703 Red Barn Pl, Lathrop, CA 95330.

We may require you to verify your identity before fulfilling the request so we can protect your information from unauthorized access. We will respond within 45 days of receiving a verifiable request; if we need more time, we will let you know and explain why.

If you authorize an agent to make a request on your behalf, we may require written proof of the authorization and verification of the agent's identity.

Layered deletion. When you submit a verified deletion request, we immediately purge your live account profile and any information not covered by an enumerated retention exception. Certain categories are lawfully retained beyond the immediate-purge step under Cal. Civ. Code §1798.105(d). When that applies, we will tell you which categories are retained, cite the specific exception, and automatically purge each category when its retention window closes. The retained categories are:

  • Signed PDFs (Fee Agreement, Investigator Agreement, SCO Claim Form) and their paired e-signature audit trails — retained under §1798.105(d)(8) (legal obligation: ESIGN Act / Cal. Civ. Code §1633.12 accurate-reflection requirement) until the 4-year CCP §337(a) window closes.
  • Claim metadata (claim number, SCO Property ID, SCO Claim ID, status history, amounts) — retained under §1798.105(d)(1) during an active claim and §1798.105(d)(8) for the remainder of the 4-year window.
  • Live Sensitive Personal Information (SSN, date of birth, government ID) when the claim is still active — retained under §1798.105(d)(1) (necessary to complete the transaction) for the applicable window (90 days for identity documents in Section 2.4; see table in Section 2.10).
  • Security logs containing your IP / user-agent — retained under §1798.105(d)(2) (detection of security incidents and fraud) for 1 year (extendable to 2 years for active investigations).
  • A confidential record of the deletion request itself — retained for 24 months per CCPA verifiable-request logging norms.

Litigation and regulatory holds. If we receive a legal claim, subpoena, regulatory inquiry, or similar notice, we may suspend the automated purge schedule for records relevant to that matter until the hold is released. This is required to preserve evidence and is authorized under the litigation-hold exception to the data-minimization principle in Cal. Civ. Code §1798.100(c).

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by posting a notice at the top of this page for at least 30 days. Your continued use of myMoneyCA after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We will always keep the prior version accessible on request.

9. Contact Us

For privacy-related questions, requests, or concerns:

myMoneyCA LLC
703 Red Barn Pl, Lathrop, CA 95330
Email: clo@mymoneyca.com
Website: mymoneyca.com

Hi! I'm myMoneyBot — ask me anything about your unclaimed property!