Privacy Policy

1. Introduction

Foreclosure Recovery Inc., a Wyoming corporation doing business as My State Funds ("Company," "we," "our," or "us"), respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes the types of information we collect, how we use and protect that information, the circumstances under which we may share it, and your rights regarding your personal data.

We provide asset recovery and claims administration services through our website at mystatefunds.com (the "Website"). This policy applies to all personal information collected through the Website, via email, telephone, postal mail, in-person interactions, or any other means in connection with our services.

By using our Website or services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with any part of this policy, please do not use our Website or services.

2. Scope of This Policy

This Privacy Policy covers all personal information collected by Foreclosure Recovery Inc. through the My State Funds website, related services, and all communications channels. It does not apply to third-party websites linked from our site, third-party services we recommend (such as attorneys or Private Investigators), or information collected by state agencies during the claims process once we submit your claim.

We encourage you to review the privacy policies of any third-party websites you visit and any state agencies you interact with during the claims process.

3. Information We Collect

We collect several categories of personal information depending on your interactions with us:

Identity Information: Full legal name, maiden name or former names, date of birth, Social Security Number (last four digits, or full SSN when required by a state agency for claim processing), government-issued photo identification (driver's license, passport, state ID).

Contact Information: Email address, telephone number(s), mailing address, and any alternate addresses associated with the unclaimed property.

Property Information: Property addresses associated with your claim, parcel numbers, mortgage account numbers, deed records, foreclosure case numbers, tax sale references, and other identifiers related to the unclaimed property.

Financial Information: Bank account information (for direct deposit of recovered funds), payment information, and records of disbursements made to you.

Estate and Heir Information: Death certificates, probate records, wills, trust documents, letters testamentary, affidavits of heirship, and related documentation for heir claims.

Technical Information: IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited on our Website, time and date of visits, and general geographic location (city/state level, derived from IP address).

Communication Records: Emails, phone call records, chat transcripts, and any other correspondence between you and our team.

4. How We Collect Information

We collect information through several methods:

• Directly from you: When you search for unclaimed property on our Website, submit a claim form, sign a Recovery Agreement, contact us by phone or email, or provide documentation for your claim.
• From public records: We access publicly available databases maintained by state treasurers, comptrollers, courts, and county recorders to identify potential unclaimed property and verify claim information. This information is publicly accessible.
• From state agencies: State agencies may provide information about your claim status, the property being held, and any additional documentation requirements.
• From third-party service providers: Licensed Private Investigators, skip-trace services, and data verification services may provide information necessary to locate potential claimants or verify identity and ownership.
• Automatically: Through cookies, web beacons, and similar technologies when you visit our Website (see Cookies and Tracking section below).

5. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to improve your experience and analyze Website usage. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the Website to function properly, including session management, security, and form submission. These cannot be disabled.
• Analytics Cookies: We use Umami Analytics (a privacy-focused, open-source analytics platform that we self-host) to understand how visitors use our Website. Umami does not use cookies, does not collect personal data, and does not track users across websites. All analytics data is aggregated and anonymous.
• Authentication Cookies: If you create an account or log in to check your claim status, authentication cookies maintain your session.

We do NOT use advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not share your browsing data with advertising networks. We do not participate in behavioral advertising programs.

You can control cookies through your browser settings. Disabling strictly necessary cookies may affect the functionality of our Website.

6. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To search for, identify, verify, and recover unclaimed property on your behalf. This is our primary use of your data.
• Claim Processing: To prepare and file claim forms, gather and organize documentation, communicate with state agencies, and track claim status.
• Identity Verification: To confirm that you are the rightful owner or legal heir of the unclaimed property, and to prevent fraudulent claims.
• Communication: To contact you about your claim status, to respond to your inquiries, and to send service-related notices. We may communicate via email, phone, text message, or postal mail based on your preferences.
• Legal Compliance: To comply with applicable federal, state, and local laws, regulations, and legal processes, including anti-fraud, anti-money laundering, and identity theft prevention requirements.
• Service Improvement: To improve our Website, services, and internal processes based on aggregated, anonymized usage data.
• Record Keeping: To maintain accurate records of claims, agreements, communications, and transactions as required by law and our internal policies.

We do NOT use your information for: targeted advertising, selling to data brokers, marketing unrelated products or services, or any purpose unrelated to our asset recovery services and the legitimate operation of our business.

7. Legal Basis for Processing

We process your personal information under the following legal bases:

• Contractual Necessity: Processing is necessary to perform our obligations under the Recovery Agreement you signed with us, including searching for property, filing claims, and disbursing funds.
• Consent: Where we rely on your consent (such as for optional marketing communications), you may withdraw consent at any time by contacting us.
• Legal Obligation: Processing is necessary to comply with applicable laws, such as tax reporting requirements, anti-fraud regulations, and state unclaimed property laws.
• Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and maintaining security, provided these interests are not overridden by your privacy rights.

8. Information Sharing

We do NOT sell your personal information. We do NOT share your information with third parties for their own marketing purposes. We share your information only in the following limited circumstances:

• State Government Agencies: We submit your claim information, identification documents, and supporting documentation to the state agency holding your unclaimed property. This sharing is necessary to process your claim and is authorized by your Recovery Agreement and Power of Attorney.
• Licensed Professionals: When required by the complexity of your claim or by state law, we may share information with licensed Private Investigators (for skip-tracing and identity verification), attorneys (for claims requiring legal representation), and notaries (for document notarization). All such professionals are bound by confidentiality agreements.
• Service Providers: We use a limited number of service providers to support our operations (see Third-Party Service Providers section below). These providers are contractually prohibited from using your data for any purpose other than providing services to us.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have regarding your information.

9. Third-Party Service Providers

We use the following categories of third-party service providers, each bound by data processing agreements and confidentiality obligations:

• Cloud Hosting: Our Website and databases are hosted on secure cloud infrastructure with data centers located in the United States.
• Authentication: We use Clerk for secure user authentication and session management. Clerk processes your email address and authentication credentials.
• Email Communications: We use secure email services for claim-related communications. Transactional emails (claim updates, status notifications) are sent through our business email provider.
• Analytics: We use self-hosted Umami Analytics, which collects no personal data and places no cookies. All analytics data is aggregated and anonymous.
• Document Storage: Claim documents are stored in encrypted, access-controlled storage systems. We use AES-256 encryption for data at rest and TLS 1.3 for data in transit.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers on our Website.

10. Data Security Measures

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (256-bit SSL). Sensitive data stored in our databases is encrypted at rest using AES-256 encryption.
• Access Controls: Access to personal information is restricted to authorized employees and contractors who need the information to perform their job duties. All access is logged and audited.
• Authentication: Multi-factor authentication is required for all staff accessing client data systems.
• Network Security: Our infrastructure is protected by firewalls, intrusion detection systems, and continuous monitoring. We conduct regular security assessments and vulnerability scans.
• Employee Training: All employees receive training on data privacy, security practices, and incident response procedures.
• Physical Security: Documents containing personal information are stored in locked, access-controlled facilities. Physical documents are shredded when no longer needed.

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. If you have reason to believe your information has been compromised, contact us immediately at [email protected].

11. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Active Claims: For the duration of the claims process plus six (6) years after claim resolution, to comply with state record-keeping requirements and statute of limitations periods.
• Recovery Agreements: For seven (7) years after the agreement is terminated or fully performed, consistent with IRS record-keeping requirements for financial transactions.
• Search Records: Basic search data (name, state searched) is retained for 90 days to facilitate follow-up and prevent duplicate outreach. After 90 days, search data is anonymized or deleted.
• Communication Records: Email and phone records are retained for three (3) years after the last communication, or longer if required for an active claim or legal matter.

After the applicable retention period, personal information is securely deleted or irreversibly anonymized. You may request early deletion of your data, subject to our legal and regulatory obligations (see Your Rights sections below).

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected individuals within the timeframe required by applicable state law (ranging from 30 to 90 days depending on the state, or "without unreasonable delay" in states without specific timeframes)
• Notify the applicable state attorney general's office as required by law
• Provide details about the breach, including the type of information compromised, the date of the breach, and steps we are taking to mitigate harm
• Offer appropriate remediation measures, which may include credit monitoring services, identity theft protection, or other measures depending on the nature and severity of the breach

We comply with breach notification laws in all 50 US states, the District of Columbia, and all US territories. All states now have breach notification statutes, and we follow the most protective requirements applicable to each affected individual.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business purpose for collecting it, and the categories of third parties with whom we shared it.
• Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (such as completing a transaction, complying with a legal obligation, or maintaining security).
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do NOT sell or share personal information as defined by the CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information (such as Social Security Numbers) to only what is necessary to provide the services you requested.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive different prices, quality of service, or level of access for exercising your rights.

To exercise these rights, contact us at [email protected], call (888) 545-8007, or submit a request through our Website. We will verify your identity before processing any request. We respond to verifiable consumer requests within 45 days, as required by law.

Categories of personal information collected in the preceding 12 months: Identifiers (name, address, email, phone, SSN last 4); personal information under Cal. Civ. Code 1798.80 (name, address, phone); financial information (bank account for fund disbursement); internet activity (pages visited, search queries); geolocation data (city/state from IP address).

We have NOT: Sold personal information to any third party; shared personal information for cross-context behavioral advertising; used or disclosed sensitive personal information for purposes other than those specified in CCPA 1798.121(a).

14. Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the following rights under the VCDPA:

• The right to confirm whether we are processing your personal data and to access that data
• The right to correct inaccuracies in your personal data
• The right to delete personal data you provided to us or that we obtained about you
• The right to obtain a copy of your personal data in a portable, readily usable format
• The right to opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects

To exercise these rights, contact us at [email protected]. We will respond within 45 days. If we deny your request, you have the right to appeal. If we deny your appeal, you may file a complaint with the Virginia Attorney General.

15. Colorado Privacy Act (CPA)

Colorado residents have rights similar to those under the CCPA and VCDPA, including the right to access, correct, delete, and obtain a portable copy of personal data, and the right to opt out of targeted advertising, sale of personal data, and certain profiling activities. Colorado residents may also designate an authorized agent to act on their behalf.

We honor universal opt-out mechanisms recognized under the CPA, including Global Privacy Control (GPC) signals. If our systems detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale of personal data and targeted advertising.

16. Other State Privacy Laws

We comply with all state-level consumer privacy statutes currently in effect across the United States. In addition to California, Virginia, and Colorado, the following states have enacted comprehensive consumer privacy laws, and residents of these states may exercise the rights provided under their respective statutes:

• Connecticut (CTDPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling. Response time: 45 days.
• Utah (UCPA): Right to access, delete, and port data; right to opt out of sale and targeted advertising. Response time: 45 days.
• Texas (TDPSA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling. Small business exemptions may apply.
• Oregon (OCPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling. Includes nonprofit organizations.
• Montana (MCDPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling.
• Tennessee (TIPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling. 60-day cure period for violations.
• Indiana (ICDPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling.
• Iowa (ICDPA): Right to access, delete, and port data; right to opt out of sale and targeted advertising. Response time: 90 days.
• Delaware (DPDPA): Right to access, correct, delete, and port data; right to opt out of sale, targeted advertising, and profiling.
• New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Kentucky, Rhode Island: Similar comprehensive privacy frameworks with standard consumer rights. Contact us for state-specific details.

Regardless of your state of residence, we extend the following rights to all users: the right to know what data we hold about you, the right to request correction of inaccuracies, the right to request deletion (subject to legal retention requirements), and the right to opt out of any non-essential data processing. Contact [email protected] to exercise any of these rights.

17. Do Not Sell or Share My Personal Information

We do NOT sell your personal information to any third party. We do NOT share your personal information for cross-context behavioral advertising. We do NOT use your information for targeted advertising purposes.

Because we do not engage in the sale or sharing of personal information as defined by applicable state privacy laws, no opt-out mechanism is required. However, if you wish to confirm our practices or have any concerns, you may contact us at any time at [email protected].

We honor Global Privacy Control (GPC) and Do Not Track (DNT) signals from your browser as valid opt-out signals for any future data sharing, consistent with the requirements of applicable state laws.

18. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions that set a higher threshold). If we discover that we have collected personal information from a child under the applicable age threshold, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided personal information to us, contact us immediately at [email protected] and we will take steps to remove the information from our systems.

19. International Visitors

Our services are designed for and directed to residents of the United States. If you are accessing our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your country. By using our services, you consent to the transfer of your information to the United States.

We do not specifically target or market to residents of the European Economic Area (EEA), United Kingdom, or other jurisdictions outside the United States. If you are subject to the General Data Protection Regulation (GDPR) and wish to exercise rights under that regulation, contact us and we will make reasonable efforts to accommodate your request.

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or operational requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, for existing clients with active claims, send an email notification at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Website or services after any changes constitutes acceptance of the revised policy. If you do not agree with the revised policy, please discontinue use of our Website and contact us to discuss the handling of your existing data.

21. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

If you are not satisfied with our response to a privacy concern, you may file a complaint with your state's Attorney General or applicable data protection authority.