Privacy Policy

Effective date: October 23rd, 2025

We are committed to protecting the privacy of your personal information. This Privacy Policy outlines our practices for the collection, use, and disclosure of your data as we assist you in locating and recovering unclaimed funds in Australia. Our approach to privacy is guided by the principles of transparency and security, ensuring your information is handled with the utmost care and respect. By engaging with our services, you agree to the terms and conditions set forth in this policy. We encourage you to read this document in its entirety to understand how we safeguard your information and uphold our commitment to your privacy.

1. Collection and Use of Personal Data

We collect personal data from you to provide our core service of finding and returning unclaimed money. This includes but is not limited to your full legal name, contact details such as your address, phone number, and email address, and financial identifiers necessary for verifying your identity and processing a refund. We may also collect details of your past and present associations with financial institutions or government bodies to facilitate our search for your unclaimed funds. This data is collected primarily through direct interactions with you via our website forms, email correspondence, or telephone calls. We use this information to search various government and corporate databases on your behalf to identify unclaimed assets, verify your identity as the rightful owner, and communicate with you about the status of your claim. The collection of your data is strictly limited to what is necessary to fulfil these purposes. We do not use your personal information for any purpose beyond the scope of our agreement with you, unless we have obtained your explicit consent to do so. Our services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a minor without the consent of a parent or guardian, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so we can take the necessary action. We believe it is crucial to protect the privacy of children and will take all reasonable measures to do so.

2. Data Sharing with Third Parties

In the course of providing our services, it is necessary to share your personal information with third parties. We share your data with government bodies, financial institutions, superannuation funds, and other organizations in Australia that may hold unclaimed funds. This disclosure is essential for the purpose of submitting and processing a claim on your behalf. We may also engage third-party service providers to assist with data processing, website hosting, or other operational functions. These third parties are contractually bound, and we vetted for their security practices and require robust contractual agreements that go beyond a basic confidentiality clause to maintain the confidentiality and security of your personal data thus prohibiting them from using it for any purpose other than what is specified by us. We will not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is shared only to the extent required to execute our service and comply with legal or regulatory obligations.

3. User Rights and Data Portability

You have several rights regarding your personal data under various international privacy laws, including the GDPR, CCPA, and PIPEDA. These rights include the right to access your personal data, the right to correct any inaccuracies, and the right to request the deletion of your data under certain circumstances. You also have the right to request a copy of your personal data in a portable format. To exercise any of these rights, you may submit a verifiable request to us via the contact information provided at the end of this policy. We will respond to your request in accordance with the timeframes and procedures mandated by the applicable privacy laws. In some cases, we may be legally required to retain certain information even after a deletion request, such as for regulatory compliance or to complete a transaction. We will inform you of the reason for any refusal to your request.

4. Data Security Measures

The security of your personal data is a top priority for us. We employ a range of robust security measures to protect your information from unauthorized access, loss, or misuse. Our data protection practices include the use of encryption for data both in transit (TLS 1.3) and at rest (AES-256 encryption). All sensitive information transmitted between your browser and our servers is secured using SSL/TLS encryption. Your data is stored on secure, Australian-based servers with limited, role-based access for our authorized personnel utilising access controls and monitoring systems. We use advanced firewall protection and regularly monitor our systems for vulnerabilities and potential threats. Our internal policies and procedures are designed to ensure that only authorized staff members have access to personal data, and only for the purpose of performing their duties. We also conduct regular security audits and penetration testing to continually assess and improve our security posture.

5. International Data Transfers and Compliance

As an Australian-based agency, our primary operations are within Australia and are compliant with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). However, in certain circumstances, we may transfer personal data to our third-party service providers located in other countries. When such a transfer occurs, we ensure that appropriate safeguards are in place to protect your data in accordance with international data protection laws. For transfers of data from the European Union, the United Kingdom, or Canada, we utilize mechanisms such as Standard Contractual Clauses (SCCs) to ensure that the data is afforded the same level of protection it would receive under GDPR, UK GDPR, or PIPEDA, respectively. By using our service, you acknowledge and consent to the transfer of your personal information to countries outside of your own jurisdiction for the purposes outlined in this policy.

6. Data Retention Policy

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. The retention period for specific data may vary depending on the nature of the data and the purpose of its collection though a seven (7) year minimum retention period for records is required, as mandated by Australian AML/CTF legislation (Anti-Money Laundering and Counter-Terrorism Financing). For example, financial records may be retained for a longer period to comply with tax and audit laws. We have established internal policies and procedures to ensure that personal data is securely destroyed or de-identified when it is no longer needed. We will not store your data indefinitely.

7. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights regarding your personal data, please contact us. We are committed to resolving any inquiries in a timely and professional manner.