Privacy Policy

PayHeld Recovery ("Recovery," "we," "us," or "our") is a surplus funds recovery service operated by PayHeld, Inc. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at recovery.payheld.com, our client portal, and our surplus recovery services (collectively, the "Services").

1.1 Scope: This Privacy Policy applies specifically to the PayHeld Recovery service. If you also use the PayHeld freelance marketplace platform at payheld.com, the PayHeld Privacy Policy (available at payheld.com/privacy) governs your use of that service separately.

1.2 Agreement: By accessing our website, submitting an eligibility check, creating a client portal account, or engaging our recovery services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

1.3 Updates: We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the client portal. Your continued use of our Services after changes take effect constitutes your acceptance of the updated Privacy Policy.

1.4 Children: Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it promptly.

We collect the following categories of personal information in connection with our surplus recovery services:

2.1 Identity Information: - Full legal name, including maiden names or aliases used on property records - Date of birth - Social Security Number or Taxpayer Identification Number (required for tax reporting and identity verification) - Government-issued photo identification (driver's license, passport, state ID) - Current and former addresses

2.2 Property Information: - Address of the foreclosed property - Property ownership records and deed information - Foreclosure case numbers and court records - Mortgage and lien information - Tax deed sale records - HOA or condominium association records related to the property

2.3 Financial Information: - Bank account information for fund disbursement (account number, routing number) - Payment history related to the property (if relevant to the claim) - Information about outstanding liens, judgments, or encumbrances

2.4 Contact Information: - Email address - Phone number(s) - Mailing address - Preferred method of communication

2.5 Account Information: - Client portal username and password (password stored in encrypted form only) - Account preferences and communication settings - Login history and session data

2.6 Communication Records: - Messages sent through the client portal - Email correspondence related to your claim - Phone call records (date, time, duration — calls are not recorded without consent) - Documents and files you upload to the client portal

2.7 Automatically Collected Information: - IP address and approximate geolocation - Browser type and version - Device type and operating system - Pages visited on our website and time spent on each page - Referring website or source - Cookies and similar tracking technologies (see Section 11)

2.8 Public Records Information: - We access publicly available information from Florida county property records, court records, and the Florida Department of Financial Services to identify and verify surplus funds claims. This information may include property ownership history, foreclosure judgments, lien records, and tax records.

We use the personal information we collect for the following purposes:

3.1 Service Delivery: - Verifying your identity and eligibility for surplus funds recovery - Researching and locating surplus funds held by Florida courts or the state - Preparing and filing claims, motions, and other legal documents on your behalf - Managing your case through the court process - Processing fund disbursements to you upon successful recovery - Providing status updates and communications about your claim

3.2 Account Management: - Creating and maintaining your client portal account - Authenticating your identity when you log in - Managing your communication preferences - Providing customer support

3.3 Legal and Tax Compliance: - Issuing tax forms (IRS Form 1099-MISC or 1099-NEC) for recovered funds - Complying with court orders and legal process - Meeting regulatory reporting requirements - Preventing fraud and verifying the legitimacy of claims

3.4 Service Improvement: - Analyzing usage patterns to improve our website and client portal - Identifying technical issues and improving platform performance - Developing new features and services

3.5 Communication: - Sending service-related notifications (claim updates, document requests, disbursement confirmations) - Responding to your inquiries and support requests - Sending marketing communications about our services (with your consent, and with the ability to opt out)

3.6 Legal Purposes: - Establishing, exercising, or defending legal claims - Complying with applicable laws and regulations - Protecting our rights, property, and safety, and the rights of our users and the public

We process your personal information on the following legal bases:

4.1 Contractual Necessity: Processing your personal information is necessary to perform the surplus recovery services you have engaged us to provide under the Contingency Fee Agreement and these Terms of Service. This includes identity verification, claim preparation, court filings, and fund disbursement.

4.2 Legal Obligations: We are required by law to collect and process certain information, including:

• Social Security Numbers for IRS tax reporting purposes
• Identity verification information to comply with anti-fraud requirements
• Court-mandated information for filing claims and participating in legal proceedings
• Financial records for regulatory compliance

4.3 Legitimate Interests: We process certain information based on our legitimate business interests, including:

• Improving our services and platform functionality
• Preventing fraud and ensuring the security of our systems
• Analyzing service usage to enhance the client experience
• Marketing our services to potential clients (subject to opt-out)

4.4 Consent: Where required by applicable law, we obtain your consent before processing your personal information for specific purposes, such as marketing communications. You may withdraw consent at any time by contacting us at recovery@payheld.com.

We share your personal information only as described below:

5.1 Court Filings: To process your surplus recovery claim, we must file documents with Florida courts that include your personal information. Court filings are public records and may include your name, former property address, claim amount, and supporting documentation. We limit personal information in court filings to what is required by the court.

5.2 Government Agencies: We share information with government agencies as required, including:

• Florida county clerks of court (for surplus fund claims)
• Florida Department of Financial Services (for unclaimed property claims)
• Internal Revenue Service (for tax reporting — Form 1099)
• Law enforcement (if required by subpoena, court order, or law)

5.3 Service Providers: We use trusted third-party service providers who process data on our behalf, including:

• Cloud hosting and data storage providers
• Email and communication service providers
• Document management and electronic signature platforms
• Payment processing and banking services
• Analytics and website performance tools

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

5.4 Professional Advisors: We may share information with our attorneys, accountants, auditors, and other professional advisors in connection with legal, financial, or compliance matters.

5.5 Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity. We will provide notice of any such transfer and the choices available to you.

5.6 With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

5.7 Aggregated Data: We may share aggregated, de-identified data that cannot reasonably be used to identify you (such as total funds recovered across all clients) for marketing, analytics, or research purposes.

5.8 We Do NOT: - Sell your personal information to third parties - Share your Social Security Number with anyone other than the IRS and courts as required by law - Provide your information to data brokers or marketing companies - Use your information for purposes unrelated to surplus recovery services

6.1 Nature of Court Filings: An essential part of our surplus recovery service involves filing legal documents with Florida courts on your behalf. It is important that you understand the public nature of these filings.

6.2 Information in Court Filings: Documents filed with the court may include:

• Your full legal name
• Your current mailing address (or a designated agent's address where permitted)
• The address of the former property
• The foreclosure case number and court jurisdiction
• A statement of your claim and basis for entitlement
• Supporting documentation (identification, property records, affidavits)

6.3 Public Access: Court filings are generally accessible to the public through the county clerk's office and online court records systems (such as Florida's Comprehensive Case Information System). While some information may be redacted or sealed upon request, public access to court records is governed by Florida Rule of Judicial Administration 2.420 and applicable federal and state law.

6.4 Sensitive Information Protection: We take the following steps to protect sensitive information in court filings:

• Social Security Numbers are filed under seal or redacted in public documents where permitted by court rules
• Financial account numbers are not included in public filings
• We follow all applicable court rules regarding the handling of confidential information in court filings
• We request sealing of sensitive documents where court rules permit

6.5 Your Acknowledgment: By engaging our services, you acknowledge and consent to the filing of documents containing your personal information with Florida courts, understanding that such filings are generally public records.

7.1 Security Measures: PayHeld Recovery implements comprehensive security measures to protect your personal information, including:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for administrative access
• Regular security assessments and vulnerability testing
• Access controls limiting employee access to personal data on a need-to-know basis
• Secure, SOC 2 compliant cloud hosting infrastructure
• Encrypted database backups with geographic redundancy

7.2 Sensitive Data Handling: Highly sensitive information (Social Security Numbers, financial account numbers, government identification documents) receives additional protection:

• SSNs are stored in encrypted form with restricted access
• Financial account numbers are stored in PCI-compliant systems
• Government ID documents are stored in encrypted, access-controlled storage
• Sensitive data is never transmitted in plain text via email

7.3 Employee Training: All PayHeld Recovery team members with access to personal data receive training on data protection, privacy regulations, and security best practices.

7.4 Incident Response: We maintain an incident response plan to address potential data breaches. In the event of a data breach affecting your personal information, we will:

• Notify you within the timeframe required by applicable law (within 30 days under the Florida Information Protection Act)
• Provide details about the breach, the types of information affected, and steps we are taking
• Offer appropriate remediation measures such as credit monitoring if warranted

7.5 No Absolute Security: While we implement robust security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information.

8.1 Retention Periods: We retain your personal information for the following periods:

• Active Claims: For the duration of your active surplus recovery case, plus seven (7) years after case closure for legal, tax, and regulatory compliance purposes
• Tax Records: IRS Form 1099 and related tax documentation retained for seven (7) years as required by federal tax law
• Court Filings: Copies of court filings retained for ten (10) years (note: original filings are maintained permanently by the court as public records)
• Client Portal Accounts: Account data retained for the duration of the account plus two (2) years after closure
• Marketing Data: Contact information for marketing purposes retained until you opt out or request deletion
• Website Analytics: Anonymized analytics data retained for three (3) years

8.2 Post-Retention Deletion: After the applicable retention period expires, we will securely delete or anonymize your personal information. Deletion is performed using industry-standard methods appropriate to the storage medium.

8.3 Legal Holds: We may retain information beyond the standard retention period if required by law, court order, or pending litigation. We will notify you if a legal hold applies to your data, unless prohibited by law from doing so.

8.4 Your Deletion Requests: You may request deletion of your personal information at any time (see Section 9). We will honor your request unless retention is required by law or for legitimate business purposes (such as completing an active claim or maintaining tax records).

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Right to Access: You may request a copy of the personal information we hold about you. We will provide this information within thirty (30) days of receiving a verifiable request.

9.2 Right to Correction: You may request that we correct inaccurate or incomplete personal information. You can update most information directly through the client portal, or by contacting us at recovery@payheld.com.

9.3 Right to Deletion: You may request deletion of your personal information, subject to our legal retention obligations. We will delete or anonymize your data within thirty (30) days of a verified request, unless retention is required by law.

9.4 Right to Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format (such as CSV or JSON).

9.5 Right to Opt Out of Marketing: You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us at recovery@payheld.com.

9.6 Florida Privacy Rights: As a Florida-based service, we comply with:

• Florida Information Protection Act (FIPA) — requiring prompt breach notification
• Florida Deceptive and Unfair Trade Practices Act — prohibiting deceptive data practices
• Florida's constitutional right to privacy (Article I, Section 23 of the Florida Constitution)

9.7 California Residents (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise your CCPA/CPRA rights, contact us at recovery@payheld.com with the subject line "CCPA Privacy Request."

9.8 Other State Privacy Laws: We comply with all applicable state privacy laws. If your state provides additional privacy rights, we will honor those rights upon request.

9.9 Verification: To protect your privacy, we may need to verify your identity before processing certain requests. Verification may require providing your name, email address, and additional identifying information matching our records.

9.10 Response Time: We will respond to all privacy rights requests within thirty (30) days. If additional time is needed, we will notify you of the extension and the reasons for it.

10.1 Service Providers: We use the following categories of third-party service providers:

• Cloud Infrastructure: Secure, SOC 2 compliant hosting and data storage
• Email Services: Transactional and marketing email delivery
• Electronic Signatures: Document signing and verification
• Payment Processing: Fund disbursement and financial transactions
• Analytics: Website usage analytics (anonymized)
• Security: Threat detection, vulnerability scanning, and incident response

10.2 Third-Party Links: Our website may contain links to third-party websites, such as Florida county clerk websites, court records systems, or government resources. We are not responsible for the privacy practices of these third-party sites. We encourage you to review the privacy policies of any third-party site you visit.

10.3 Court Records Systems: When we file claims on your behalf, documents are submitted to Florida court records systems operated by county clerks and the Florida Courts. These systems have their own privacy policies and public access rules, which are governed by Florida law and court rules.

10.4 Government Agencies: Information shared with government agencies (IRS, Florida Department of Financial Services, county clerks) is subject to the privacy policies and legal requirements of those agencies.

11.1 Cookies We Use: Our website uses the following types of cookies:

• Essential Cookies: Required for website functionality, including authentication, session management, and security. These cookies cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with our website (pages visited, time on site, traffic sources). Analytics data is anonymized and does not identify individual users.
• Preference Cookies: Used to remember your settings and preferences (such as language or communication preferences).

11.2 We Do NOT Use: - Third-party advertising or retargeting cookies - Social media tracking pixels - Cross-site tracking technologies - Cookies that sell or share data with data brokers

11.3 Cookie Management: You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking essential cookies may prevent you from using the client portal.

11.4 Do Not Track: Our website responds to browser "Do Not Track" (DNT) signals. When DNT is enabled, we disable non-essential analytics cookies.

11.5 Analytics Provider: We use privacy-focused analytics that do not use cookies for tracking, do not collect personal information, and comply with GDPR and CCPA without requiring consent banners.

12.1 Data Location: Your personal information is stored on secure servers located in the United States. We do not transfer your personal information outside of the United States.

12.2 Florida Court Records: Documents filed with Florida courts are stored on court records systems located in Florida and managed by the Florida Courts and county clerks of court.

12.3 Backup and Redundancy: Encrypted backups of your data are maintained in geographically separate data centers within the United States to ensure data availability and disaster recovery.

12.4 International Users: If you access our Services from outside the United States, you understand that your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

13.1 Modifications: We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. We will update the "Last Updated" date at the top of this policy.

13.2 Material Changes: For material changes that significantly affect how we collect, use, or share your personal information, we will provide prominent notice through:

• Email notification to the address associated with your account
• Prominent banner or notification on the recovery.payheld.com website
• Notification through the client portal (for active clients)

13.3 Notice Period: We will provide at least thirty (30) days' advance notice of material changes before they take effect.

13.4 Continued Use: Your continued use of our Services after changes take effect constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our Services and contact us to discuss your options.

13.5 Version History: Previous versions of this Privacy Policy are available upon request. Contact recovery@payheld.com to request prior versions.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your personal information is handled, please contact us:

Privacy Inquiries: recovery@payheld.com Subject Line: "Privacy Request" or "Privacy Question"

Legal Department: legal@payheld.com

Client Portal: recovery.payheld.com/portal

Mailing Address: PayHeld Recovery (a service of PayHeld, Inc.) Florida, United States

For privacy rights requests (access, deletion, correction), please include: - Your full name and email address associated with your account - A description of the right you wish to exercise - Any additional information that may help us verify your identity

We will respond to all privacy inquiries within thirty (30) days.

For complaints about our privacy practices, you may also contact the Florida Attorney General's Office at myfloridalegal.com or (866) 966-7226.