Privacy Policy

We collect only what's needed to find money that may be owed to you. We will never sell your personal data. No SSN is required for the free scan. Payments are processed by Stripe — we never see your card number.

• Identity inputs — first/last name, optional middle initial and maiden/other names, current and prior addresses. Used only for matching against official source records.
• Contact details — email and (optional) phone, used for account creation, claim status notifications, and Concierge consultations.
• Account data — your saved scans, matches, eligibility checks, and claim kits.
• Payment metadata — Stripe handles your card directly; we receive only a transaction reference, the amount paid, and the status.
• Usage data — basic logs (timestamps, audit events) to operate the service and debug issues.

• No SSN is required for the free scan.
• No card numbers, bank account numbers, or government ID numbers are stored on Owedio's servers.
• No biometric data, no location tracking, no advertising IDs.

• To match your identity against public records in our source catalog.
• To prepare and (with your approval) submit claim packets on your behalf.
• To send you transactional notifications (claim status, account changes).
• To improve the matching engine — only aggregated, de-identified metrics.

We rely on a small set of vetted providers to operate Owedio. None of them sells your data.

• Stripe — payment processing (PCI-DSS Level 1).
• Emergent — LLM processing for forensic-analyst explanations and cover letters. Identity inputs are passed only when generating a specific match explanation or claim kit; never stored by the LLM provider for training.
• MongoDB Atlas — encrypted storage of accounts, scans, and claim kits.

Scan inputs and matches are retained for the life of your account. You can delete your account at any time via Concierge support; doing so permanently removes scans, matches, claim kits, and eligibility checks within 30 days. Audit events tied to financial transactions are retained for 7 years per IRS recordkeeping requirements.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication uses HMAC-SHA256 signed JWTs with a 7-day rotation. Passwords are hashed with bcrypt.

You may request a copy of your data, correct inaccuracies, or delete your account at any time. Contact Concierge with the subject line "Data request".

Owedio is for U.S. adults (18+). We do not knowingly collect data from minors.

If we materially change how we handle your data, we'll notify you via email at least 14 days before the change takes effect.

Privacy questions: Concierge form.