Privacy Policy

Effective September 26, 2025

California residents: If you are a California resident, please read the Notice to California residents section below in addition to this Privacy Policy for information about your personal information and privacy rights.

This Privacy Policy describes how Cover Whale Insurance Solutions LLC and our subsidiaries and affiliates (“Cover Whale,” “we“, “us” or “our“) process personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, social media pages, policy administration system, marketing activities, telemetry devices, live events and other activities described in this Privacy Policy (collectively, the “Service”)). Cover Whale may provide additional or supplemental privacy policies to individuals, brokers, agents, retailers, aggregators, and agencies for specific products or services that we offer at the time we collect personal information.

Cover Whale provides commercial trucking insurance across the US through business relationships with Brokers / Agents / Agencies / Retailers / Aggregators who have limited access to Cover Whale’s platform. This Privacy Policy does apply to information that we process on behalf of our business customers (such as fleet owners) while providing the Cover Whale services to them. Our use of information that we process on behalf of our business customers may be governed by our agreements with such customers and/or their Broker/Agent. If you have concerns regarding your personal information that we process on behalf of a business customer, please direct your concerns to that business customer and/or Broker/Agent.

Our websites and services are designed for enterprise customers and their representatives. We do not offer products or services for use by individuals for their personal, family or household purposes. Accordingly, we treat all personal information we collect as pertaining to individuals in their capacities as representatives of the relevant enterprise and not their individual capacities.

Index

Personal information we collect
How we use your personal information
How we share your personal information
Your choices
Other sites and services
Security
International data transfers
Children
Changes to this Privacy Policy
How to contact us
Notice to California residents

Personal information we collect

Information you or your Broker/Agent provides to us. Personal information you or your Broker/Agent may provide to us through the Service or otherwise includes:

Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, professional title and company name, and phone number.
Demographic data, such as your city, state, country of residence, postal code, geolocation (telematics) and age.
Personal Information, Social security, driver’s license, date of birth, DOT (Department of Transportation) Number, VIN (Vehicle Identification Number). Personal information collected and analyzed concerning a consumer’s health when this information is pertinent to a claim under an insurance policy. Cover Whale only collects sensitive personal information, as defined in the applicable state privacy laws, with your Broker’s/Agent’s consent and does not use sensitive personal information for inferring characteristics about you. However, this information may be used for rating purposes.
Profile data, such as the username and password that you may set to establish an online account on the Service, preferences, and any other information that you add to your account profile.
Appointment data, such as relevant agency details, NPN (National Producer Number), state license number, name, address, email, phone number, FEIN (Federal Employer Identification Number), and social security number.
Claims data, such as accident details, including the time and place of the accident, vehicle information, insurance policy details, telematics data (as defined below) and any videos, photos, or other documentation you choose to submit regarding the accident. Personal information collected and analyzed concerning a consumer’s health when this information is pertinent to a claim under an insurance policy.
Telematics data, geolocation, video from cameras (where applicable), ELD (Electronic Logging Device) data (where applicable), name, DOT, driver’s license, VIN, non-PII data (e.g., inspections, safety scores, violations, operations, cargo hauled), driving behavior (e.g., hard braking, acceleration), policy number, and timestamps.
Communications data based on our exchanges with you, including when you contact us through the Service typically routed to a CRM (Customer Relationship Management) vendor, text message, phone, social media, or otherwise.
Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you or your Broker/Agent with personal information we obtain from other sources, such as:

Public sources, such as government agencies, public records, FMCSA (Federal Motor Carrier Safety Administration), SAFER (Safety and Fitness Electronic Records), inspection data, social media platforms, and other publicly available sources.
Private sources, such as data providers, motor vehicle record providers, VIN verification vendors, ELD vendors, camera vendors, social media platforms and data licensors.
Our affiliate partners, such as our affiliate network provider and publishers, and carrier partners.
Marketing partners, such as joint marketing partners and event co-sponsors.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your Broker/Agent, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
Telematics Data such as video data and ELD data, geolocation, and driving behavior.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:

Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
Session-replay technologies, such as those provided by Hotjar that employ software code to record users’ interactions with the Services in a manner that allows us to watch video replays of those user sessions. The replays may include users’ clicks, mobile app touches, mouse movements, scrolls and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about session replay providers such as Hotjar at https://www.hotjar.com/legal/policies/privacy/ and you can opt-out of session recording by Hotjar at https://www.hotjar.com/policies/do-not-track/.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

provide, operate and improve the Service and our business;
assess driving behavior, create driver and customer scoring, determine product eligibility, validate credentials, detect and prevent fraud, analyze underwriting and risk, determine rates, and validate licenses and other information provided in insurance applications by your Broker / Agent;
submit required regulatory filings, verify third-party information sources, report taxes, report coverage, and verify coverage;
personalize the Service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
establish and maintain your user profile on the Service;
enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
communicate with you and your Broker/Agent about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
communicate with you about events or contests in which you participate;
understand your needs and interests, and personalize your experience with the Service and our communications; and
provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services, as well as data analytics purposes and use of models and algorithms.

Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

Direct marketing. We may send you and your Broker/Agent direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.

Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms.

Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.

Compliance and protection. We may use your personal information to:

comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies, such as rates, rules, forms, and underwriting criteria;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law. Your consent is provided by your Broker/Agent who in turn shares that information with us through our platform.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
Functionality. To enhance the performance and functionality of our services.
Advertising. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.
Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Affiliates. Our corporate parent and subsidiaries.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, commission based lead referral, email delivery, marketing, consumer research, third-party administrators, regulatory entities, licensing services, third-party information sources (public and private), CRM vendors, camera vendors, ELD vendors, payment processors, mail service vendors, document processing tools, and website analytics).

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.

Business partners. Our carrier partners, reinsurers, Brokers/Agents of Record and premium finance companies.

Marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Professional advisors. Professional advisors, such as lawyers, auditors, actuarial firms, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Cover Whale, financing of Cover Whale, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Cover Whale as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Your choices

In this section, we describe the rights and choices available to all users. Users who are located in California can find additional information about their rights below.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us (see the “How to contact us” section below). Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

Browser settings. Changing your internet web browser settings to block third-party cookies.
Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option at the following websites:
- Google: https://adssettings.google.com/
- Facebook: https://www.facebook.com/about/ads
Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance: optout.aboutads.info.
- AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.
Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.

We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies and terms of use of the other websites, mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect such as role-based access controls, cloud based management platform, and selective permissions. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us (see the “How to contact us” section below). If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

Mail: 180 Maiden Lane, Suite 802, New York, New York 10038
E-mail: [email protected]
Phone: 888-890-4965

Notice to California residents

This notice describes our collection, use and disclosure of personal information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their personal information. For purposes of this notice, “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. The CCPA also provides California residents the right ‘To Be Forgotten’ by a company.

Your privacy rights. As a California resident, you have the following rights under the CCPA:

Right to know. You can request information about the categories of personal information that we have collected; the categories of sources from which we collected personal information; the business or commercial purpose for collecting, sharing and/or selling personal information; the categories of any personal information that we sold or disclosed for a business purpose; and the categories of any third parties with whom personal information was sold, shared or disclosed for a business purpose.

Right to access. You can request a copy of personal information that we have collected about you.
Right to deletion. You can request that we delete personal information that we collected from you.
Right to opt-out. If we “sell” or “share” your personal information as defined by the CCPA, you can opt-out of those disclosures.
Right to correction. You can request that we correct inaccurate personal information that we have collected about you.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.

How to exercise your rights. You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion via email to [email protected]. The rights described above are not absolute, and, in certain cases, we may decline your request as permitted by law or where the laws in your state do not afford you these rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You can ask to appeal any denial of a request in the same manner through which you may submit one.

Verification of identity; authorized agents. We may need to verify your identity to process your information/know, access, deletion, and correction requests, and we reserve the right to confirm your residency. To verify your identity, we may require authentication into your Service account if you have one, provide personal identifiers we can match against information we may have collected from you previously, confirm your request using the email or telephone account stated in the request, provide government identification, or provide a declaration under penalty of perjury, where permitted by law. Furthermore, your authorized agent may make a request on your behalf. We will process your agent’s requests to exercise your rights to know, access, correction or deletion upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable state law, demonstrating that you have given the agent permission to submit the request or additional information.

Information practices. The following describes our practices currently and during the past 12 months:

Sources and purposes. We collect all categories of personal information from the sources and use them for the business/commercial purposes described above in the Privacy Policy.
Sharing and sales of personal information.
- Sharing. Our use of the interest-based advertising services described above may constitute “sharing” of your personal information (including identifiers and internet/network information described in the CCPA) with our advertising partners from which you have the right to opt-out. You can request to opt-out of this sharing of your personal information by emailing us at [email protected]. Your request to opt-out will apply only to the browser and the device from which you submit the request
- Sales. We receive commissions for lead referrals to our Service Partners. We do not otherwise “sell” personal information as defined by the CCPA. Although our Services are not intended for children under 18 years of age, we are required to inform you that we do not have actual knowledge that we have sold or shared the personal information of children under 18.
Sensitive personal information. We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.
Deidentification. We do not attempt to reidentify deidentified information derived from personal information, except for the purpose of testing whether our deidentification processes comply with applicable law.
Retention. The criteria for deciding how long to retain personal information is generally based on whether such period is sufficient to fulfill the purposes for which we collected it as described in this notice, including complying with our legal obligations.
Collection and disclosure. The chart below describes the personal information we collect by reference to the categories of personal information specified in the CCPA (Cal. Civ. Code §1798.140), and the categories of third parties to whom we disclose it. The terms in the chart refer to the categories of information and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us may contain other categories of personal information not described below. We may also disclose personal information to professional advisors, authorities and others, and business transferees as described above in the How we share your personal information section of this Privacy Policy.

Statutory category/personal information we collect (see “Personal information we collect” section above for details)	Categories of third parties to whom we disclose the personal information for a business purpose
Identifiers Contact data Demographic data Personal Information Profile data Appointment data Claims data Telematics data Communications interaction data	Affiliates Business partners Service providers
Identifiers (online) Device data Demographic data Profile data Appointment data Communication interaction data	Affiliates Business partners Service providers
California Customer Records (as defined in California Civil Code §1798.80) Contact data Demographic data Personal Information Profile data Appointment data Claims data Telematics data Communication data	Affiliates Business partners Service providers
Commercial Information Contact data Profile data Claims data Telematics data Marketing data Online activity data	Affiliates Business partners Service providers
Internet or Network Information Device data Online activity data Telematics data Communication interaction data	Affiliates Service providers Marketing partners
Professional or Employment Information Company data Appointment data	Affiliates Business partners Service providers
Inferences May be derived from: Contact data Personal Information Claims data Telematics data Marketing data Online activity data Communication interaction data	Affiliates Business partners Service providers
Protected Classification Characteristics May be included or revealed in: Contact data Personal Information	Affiliates Business partners Service providers

State Specific Privacy Laws

Many states and territories have their own privacy regulations which apply to individuals and corporations that live or do business in, frequent, or offer goods and services to its residents. The individual laws of these states vary and as such you should familiarize yourself with your individual state laws.

Addendum 1 which can be found at the end of this notice summarizes each current state privacy regulation.

ADDENDUM 1

Colorado Privacy Act

The Colorado Privacy Act (CPA) provides consumers with certain rights related to their personal data.

The CPA provides five main rights for the consumer.

Right of Access

You have the right to confirm whether a controller is processing your personal data and to have the sole right to access your personal data.

Right to Correction

You have the right to correct inaccuracies in any personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

Right to Delete

You have the right to delete personal data concerning the consumer.

Right to Data Portability

You have the right to obtain your personal data in a portable and, to the extent technically feasible, readily usable format that allows you the consumer to transmit the data to another entity without hindrance.

Right to Opt-Out

You have the right to opt out of the processing of your personal for any and all purposes.

Right to Appeal

You have the right to appeal any denial to take action. We will provide a response to your appeal request within 45 days of receipt.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Connecticut Data Privacy Act

The Connecticut Data Privacy Act (CTDPA) gives Connecticut residents certain rights over their personal data and establishes responsibilities and privacy protection standards for data controllers that process personal data.

What is considered personal data?

Personal data is any information that can be linked to an identifiable individual, excluding publicly available information. Examples of personal data include: a home address, a driver’s license or state identification number, passport information, a financial account number, login credentials, and payment card information.

Access

Consumers have the right to confirm whether a controller is processing their personal data and access such personal data, unless such actions reveal a trade secret.

Correction

Consumers have the right to correct inaccuracies in their personal data (with some limitation) and the right to delete personal data which is not publicly available.

Data Portability

Consumers have the right to obtain a portable copy of their personal data to the extent technically feasible and provided the controller will not be required to reveal any trade secret.

Opt-Out of Certain Data Processing

Consumers have the right to opt out of any and all processing of personal data for purposes of:

targeted advertising;
the sale of personal data; or
profiling in connection with automated decisions that produce legal or similarly significant effects concerning the consumer.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Delaware Data Privacy Act

What constitutes personal data under the Delaware Data Privacy Act (DDPA)?

The DDPA covers any personally identifiable information (PII) about a Delaware resident (User), who may use an application or service publicly available. Examples of PII include, however, are not limited to, data revealing racial or ethnic origin, religious beliefs, mental or physical health condition, or any other information that can be directly tied to you. We will always obtain your consent when we collect such data.

Consumer rights and requests:

As a User you have the following rights as it relates to your data:

Right to know about processing
Right to access your data and that of any minors under the age of 13 of which you are the guardian
Right to data correction and/or deletion
Right to data portability
Right to opt-out of the processing of PII for any purposes including but not limited to for the purposes of data sales, targeted advertising, or profiling
Right to obtain a list of the categories of third parties to which the controller has disclosed the consumer’s personal data

These requests will be completed within 45 days.

Right to Delete

You have the right to request that we delete any PII about you which we have previously collected. If it is necessary for us to maintain the PII for certain purposes, we may not be required to comply with your deletion request. If we determine that we cannot delete your PII we will inform you and advise why the information cannot be deleted.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Florida Data Privacy Law

What is considered personal data under the Florida Data Privacy Law (FDPL)?

Personal data is any information that can be linked to an identifiable individual, excluding publicly available information. Examples of personal data include, however, are not limited to: address, driver’s license or state identification number, login credentials, and payment card information.

Consumer Rights and Requests

The right to access and obtain a copy of any data that the controller may hold.
The right to delete or correct inaccuracies in their personal data.
The right to opt-out of the selling and/or sharing of personal data for targeted advertising, including removal of personal data from voice or facial recognition technologies.
Permits parents and guardians to exercise rights on behalf of their children.

We will respond to any request within forty-five (45) days of receipt of such request. If we cannot honor your request, you have the right to appeal that decision.

Selling Personal Data

We will not sell your personal data except under the following circumstances:

To a third party for purposes of providing a product or service requested by you
That has been made available to the general public through a mass media channel and access is not restricted
As part of a merger or an acquisition under the condition of a non-disclosure agreement

Targeted Advertising

We may use the personal data that you have provided for targeted advertising purposes, including through unaffiliated websites or companies.

You may opt-out of any and all targeted advertising at any time.

Consumers Right of Action

If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Florida Department of Legal Affairs.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Iowa Consumer Data Privacy Act

The Iowa Consumer Data Privacy Act (ICDPA) provides Iowa residents or other individuals (Consumers) the following rights when it comes to accessing and managing their personal information:

The right to access personal information,
The right to confirm processing,
The right to deletion (only applicable to personal data provided to the business by the consumer),
The right to data portability (only applicable to personal data provided to the business by the consumer), and
The right to opt out of sale.

Sensitive Data Processing Requirements

The ICDPA requires that we provide you with “clear notice and an opportunity to opt out” of the processing of sensitive data (which includes biometric information to the extent it is “processed for the purpose of uniquely identifying a natural person”).

Privacy Notices

The following information will be provided to you upon request:

Categories of and purposes personal data being processed;
How you may exercise your data rights;
Categories of personal data that we may share with third parties; and
Categories of third parties with whom we may share your personal data.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Indiana Consumer Data Protection Act

The Indiana Consumer Data Protection Act (INCDPA) is a comprehensive data privacy law which regulates how businesses handle the personal data of Indiana residents and requires companies to inform consumers about data collection practices and provide them with certain rights.

Consumer Rights

As a User, you have the right to:

Confirm whether your personal data is being processed.
Access your personal data.
Correct inaccurate personal data.
Request deletion of your personal data.
Opt out of the sale of your personal data and targeted advertising.

Data Processing Requirements

The ICDPA requires that we provide you with clear privacy notices, including details about the categories of personal data processed, the purposes for processing, and how you can exercise your rights.

Security

We have implemented and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. In addition, we mandate that any third party that we share your data with are subject to a confidentiality duty for that data and provide any required assistance to us in meeting our obligations to provide data breach notices and maintain reasonable security.

Personal Data Processing Consent

We will never use or process your personal data without first obtaining your consent. To obtain your consent we will always request your clear affirmative approval prior to processing your personal data. Consent may be requested in the form of a written statement, including by electronic means, or any other unambiguous affirmative actions.

No Private Right of Action:

The ICDPA does not grant consumers a right to sue businesses directly for violations. If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Attorney General of Indiana.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Kentucky Consumer Data Act

The Kentucky Consumer Data Act (KCDPA) is a comprehensive data privacy law that grants consumers rights regarding their personal data and places obligations on businesses that collect and process such data.

Consumer Rights

You have the following rights to:

Access: Confirm whether your data is being processed and access it.
Correction: Request correction of inaccuracies in your data.
Deletion: Request the deletion of your data.
Data Portability: Obtain a copy of your data in a portable format.
Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling.

Disclosure

We may at times be required to disclose your personal data to a third party to assist in processing your request. Any disclosure to a third party will be strictly under a written contract with the third-party provider authorizing the third party to use the personal data to perform services on our behalf.

Privacy by Design

We limit the collection of personal data to what is adequate, relevant, and reasonably necessary for the purposes disclosed, we will never collect personal information that is not required to conduct business with you nor use any information collected for purposes that are neither reasonably necessary to, nor compatible with our services without obtaining your consent.

Security

We have implemented and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. In addition, we mandate that any third party that we share your data with are subject to a confidentiality duty for that data and provide any required assistance to us as Controllers in meeting our obligations to provide data breach notices and maintain reasonable security.

No Private Right of Action:

The KCDPA does not grant consumers a right to sue businesses directly for violations. If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Kentucky Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Maryland Online Data Privacy Act

The Maryland Online Data Privacy Act (MODPA) focuses on data minimization, consent, and sensitive data protections. It also provides consumers with rights to access, correct, delete, and port their data, and to opt out of certain processing activities.

Data Processing Requirements

The MODPA requires that we provide you with clear privacy notices, including details about the categories of personal data processed, the purposes for processing, and how you can exercise your rights.

Security

Personal Data Processing Consent

Privacy by Design

We limit the collection of personal data to what is adequate, relevant, and reasonably necessary for the purposes disclosed. We will never collect additional categories of personal information that is not required to conduct business with you nor use any information collected for purposes that are neither reasonably necessary to, nor compatible with our services without obtaining your consent.

Sensitive Data Processing Requirements

The MODPA requires that we collect, process, or share “sensitive data” when it is strictly necessary to provide or maintain a specific product or service requested by you. Sensitive data is defined as personal data revealing racial or ethnic origin; religious beliefs; physical or mental health status, including gender affirming treatments and reproductive or sexual health care; sex life or sexual orientation; status as transgender or non-binary; national origin; citizenship or immigration status; genetic or biometric data; data collected from a known child; and geolocation data.

Consumer Rights

You have the right to confirm if your data is being processed, access it, correct inaccuracies, delete it, obtain a copy, and opt out of certain activities like targeted advertising and data sales.

We will respond to all requests within 45 days. Furthermore, if we refuse to grant your request, we must explain the reasons behind our decision in writing. If you disagree with our decision you have the right to appeal our decision in writing within 60 days from the date of the denial.

Anti-Discrimination

MODPA prohibits us from using data to discriminate against you.

Children’s Data

MODPA prohibits the processing of a child’s personal data for targeted advertising or sale if we knew or should have known the child is under 18.

If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Kentucky Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Minnesota Consumer Data Privacy Act

The Minnesota Consumer Data Privacy Act (MCDPA) defines personal data as any information that is linked or reasonably linkable to an identified or identifiable individual and excludes publicly available or de-identified information. Profiling occurs when a company uses personal data to evaluate or predict an individual’s health, interests, economic status, or other characteristics. Minnesota consumers, defined as a natural person who is a Minnesota resident acting only in an individual or household capacity, and not acting in a commercial or employment context.

Consumers Rights

Confirm whether we are processing your personal data and providing access to your data, unless providing confirmation and access would require us to reveal a trade secret;
Correct inaccuracies in your personal data;
Delete personal data concerning you;
Obtain a copy, in an accessible format, of your personal data processed by us (i.e., data portability);
Opt out of the processing of your personal data for the purposes of targeted advertising, the sale of your personal data, or profiling; and
Obtain a list of third parties to which we have disclosed your personal data.

Security

Personal Data Processing Consent

Privacy by Design

If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Minnesota Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Montana Consumer Data Privacy Act

What rights does the Montana Consumer Data Privacy Act (MCDPA) grant consumers?

The MCDPA grants Montana residents acting in an individual context, (“consumers”), certain access and control rights concerning their personal data. Consumers do not include those in a commercial or employment context.

As a consumer you may submit authenticated requests for the following:

Confirm whether we are processing your data.
Ask us to provide access to your data or obtain a copy of your personal data (i.e., data portability).
Ask us to correct inaccurate personal data or delete any personal data about you.
Opt-out of the processing your personal data for purposes of targeted advertising, the sale of personal data, or profiling.

What are our obligations under the MCDPA?

We will limit the collection of personal data to what is adequate, relevant, reasonably necessary, and proportionate in relation to the purposes for which the personal data is processed. We have established, implemented, and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity, and security of your personal data. We will notify you if we sell your personal data to third parties or engage in targeted advertising. You have the right to opt out at any time.

Disputes Concerning Consumer Data Privacy

If you are not satisfied with our response or actions a formal complaint may be filed with the Montana Attorney General Investigations and Enforcement unit.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Nebraska Data Privacy Act

What is Personal Data?

Personal Data is defined as any information that is linked or reasonably linkable to an identified or identifiable individual, including pseudonymous data such as when used in combination with other identifying information. It excludes de-identified or publicly available information.

In addition, sensitive data, which is a subset of personal data, includes:

Personal data collected from a known child under the age of 13.
Genetic or biometric data processed to uniquely identify an individual.
Personal data that reveals an individual’s race or ethnic origin, religion, mental or physical health condition, sexuality, or immigration status.
Precise geolocation data.

Personal Data Processing Consent

Consumers rights

You have the following rights as it relates to your personal data:

To know whether we are processing your personal data.
To correct inaccuracies in or request deletion of your personal data.
To access or obtain a copy of your personal data in a portable and readily usable format.
To opt-out of personal data processing, for any purposes including but not, limited to:
- personal data sales;
- targeted advertising; or
- profiling for decisions that produce legal or similarly significant effects on consumers.

We will respond to all requests within 45 days of receipt. If a request cannot be honored for any reason legal or otherwise, we will notify you in writing and provide details of how you can dispute our decision(s).

Disclosure

In addition, all third parties will adhere to all data security obligations and regularly, however no less than annually, conduct data protection assessments and immediately notify us of any findings.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

New Hampshire Act

What is Personal Data?

Personal data includes all data however not limited to racial or ethnic origin, religious beliefs, mental or physical health condition, sexual orientation, or citizenship status. In addition, sensitive data includes genetic or biometric data, personal data of a known child, and precise geolocation data.

Consent

We will always obtain your explicit consent prior to collecting and using any of your personal data.

Consumer Data Rights

As a Consumer you have the right to confirm whether we are processing your personal data; the right to correct inaccuracies; the right to delete personal data; the right to know the purposes for processing your personal data; the right to know how your data is shared with third parties and the categories of third parties that will receive the personal data; the right to obtain a portable and readily usable copy of personal data; and the right to opt out for any and all processing.

We will respond and take the requested action within 45 days of receipt of the request. If we cannot honor your request for any reason including legal requirements, written notice with an explanation as to why the request cannot be honored will be provided.

Privacy by Design

Security

Opt-out Preference Signals

As the owner of the personal information, you have the right to opt-out of any processing of personal data for any purpose. Please be aware that we may not be able to provide you with all services if you choose to opt-out from providing us with any requested data or choose to have any data that was previously provided deleted.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

New Jersey Data Privacy Act

What is Personal Data?

Personal data includes all data revealing racial or ethnic origin, religious beliefs, mental or physical health condition, sex life, sexual orientation, citizenship, or immigration status. In addition, sensitive data includes genetic or biometric data, personal data of a known child, and precise geolocation data.

Opt-In for Personal Data Processing?

Consumer Data Rights

As a consumer you have following rights with regards to your personal data:

The right to confirm whether we are processing your personal data and to access personal data;
The right to correct inaccuracies or delete your personal data;
The right to ‘Be Forgotten’;
The right to obtain a portable copy of your personal data; and
The right to opt out of the processing of data for any and all purposes.

Opt-Out Preference

You may opt-out of providing and allowing us to use your Personal data at any time. If you would like to Opt-Out of providing us any data, please use the ‘Contact Us’ page.

Disclosure

Privacy by Design

Security

We have implemented and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. In addition, we mandate that any third party that we share your data with are subject to a confidentiality duty for that data and provide any required assistance to us as Controllers in meeting our obligations to provide data breach notices and maintain reasonable security.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Oregon Consumer Privacy Act

What rights does the Oregon Consumer Privacy Act (OCPA) grant consumers?

The OCPA grants Oregon residents acting in an individual context, (“consumers”), certain access and control rights concerning their personal data. Consumers do not include those in a commercial or employment context.

As a consumer you may submit authenticated requests for the following:

Confirm whether we are processing your data.
Ask us to provide access to your data.
Ask us to correct inaccurate personal data or delete any personal data about you.
Obtain a copy of your personal data (i.e., data portability).
Opt-out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling.

We will respond to all requests within 45 days. Furthermore, if we refuse to grant your request, we must explain the reasons behind our decision in writing. If you disagree with our decision, you have the right to appeal our decision in writing within 60 days from the date of the denial.

What are our obligations under the OCPA?

We will limit the collection of personal data to what is adequate, relevant, reasonably necessary, and proportionate in relation to the purposes for which the personal data is processed. We have established, implemented, and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity, and security of your personal data. We will notify you if we sell your personal data to third parties or engages in targeted advertising. You have the right to opt out at any time.

Disputes Concerning Consumer Data Privacy

If you are not satisfied with our response or actions a formal complaint may be filed with the Oregon Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Rhode Island Data Transparency and Privacy Protection Act

The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), requires companies to clearly disclose their data collection practices, provide mechanisms for customers to access and manage their personal data, and implement robust data security measures. The law also mandates explicit consent for processing sensitive personal information and requires data breach notifications.

Consumer Rights

You have the right to confirm whether your data is being processed, access it, correct inaccuracies, delete it, obtain a portable copy, and opt-out of certain processing activities like targeted advertising.

Disclosure

Privacy by Design

Security

We have implemented and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. In addition, we mandate that any third party that we share your data with are subject to a confidentiality duty for that data and provide any required assistance to us as Controllers in meeting our obligations to provide data breach notices and maintain reasonable security.

Data Breach Notification

We will promptly notify affected consumers and relevant authorities in the event of a data breach.

If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Rhode Island Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Tennessee Information Protection Act

The Tennessee Information Protection Act (TIPA) is a state-level data privacy law that regulates how businesses handle consumers’ personal data within Tennessee. It provides consumers with rights like data access, correction, deletion, and opting out of targeted advertising and data sales.

Consumer Rights

Right to confirm: You have the right to confirm whether we are processing your personal information and access to that information.
Right to correct: You have the right to correct inaccurate personal information.
Right to delete: You have the right to request deletion of personal information.
Right to portability: You have the right to obtain a copy of your personal information in a readily usable format.
Right to opt-out: You have the right to opt out of data sales, targeted advertising, or profiling.
Right to not be discriminated against: We cannot discriminate against you for exercising your rights under the law.

Disclosure

Privacy by Design

Security

We have implemented and maintain administrative, technical, and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. In addition, we mandate that any third party that we share your data with are subject to a confidentiality duty for that data and provide any required assistance to us as Controllers in meeting our obligations to provide data breach notices and maintain reasonable security.

If you are not satisfied by any response or action related to your personal information, you may file a formal complaint with the Tennessee Attorney General.

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Texas Data Privacy and Security Act

The Texas Data Privacy and Security Act (TDPSA) regulates the collection, use, processing, and treatment of consumers’ personal data and provides residents the following rights:

Confirm whether we are processing personal data and be provided the ability to access the personal data.
Correct inaccuracies or delete your personal data at any time.
Obtain a copy of your personal data, in a portable and readily usable format.
Opt-out of processing personal data for targeted advertising, the sale of personal data, or its use for profiling.

We will address all data subject or opt-out requests within 45 days after the receipt of the request.

Texas Data Privacy Law Requirements

The TDPSA outlines duties for controllers related to collecting personal data, including limiting collection to what is adequate, relevant, and reasonably necessary, and requiring them to establish data security practices.

As data controllers we cannot:

Collect personal data for reasons not disclosed to the consumer without consent.
Process data in violation of state and federal laws that prohibit unlawful discrimination or discriminate against a consumer for exercising their rights.
Process sensitive data without consent or process sensitive data of a child unless it’s in accordance with the Children’s Online Privacy Protection Act of 1998 (COPPA).

Questions or Concerns?

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Utah Consumer Privacy Act

The Utah Consumer Privacy Act (UCPA) is applicable to the following:

Any controller or processor who:
- Conducts business in the state of Utah; or
- Produces a product or service that is targeted to consumers who are residents of the state of Utah.
Any owner of the information (Consumer) who:
- Is a resident of the state of Utah; or
- Is provided a good or a service from a business that conducts its business in the state of Utah.

The UCPA provides you as the consumer the right to:

Confirm whether we as the controller are processing your personal data;
Access and delete your personal data;
Obtain a copy of your personal data, in a format that: is portable, readily usable; and allows you to transmit the data to another controller without impediment; and
Opt-out of the processing of your personal data for any and all purposes.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].

Virginia Consumer Data Protection Act

The Virginia Consumer Data Protection Act (VCDPA) provides consumers with certain rights related to their personal data. Under the Act, these rights include:

The right to know, access, confirm personal data;
The right to delete or to correct inaccuracies in personal data;
The right to data portability (i.e., easy, portable access to all pieces of personal data held by a company);
The right to opt-out of the processing of personal data for any and all purposes; and
The right to not be discriminated against for exercising any of the foregoing rights.

If you would like to exercise any such rights or have any questions related to this regulation, please send a request via email to [email protected].