WindForm Pro – Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

1. Purpose and Scope

This Privacy Policy (“Policy”) describes how Exzeo USA, Inc. (“Company,” “we,” “us,” or “our”) collects, processes, retains, and protects data provided by insurance carriers and other regulated entities (“Clients”) in connection with the WindForm Pro product and related services (the “Services”).

This Policy is intended solely for Clients and governs Company’s handling of data received from or on behalf of Clients in the course of providing Services. It is not intended as a consumer-facing privacy notice and does not create obligations directly to policyholders, insureds, or other third parties.

2. Roles and Responsibilities

2.1 Client as Data Controller

Clients determine the purposes and means of processing personal data submitted to the Services and are the data controllers for such data. Clients are responsible for:

  • Providing any required notices to, and obtaining lawful authorization or consent from, data subjects;
  • Responding to data subject requests; and
  • Ensuring their use of the Services complies with applicable law.

2.2 Company as Data Processor

Except as expressly stated below, Company acts as a data processor and processes data solely:

  • On behalf of Clients;
  • In accordance with the applicable Services agreement and Terms of Use; and
  • As required to perform regulatory, administrative, and compliance functions under Florida law.

2.3 Limited Controller Activities

Where contractually permitted and legally allowed, Company may act as an independent controller with respect to data used exclusively for:

  • Product improvement and testing;
  • Software development and feature enhancement; and
  • Internal analytics related to regulatory compliance solutions.

No such use is intended to identify individuals or serve as an alternative purpose incompatible with the Client’s original instructions.

3. Categories of Data Processed

In providing the Services, Company may process the following categories of data supplied by or on behalf of Clients:

  • Insurance and Regulatory Records
    Including wind mitigation reports and other documentation required for Florida insurance compliance.
  • Operational and Transactional Data
    Metadata associated with submission, processing, validation, and reporting activities.

Company does not require or solicit sensitive personal data beyond what is necessary to fulfill regulatory functions.

4. Permitted Uses of Client Data

Company processes Client data strictly for the following purposes:

  1. Regulatory and Administrative Compliance
    Performing Services required under Florida insurance statutes, rules, and administrative regulations.
  2. Service Delivery and Support
    Operating, maintaining, and supporting WindForm Pro, including troubleshooting and customer support.
  3. Product Improvement (Limited and Safeguarded)
    Using datasets to:
    • Improve software performance;
    • Enhance regulatory workflows; and
    • Develop new compliance-related functionality.

Company does not sell Client data or use it for advertising or marketing unrelated to the Services.

5. Data Retention and Deletion

5.1 Retention Periods

  • Regulatory Records:
    Data is retained for the duration required to satisfy contractual obligations and applicable Florida insurance record-retention laws.
  • Product Improvement Data:
    After regulatory obligations expire, Company may retain data for internal product development purposes.

5.2 Deletion and Return

Upon termination of Services and subject to legal retention requirements, Company will delete or return Client data in accordance with the Services agreement and Terms of Use.

6. Data Disclosures

Company does not disclose Client data except in the following limited circumstances:

  • Regulatory and Government Authorities
    Including the Florida Department of Financial Services or other agencies, as required by law.

Company does not monetize or sell Client data.

7. Assistance with Data Subject Rights

Where applicable under the Florida Digital Bill of Rights or other privacy laws, Company will reasonably assist Clients in fulfilling data subject requests related to personal data processed through the Services, consistent with:

  • Client instructions;
  • Applicable law; and
  • Fla. Stat. § 501.712.

Clients remain responsible for responding directly to data subjects.

8. Information Security

Company maintains reasonable administrative, technical, and physical safeguards designed to protect Client data from unauthorized access, disclosure, alteration, or destruction, in compliance with the Florida Information Protection Act (FIPA).

Security measures include access controls, monitoring, and data protection practices appropriate to the regulated nature of the Services.

9. Policy Updates

Company may update this Policy periodically to reflect changes in law, regulatory requirements, or Service functionality. Material changes will be communicated to Clients in accordance with the Services agreement and Terms of Use.

← Back to Home