Privacy Policy
Last updated: {DATE_LAST_UPDATED}
Rockrose Insurance Services, LLC (doing business as “RockRose Risk,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://www.rockroserisk.com/ or https://www.rockroserisk.ai/ (the “Site”), use our wildfire‑risk insurance, mitigation, or self‑insurance services (collectively, the “Services”), or otherwise interact with us.
If you have questions or need this notice in an alternative format, please contact us at info@rockroserisk.com.
1. Scope
This Policy applies to personal information we process as a “business” or “controller” under:
- The EU/UK General Data Protection Regulation (“GDPR”),
- The California Consumer Privacy Rights Act (“CCPA/CPRA”), and
- Other U.S. state privacy laws now in force (including CO, CT, DE, IA, MD, MN, NJ, OR, TN, TX, UT, VA, and any additional states that adopt comprehensive laws).
It does not cover third‑party websites or services that link to or from our Site.
2. Information We Collect
| Category |
Examples |
Source |
| Identifiers |
Name, postal address, email, phone, unique IDs, IP address, device ID |
You; automated means |
| Property & Risk Data |
Street address, parcel boundaries, building materials, sensor/imagery data, mitigation status, wildfire risk score |
You; satellite & weather feeds; third‑party providers |
| Commercial Information |
Insurance quotes, policies purchased, premium amounts, payment method (tokenized) |
You; insurers; payment processors |
| Internet / Network Activity |
Log files, pages viewed, referring URLs, clickstream data, cookies, heat‑map interactions |
Automated means |
| Geolocation |
Latitude/longitude, device‑level location (with consent) |
Automated means |
| Professional / Business Data |
Company name, title, EIN |
You |
| Inferences |
Profiles, predicted risk levels, mitigation recommendations |
We derive |
We do not intentionally collect sensitive personal information (e.g., government IDs, health data) unless you voluntarily provide it in a free‑text field.
3. How We Collect Information
- Directly from you ‑ when you submit forms (“Get an Estimate,” “Contact Us”), schedule a call, sign a contract, or communicate with us.
- Automatically ‑ via cookies, pixels, and similar technologies (see Section 7).
- From third parties ‑ insurance carriers, analytics vendors, mitigation partners, property‑data providers, and public records.
4. How We Use Information
| Purpose |
Legal Basis (GDPR) |
| Provide, price, underwrite, and administer insurance or self‑insurance solutions |
Contract; Legitimate interest |
| Generate AI‑driven mitigation plans and wildfire risk scores |
Legitimate interest |
| Process payments and accounting |
Contract; Legal obligation |
| Respond to inquiries and provide customer support |
Contract |
| Improve Site, Services, and algorithms (e.g., model accuracy, UX) |
Legitimate interest |
| Conduct marketing with your consent / as permitted by law |
Consent; Legitimate interest |
| Detect, prevent, and remediate fraud or security incidents |
Legitimate interest; Legal obligation |
| Comply with laws, regulations, and court orders |
Legal obligation |
We will request your consent before using information for materially new purposes that are incompatible with those above.
5. Sharing & Disclosure
We never sell or rent your personal information. We disclose it only:
- Service Providers & Processors – IT hosting, analytics (Google Analytics), payment processing, customer‑relationship software.
- Insurance & Re‑insurance Partners – to obtain quotes, place coverage, issue policies.
- Mitigation Vendors – e.g., semi‑autonomous wildfire‑prevention robots or inspection teams operating under NDA.
- Affiliates & Subsidiaries – for internal business purposes consistent with this Policy.
- Legal, Regulatory, or Safety Reasons – to comply with law, respond to lawful requests, protect rights, property, or safety.
- Business Transfers – connection with mergers, financing, or acquisition of all or part of our business (your information will remain subject to this Policy).
All vendors are contractually obligated to process data only on our instructions and to apply appropriate safeguards.
6. Cookies & Similar Technologies
We use first‑ and third‑party cookies, pixels, and local storage to:
- Operate the Site (strictly necessary)
- Understand usage patterns (analytics)
- Remember your preferences (functionality)
- Deliver or measure advertising (marketing‑/targeting, where permitted.
7. Automated Decision‑Making and AI
Our risk‑scoring engine uses machine‑learning models to predict wildfire likelihood with ~94% accuracy. Human experts review high‑impact decisions (e.g., coverage denial) to reduce algorithmic bias. You may request manual review of any automated decision that produces legal or similarly significant effects by emailing info@rockroserisk.com.
8. Data Retention
We retain personal information only as long as needed to fulfill the purposes described above, comply with legal obligations (e.g., insurance‑regulatory retention), resolve disputes, or enforce our agreements. When retention is no longer necessary, we securely delete or anonymize the data.
9. Information Security
We use industry‑standard safeguards, including encryption in transit and at rest, access controls, network firewalls, and regular penetration testing. No method of transmission or storage is 100 % secure; therefore, we cannot guarantee absolute security.
10. International Transfers
We are headquartered in the United States of America. If we transfer personal information outside your jurisdiction (including to the United States), we rely on approved mechanisms such as Standard Contractual Clauses or an adequacy decision. Copies of relevant transfer safeguards are available on request.
11. Your Privacy Rights
| Region |
Rights & How to Exercise |
| California (CCPA/CPRA) |
Know, access, correct, delete, opt‑out of sale/share, limit sensitive info, no discrimination. Submit a request via info@rockroserisk.com. We verify requests through email confirmation or other reasonable measures. |
| Other U.S. States |
Residents of CO, CT, DE, IA, MD, MN, NJ, OR, TN, TX, UT, VA, etc., have similar rights to access, correct, delete, and opt‑out of targeted advertising or profiling. We will honor qualifying requests. |
| EU/EEA & UK (GDPR) |
Access, rectification, erasure, portability, restriction, objection, and automated‑decision review. You may also complain to your local supervisory authority. |
| Canada (PIPEDA) |
Access and correction. |
| Marketing Opt‑Out |
Click “unsubscribe” in any marketing email or email info@rockroserisk.com. |
To exercise any right, please email {CONTACT_EMAIL} with the subject “Privacy Request” and specify your state/country of residence and the right you wish to exercise.
12. Children’s Privacy
Our Services are not intended for individuals under 16, and we do not knowingly collect personal information from them. If we learn that we have collected such data, we will delete it promptly. Parents or guardians may contact info@rockroserisk.com to request deletion.
13. Third‑Party Sites & Services
The Site may link to external sites (e.g., insurer portals, mitigation vendors). This Policy does not govern those third parties; review their privacy notices before providing data.
14. Changes to This Policy
We will update this Policy periodically to reflect legal, technical, or business changes. If changes are material, we will notify you via email or a prominent Site notice and indicate the effective date at the top. Continued use of the Services after any update constitutes acceptance.
15. Contact Us
If you have questions, concerns, or complaints about this Policy or our data practices:
- Email: info@rockroserisk.com
- Postal Mail:
- Attn: Privacy Team
- Rockrose Insurance Services, LLC.
- 1300 First Street,
- Suite 368
- Napa, CA 94559
16. Supplemental California Notice (“Notice at Collection”)
| Category Collected |
Purpose |
Sold/Shared? |
| Identifiers |
Provide Services, marketing, security |
No sale; shared only with service providers |
| Property & Risk Data |
Underwriting, mitigation |
No |
| Internet Activity |
Analytics, Site performance |
No |
| Inferences |
Generate risk score |
No |
We retain each category as disclosed in Section 8. We do not use or disclose sensitive personal information for purposes outside CCPA‑permitted exceptions.
17. End of Policy
Thank you for trusting Rockrose Risk. Protecting your data—and your property—remains central to our mission.
Questions? Email info@rockroserisk.com