Windermere Financial Privacy Policy

This Privacy Policy describes how Windermere Financial, LLC (“we,” “us,” or “the Company”) collects, uses, and discloses personal information from users of our website, www.windermerefinancial.com, and any related services or platforms (collectively, the “Platform”).

The Platform is designed to provide resources, tools, and support for licensed insurance agents and prospective agents (“Agents”). We may also receive and process information from individuals interested in insurance or financial products (“Consumers”). This information is shared with licensed Agents who assist Consumers in exploring or purchasing insurance and related products (the “Services”).

In some cases, we may work with trusted third-party lead providers (“Lead Vendors”) who gather inquiries from Consumers and share that information with us. We require that all Lead Vendors obtain appropriate consent from Consumers before transmitting their information, including clear permission to be contacted about specific insurance or financial products.

For the purposes of this Privacy Policy, “Personal Information” refers to any data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked—directly or indirectly—to a particular individual or household.

As the Company facilitates the sale of a diverse range of insurance products through its platform and services, certain types of information we process on behalf of Agents may fall under federal or state regulatory frameworks such as the Health Insurance Portability and Accountability Act (“HIPAA”) or the Gramm-Leach-Bliley Act (“GLBA”), as well as related state privacy laws.

Specifically, the Company may act as a Business Associate (as defined under HIPAA) when it receives Protected Health Information (“PHI”) from Lead Vendors or on behalf of a health plan that qualifies as a Covered Entity. In this role, the Company may collect, use, and disclose PHI strictly for the purpose of supporting health plan operations and Agent services. For detailed information on how PHI is handled, please refer to the applicable health plan’s Notice of Privacy Practices.

In addition, when the Company receives or processes personal data related to certain insurance or financial products, we may collect non-public personal financial information regulated by the GLBA. This may include information about a consumer’s application history, policy details, or transaction data. Use and disclosure of such information is subject to the GLBA and the privacy practices of the financial institution issuing the product. Please review the GLBA Privacy Notice provided by that institution for more information.

This Privacy Policy governs personal information that is not otherwise regulated by HIPAA or GLBA.

When you opt in to receive SMS or MMS text messages from the Company, we collect and use the associated information solely to manage and operate our texting communications program. This may include your phone number, message preferences, and any responses or interactions related to those messages.

Your consent to receive text messages applies only to communications from the Company. We do not sell, share, or transfer your consent or contact details to any third party for their own texting campaigns.

The Company collects various categories of Personal Information in the course of operating the Platform. This information may be collected directly from users or obtained from third parties such as Lead Vendors, Agents, data brokers, insurance carriers, and marketing organizations. We may also collect data automatically through cookies, analytics providers, or advertising networks.

The table below summarizes the categories of Personal Information we may collect, along with relevant examples and typical sources:

Category	Examples & Sources
Contact Information	Name, phone number (collected directly from users), email address, and mailing address of Consumers and Agents. Phone numbers used for SMS messaging are collected directly from the individual via our website, agent portal, or customer support. We do not use phone numbers acquired from third parties (e.g., lead vendors, data brokers) for SMS communication. Other non-SMS contact information may be collected from Lead Vendors, Agents, agencies, data brokers, and insurance carriers.
Login Credentials	Username and password used by Agents or Consumers to create and access their account on the Platform.
Identification Information*	Agents: National Producer Number, Social Security Number. Consumers: Driver’s license, Social Security Number, or other government-issued ID. Provided during onboarding or in connection with product applications.
Demographic Information*	Age, date of birth, marital status, language preference, ethnicity, race, and sex or gender. Collected from Lead Vendors, Agents, carriers, agencies, or data brokers.
Health Information*	Relevant health details (e.g., diabetes) shared during product inquiries or applications with Agents or representatives.
Sensory Information	Audio recordings of Consumer calls with Agents or representatives; session replay snippets evidencing consent. Collected from Lead Vendors, Agents, agencies, or carriers.
Commercial Information	Details about insurance and financial products requested or purchased, including application data and carrier name. Collected from Consumers, Agents, Lead Vendors, data brokers, advertising networks, or carriers.
Internet or Similar Network Activity	Device type, IP address, browsing session details, referring and exit pages, and interactions with our Platform. Collected automatically and/or via analytics and ad networks.
Geolocation Data*	Approximate or precise location based on IP or browser/device data. Collected automatically and/or via advertising networks.
Educational & Professional Information	Employment, income, education level, product preference, asset ownership, and consumer behavior. Collected from data brokers (Consumers) or during onboarding (Agents).

*Personal Information marked with an asterisk (*) may be considered “sensitive” under certain state privacy laws.

We may also receive your Personal Information from a spouse, partner, or other household member in the course of submitting an inquiry or application.

The Company does not collect biometric data, including DNA or other physiological or behavioral characteristics that can uniquely identify an individual.

Additionally, we may partner with financial processors or payment vendors to support Agents using the Platform’s CRM and business tools.

We may use or disclose the Personal Information that we collect for one or more of the following purposes:

• To operate, manage, and maintain the Platform;

• To communicate with users about the Platform, account activity, or updates;

• To contact Consumers through our employed Agents regarding insurance and/or financial products in which the Consumer has expressed interest;

• To respond to inquiries from Consumers, Agents, or other users;

• To process transactions and deliver requested services;

• To tailor content, offers, and information that we send or display to users;

• To analyze usage of the Platform, products, and services;

• To develop and improve our products and services;

• To comply with legal and regulatory obligations;

• To protect the rights, property, and safety of the Company, our users, and others;

• To evaluate or conduct a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets. In such a transaction, Personal Information may be transferred as a business asset. You hereby consent to such transfers and to the assignment of the rights and obligations under this Privacy Policy as part of any such transaction.

From time to time, we may contact users by email or mail with announcements, promotional offers, alerts, confirmations, surveys, and other communications. If you no longer wish to receive marketing or promotional communications from us, you may opt out at any time by emailing us at privacy@windermerefinancial.com.

We may also contact Consumers, Agents, and other users via SMS or MMS text message, but only if they have opted in to receive such messages, and only within the scope of that consent.

We may disclose all categories of Personal Information described in the section titled “Personal Information We Collect” to third parties as necessary to support the sale and servicing of insurance and financial products for individuals who have expressed interest in such offerings.

We may share Personal Information with the following categories of recipients:

With Our Service Providers

We may share Personal Information with vendors that provide operational services on our behalf. These include, but are not limited to, payment processors, email distribution vendors, cloud hosting services, CRM and agent support platforms, and other technology providers that help us deliver and manage the Platform and related Services.

With Our Business Partners

We may share Personal Information with business partners that help facilitate product sales. These include our affiliates in the insurance and financial industries, licensed insurance carriers, and marketing organizations that operate within the agent distribution hierarchy or specialize in the insurance sector.

With Law Enforcement or Government Agencies

We may disclose Personal Information to law enforcement, regulatory authorities, or other government entities when required to comply with legal obligations, protect our legal rights, or assist in investigations.

With Our Independent Agents and Advisors

Agents and advisors who work with the Company may access Personal Information provided by Consumers for the purpose of offering or facilitating the sale of insurance or financial products in response to the Consumer’s inquiry.

With Data Analytics and Advertising Service Providers

We may share certain categories of Personal Information—particularly internet activity, engagement data, commercial information, or social media identifiers—with third-party data analytics providers and advertising platforms. These parties help us understand Platform usage and deliver targeted advertising across devices and websites.

Note: The use of targeted advertising services may be considered a “sale” of Personal Information under some state laws. To learn more about your rights or opt-out choices, please refer to the section titled “Your Privacy Rights” below.

The website on which the Platform is hosted may use cookies, pixel tags, web beacons, and similar tracking technologies to improve user experience and analyze website performance. Some of these technologies may be placed on the site by third parties, including advertising networks and analytics providers.

Cookies are small data files stored on your device by your web browser. They are used for record-keeping purposes and may also help us personalize content, remember your preferences, and track user activity across the Platform. These technologies allow us to better understand your interests and enhance your experience with the Platform.

We may use the following types of cookies:

• Advertising and Analytics Cookies – Used to deliver relevant advertisements, measure campaign effectiveness, and collect usage data for site analytics.

• Social Media Cookies – Used to enable social sharing features and integrate third-party social media platforms with the Platform.

You may set your browser to refuse cookies or to alert you when cookies are being sent. Please note that if you disable cookies, some features of the Platform may not function as intended.

While our Platform does not currently recognize “Do Not Track” signals, it may respond to other browser-based opt-out signals, such as the Global Privacy Control (GPC). You can activate GPC through certain browsers or extensions to express your preference to limit the sale or sharing of your Personal Information.

The Platform is not intended for use by children under the age of 16. We do not knowingly collect, sell, or share Personal Information from individuals under 16 years of age.

No one under the age of 16 may use the Platform or provide any information through it. If you are under 16, do not register on the Platform, use any of its features, or provide any information about yourself, including your name, address, phone number, email address, or any other Personal Information.

If we become aware that we have collected or received Personal Information from a child under 16 without verified parental consent, we will take immediate steps to delete such information from our systems.

If you believe we may have collected Personal Information from or about a child under the age of 16, please contact us at privacy@windermerefinancial.com so we can promptly investigate and take appropriate action.

State consumer privacy laws may provide their residents with additional rights regarding our use of their Personal Information. These rights are summarized below. Please note that these rights are not absolute, and in certain cases, we may decline a request as permitted by applicable law.

Consumer Right	Description
Right to Know	You may request details about the categories of Personal Information we have collected, the purposes for collection, sources of that data, and whether we have sold or disclosed it to third parties.
Right to Access	You may request to access, inspect, and receive a copy of your Personal Information held by the Company.
Right to Delete Personal Information	You may request that we delete your Personal Information, subject to certain exceptions allowed by law.
Right to Correct	You may request that we correct inaccuracies in your Personal Information.
Right to Opt-Out	You may request to opt-out of certain uses of your Personal Information, including targeted advertising or the sale/sharing of data collected from third-party websites.
Right to Request to Appeal	If we deny a request, you may request an appeal by contacting us. Please include “APPEAL” in your message along with a brief description of your original request and the outcome you are seeking.
Right to Limit Use and Disclosure	You may request that we limit our use and disclosure of your sensitive Personal Information, as defined under applicable laws like the CCPA.
Non-Discrimination	You have the right to be free from discrimination for exercising any of your privacy rights under state law.

To exercise any of these rights, please email us at privacy@windermerefinancial.com. Only you, or someone legally authorized to act on your behalf, may submit a request related to your Personal Information.

Exercising Your Privacy Rights

Step	Description
Verification	In order to protect your Personal Information from unauthorized access or deletion, we are legally required to verify your identity before processing certain data rights requests. This may include verifying your account credentials or requesting additional information. If you submit a request to delete your Personal Information, we may also require you to confirm the request by responding to an email confirmation. If we are unable to confirm your identity to a reasonable degree of certainty, we may decline to process your request.
Use of Authorized Agents	You may authorize a third party to submit a privacy rights request on your behalf. If you do so, the authorized agent must provide a signed written authorization from you. Additionally, you must verify your identity directly with us and confirm that you provided the agent permission to act on your behalf.

To the extent applicable, Windermere Financial, LLC (“the Company”) is required under the California Consumer Privacy Act (“CCPA”), as amended, to provide California residents with specific information regarding how we collect, use, and share their Personal Information in our capacity as a business. This section only applies to California residents.

For purposes of this section, “Personal Information” has the meaning defined in the CCPA. These rights are not absolute and may be limited by applicable law. To exercise any of these rights, please email us at privacy@windermerefinancial.com.

Categories of Personal Information Collected

In the past twelve (12) months, we have collected and disclosed the categories of Personal Information identified in the section titled “Personal Information We Collect,” and shared them with the third parties identified in “How We Share the Personal Information We Collect.” These categories include:

• Identifiers
• Information under Cal. Civ. Code § 1798.80(e)
• Protected classification characteristics under California or federal law
• Commercial information
• Geolocation data
• Internet or electronic network activity
• Professional or employment-related information
• Sensitive Personal Information (marked with an asterisk in our collection table)

We do not use or disclose sensitive Personal Information for any purpose outside those permitted by California law under 11 CCR § 7027(m).

Summary of Your Rights Under the CCPA

Consumer Right	Description
Access	Request the categories of Personal Information collected, its sources, purposes, recipients, and categories of third parties to whom it was disclosed, sold, or shared.
Request a Copy of Your Personal Information	Request a copy of the specific Personal Information we have collected, used, or disclosed about you within the past 12 months.
Correction	Request correction of inaccurate Personal Information we maintain about you.
Deletion	Request deletion of Personal Information, subject to certain exceptions provided by law.
Opt-Out of Sale or Sharing	Opt out of the “sale” or “sharing” of your Personal Information, including targeted advertising or use by third parties.
Limit Use of Sensitive Personal Information	If we use your sensitive Personal Information beyond permitted purposes, you may request to limit such processing.

Exercising Your Rights

Process	Description
Verification	To protect your information, we are legally required to verify your identity before fulfilling certain requests. This may involve confirming your account credentials or providing additional identifying information. If you request deletion, we will also ask you to confirm the request via email. If we cannot verify your identity, we may deny your request.
Use of Authorized Agents	You may designate an authorized agent to submit a request on your behalf. The agent must provide signed written authorization, and you must verify your identity directly with us unless the agent holds a valid power of attorney under California Probate Code §§ 4121–4130.

Sale and Sharing of Personal Information

We may facilitate the sale of insurance and financial products and engage in targeted advertising, which may be considered a “sale” or “sharing” of Personal Information under California law.

In the last twelve (12) months, we have sold or shared the categories of Personal Information identified above with advertising networks, data analytics vendors, insurance carriers, and licensed Agents.

NOTICE: We may sell or share your sensitive personal data.

To opt out of the sale or sharing of your Personal Information, please email us at privacy@windermerefinancial.com with the subject line “Do Not Sell or Share My Personal Information.”

We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our data retention periods vary depending on the type of Personal Information and the context in which it was collected, but we generally consider the following criteria to determine appropriate retention duration:

• Whether we are legally or contractually required to retain the data;
• Whether the data is necessary to operate, maintain, or improve the Platform; and
• Whether our Consumers or Agents would reasonably expect us to retain the data until they delete it or close their accounts.

When we no longer have a legitimate business need to retain your Personal Information, we will delete or anonymize it. If immediate deletion is not possible (for example, if your information is stored in secure backup archives), we will securely store the data and isolate it from further processing until deletion becomes feasible.

Data Security

No security system is foolproof, and the Internet is inherently insecure. While we cannot guarantee absolute security, the Company takes reasonable administrative, technical, and physical safeguards to protect against unauthorized access, alteration, disclosure, or destruction of the Personal Information we collect and store.

Third-Party Applications and Integrations

Our Platform may utilize third-party applications and integrations to enhance functionality or user experience. We disclaim any and all liability and responsibility for the use of these applications and integrations. We strongly encourage you to review the privacy policies of those third-party services before engaging with them or providing any personal information.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. If we make material changes to the Policy, we will notify you either by email or through a notice posted on our Platform prior to the change becoming effective. Your continued use of the Platform following any changes constitutes your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Phone: 800-652-7922
• Email: privacy@windermerefinancial.com
• Mailing Address:
  Windermere Financial, LLC
  1400 Newport Center Dr
  Ste 275
  Newport Beach, CA 92660