Privacy Policy

Last updated: April 17, 2026

Pigeon Underwriting, LLC — Privacy Policy

__Effective Date: __April 17, 2026

__Last Updated: __April 17, 2026

__Version: __1.0

1. Introduction

Pigeon Underwriting, LLC ("Pigeon," "we," "us," or "our") is a Managing General Agent (MGA) that underwrites commercial property catastrophe insurance. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you interact with us through our website (pigeonrisk.com), our broker portal, or any other services we provide (collectively, the "Services").

We are committed to protecting your privacy and handling your personal information responsibly. Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this policy.

2. Information We Collect

2.1 Information You Provide

When you submit an application, create an account, or interact with us, we may collect:

Insurance Application Information:

  • Named insured (business name, legal entity type, FEIN/Tax ID)
  • Contact information (names, email addresses, phone numbers, mailing addresses)
  • Property information (addresses, building characteristics, construction type, occupancy, year built, square footage, property values)
  • Statements of values (SOVs) with location-level detail
  • Loss history and prior claims information
  • Coverage preferences (limits, deductibles, coverage types)
  • ACORD forms and supporting application documents

Account Information (Brokers and Portal Users):

  • Name, email address, phone number
  • Company name and license information
  • Login credentials (email/password or single sign-on via Google or Microsoft)
  • Communication preferences

When you sign in via a third-party identity provider (Google or Microsoft), we receive your name, email address, and basic profile information as authorized by the provider. We do not receive your password.

Communications:

  • Emails, messages, and correspondence you send to us
  • Feedback, survey responses, and support requests

2.2 Information We Collect Automatically

When you use our website or portal, we may automatically collect:

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Cookies and similar tracking technologies (see Section 8)
  • Usage data (features used, actions taken within the portal)

2.3 Information We Obtain from Third Parties

To verify and standardize the property addresses you submit, we use third-party address verification and geocoding services (currently SmartyStreets and OpenStreetMap/Nominatim). These services return standardized addresses and geographic coordinates for the locations you provide.

We do not currently purchase or retrieve property, hazard, aerial imagery, consumer credit, or public-record data from commercial data brokers. As our platform evolves, we may begin using additional third-party data sources to support underwriting; if we do, we will update this policy.

2.4 Sensitive Information

We generally do not collect sensitive personal information as defined under the CCPA (such as Social Security numbers, health information, or biometric data). Our business is commercial property insurance, which primarily involves business entity information rather than individual consumer data. To the extent we receive Social Security numbers or other sensitive information incidentally (e.g., on a submitted document), we treat it with heightened protection and do not use it for underwriting purposes.

Payment Card Information.

If you pay a premium, fee, or other amount through the Platform, your payment card data is collected and processed directly by Stripe, Inc. Pigeon does not store full card numbers or security codes on our own servers. We receive confirmation of payment status and limited card metadata (such as the last four digits and card type) for reconciliation purposes.

3. How We Use Your Information

We use personal information for the following purposes:

Insurance Operations:

  • Evaluating and underwriting insurance applications
  • Generating quotes and binding coverage
  • Issuing policies, endorsements, certificates, and other documents
  • Processing claims
  • Managing renewals and policy lifecycle
  • Communicating with brokers and insureds about policies

Risk Assessment and Modeling:

  • Operating our proprietary catastrophe models to assess risk at the property level
  • Enriching submission data with third-party property, hazard, and geospatial information
  • Monitoring insured properties for catastrophe events

Compliance and Legal:

  • Complying with surplus lines tax and filing requirements
  • Recording and maintaining producer licensing information required for compliance and audit
  • Maintaining audit trails as required by our capacity partners and regulators
  • Responding to legal process, regulatory requests, and law enforcement

Operations and Improvement:

  • Operating and maintaining our platform
  • Improving our services, underwriting models, and user experience
  • Communicating with you about your account and our services
  • Fraud prevention and security

AI-Assisted Processing:

  • Using artificial intelligence to extract, classify, and structure information from submitted documents (SOVs, ACORD forms, loss runs)
  • Using AI to assist in underwriting triage and risk assessment
  • All AI-assisted underwriting decisions are subject to human review

4. How We Share Your Information

We do not sell your personal information. We share personal information only as follows:

Capacity Partners (Insurance Carriers):

We share policy and underwriting data with the insurance carriers that provide capacity for our programs. This is necessary to bind and administer insurance coverage.

Reinsurers:

We share aggregate and policy-level data with reinsurers as required under our reinsurance arrangements.

Wholesale and Retail Brokers:

We share policy information with the producing broker on the account.

Service Providers:

We share personal information with vendors who process data on our behalf. Our current service providers include:

  • Application hosting and content delivery — Vercel, Inc.
  • Authentication and file storage — Supabase, Inc.
  • Database hosting — Neon, Inc.
  • Payment processing — Stripe, Inc.
  • Address verification and geocoding — SmartyStreets and OpenStreetMap / Nominatim
  • AI services for document extraction and underwriting assistance — Anthropic, PBC
  • Background workflow orchestration — Inngest, Inc.

All service providers are contractually obligated to use personal information only for the services they provide to us and to maintain appropriate security measures. Our list of service providers may change as our platform evolves; we will update this policy to reflect material changes.

Regulatory and Legal:

We disclose personal information when required by law, regulation, legal process, or governmental request, including surplus lines filings and regulatory examinations.

Business Transfers:

In connection with a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, including:

  • Policy data: For the duration of the policy plus seven (7) years (or longer as required by applicable law or our capacity partner agreements)
  • Submission data (not bound): Three (3) years from submission
  • Compliance records (surplus lines filings and related records): Five (5) years minimum
  • Account data: Until the account is closed, plus three (3) years
  • Website usage data: Twelve (12) months

6. Your Rights

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights regarding your personal information:

  • Right to Know: Request what personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information, subject to exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at legal@pigeonrisk.com. We will verify your identity before processing your request.

__Note: __Certain insurance data may be exempt from CCPA deletion requests under the insurance exemption (Cal. Civ. Code § 1798.145(e)) or where retention is required for ongoing policy administration, regulatory compliance, or claims handling.

6.2 Florida Residents (FDBR)

Florida residents may have additional rights under the Florida Digital Bill of Rights. Contact us at legal@pigeonrisk.com to exercise any applicable rights.

6.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. Contact us for information about your specific rights.

7. Data Security

We implement appropriate technical and organizational measures to protect personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls with multi-factor authentication
  • Application-layer authorization that isolates broker and policyholder data based on user roles and permissions
  • Regular security assessments and monitoring
  • Employee and contractor confidentiality agreements and training
  • Incident response procedures

No system is perfectly secure. While we use reasonable efforts to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking

Our website and portal use cookies and similar technologies for:

  • Essential cookies: Required for site functionality (session management, authentication, security)

We do not currently use analytics, advertising, or cross-site tracking cookies. You can control cookie preferences through your browser settings.

9. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

10. Children's Privacy

Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. AI and Automated Decision-Making

We use artificial intelligence in our underwriting process, including for document extraction, risk assessment, and submission triage. Key points:

  • AI-assisted decisions are always subject to human underwriter review before a policy is bound
  • We maintain audit logs of AI-assisted decisions for regulatory and carrier audit purposes
  • Our models use property-level and geographic data for risk assessment; we do not use race, ethnicity, religion, or other protected characteristics in our underwriting models
  • If you have questions about how AI was used in your application, contact us

12. Changes to This Policy

We may update this policy from time to time. We will post the updated policy on our website with a revised "Last Updated" date. Material changes will be communicated through our portal or by email.

13. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Pigeon Underwriting, LLC

Attn: Privacy

4633 West Leona Street, Tampa, Florida 33629

__Email: __legal@pigeonrisk.com