Insurance Institute for Business & Home Safety Consumer Privacy Policy

This Privacy Policy (“Policy”) outlines how the Insurance Institute for Business & Home Safety (“IBHS,” “we,” “us,” or “our”) collects, uses, and shares the Personal Information of our Consumers. We respect the privacy of our Consumers and are committed to protecting it.

Please read this Policy carefully. In order to provide our services, we must collect certain Personal Information from our Consumers. You are under no obligation to provide this Personal Information to us, but not providing it may result in our services being unavailable to You.

1. Definitions

When any of the below terms are used and Capitalized in this Policy, they shall have the following meaning:

a. “Consumer” means a natural person who applies or seeks to use IBHS’ services.
b. “Member Companies” means the property and casualty insurance and reinsurance companies that are currently dues paying members of IBHS. A Full list of our Member Companies can be found here:
c. “Our Websites and Apps” means:

x. IBHS branded Applications that are available to our Consumers.

d. “Personal Information” means any information relating to an identified or identifiable individual. Personal Information may include a Consumer’s: full name, social security number, physical address, email address, insurance policy or account number, or driver’s license or other identification number.
Personal Information does not include any aggregate or anonymized data that may have been created from Personal Information but can no longer be used to identify a Consumer.
e. “Special Personal Information” means any data about a natural person that reveals a racial or ethnic origin, political opinion, religious belief, philosophical belief, or trade union membership. It also includes a natural person’s genetic and biometric data, and data concerning their health, sex life or sexual orientation.
f. “You” or “Your” means a Consumer.

2. Scope of this Policy

This Policy explains why we collect the Personal Information of our Consumers, what Personal Information we collect, how we use this information, who we share it with, and how we secure it. It is applicable tothose Consumers that seek our services in connection with our FORTIFIED and Wildfire Prepared Home programs.

3. Why We Collect Your Personal Information

We must collect Personal information from or about You in order to offer and provide our services in connection with our FORTIFIED, Wildfire Prepared Home, or other IBHS programs, and more specifically to allow Consumers to obtain and maintain a FORTIFIED or Wildfire Prepared Home designation.

These programs are based on IBHS’ research and insights which have identified certain actions that home and business owners can take to reduce the risks and costs associated with certain weather-related losses. We have created our FORTIFIED and Wildfire Prepared Home programs to give Consumers a specific designation to demonstrate that they have completed these actions to reduce the risk and potential costs to certain weather-related losses to their own homes or businesses. We need Personal Information from You to ensure that You :

i. are the owner of the property or business that seeks the designation; and
ii. have completed the actions required to qualify for and maintain the designation.

The FORTIFIED and Wildfire Prepared Home programs have several useful applications for Consumers, one of which is the potential reduction to their related insurance premiums. Thus, we also need Personal Information from You to be able to share the status of Your designation, Current Conditions Report, or relevant mitigation actions You have undertaken with our Member Companies or other non-member insurance companies, agents, and brokers, and confirm your designation, Your continuing compliance with the requirements for the designation, or relevant mitigation actions You have undertaken. We may also share this information to assist the administration of grant programs for which a FORTIFIED or Wildfire Prepared Home program is a required element.

Finally, to evaluate Your home or business for the provision of the designation, review any relevant mitigation actions, and confirm that Your property has earned the designation, we must also collect Your Personal Information to share with Our third-party inspectors, certified evaluators, roofers and contractors. We explain further how we share Your Personal Information with these third parties in Section 7 below.

4. What Personal Information We Collect

A. From You Directly: We may collect the following Personal Information directly from You:

i. Your full name;
ii. Your physical home address;
iii. The physical address of the property seeking the designation if it is different from Your home address;
iv. Your email address;
v. Your employer;
vi. Your phone number; and
vii. If necessary, the names of members of Your household, family or business relationships who have an ownership interest in the property seeking the designation.

B. Payment Information: Even though our designations may require payment from You (e.g., the application fee for the Wildfire Prepared Home program), We do not collect or maintain any financial information or payment processing information directly from You. Instead, we use Stripe as our third-party payment processor to collect and process any payments on our behalf. You may find Stripe’s privacy policy and other related policies with regards to Your personal and financial information here (

C. Special Personal Information: We do not specifically collect Special Personal Information from You. If in the course of qualifying for the designation certain Special Personal Information is disclosed or becomes apparent (i.e., one of Our third-party certified evaluators sees that You require the use of an oxygen machine to breathe or sees a political flag displayed at Your home), we do not maintain or use this information in any way, except if it has some relevance to qualifying for the designation (i.e., You do not safely store Your required oxygen tanks which prevents Your qualification for the designation). In such a situation, we would explain how this information prevented You from qualifying for the designation, but we will not otherwise maintain or use such Special Personal Information.

D. From Third-Parties: We may also obtain both Personal Information and non-personal information about You from IBHS members, business partners and other third-parties, including certified evaluators, certified contractors, certified roofers, engineers, auditors, inspectors, and as noted above, our third-party payment processor Stripe. This information may include:

i. Details about Your home or property that is seeking the designation or that has undertaken relevant mitigation actions;
ii. Pictures of Your home or property that is seeking the designation or that has undertaken relevant mitigation actions;
iii. Confirmation of Your payment of the fees associated with the designation; and
iv. Details about Your continued efforts or actions to maintain the designation.

E. From Our Websites and Apps
Please see the Terms of Service and privacy policy specific to our websites and apps for more information, but we also may collect the following Personal Information from Our Websites or Apps:

i. Your IP address;
ii. Geolocation data;
iii. Internet service provider;
iv. Language settings or preferences;
v. Your time zone;
vi. Your Computer operating system; and
vii. Your Phone’s operating system.

5. How We Use Your Personal Information

We generally use Your Personal Information to provide our services to You, for our own business purposes, and to aggregate and anonymize certain information for our research purposes.
More specifically and in connection with these general reasons, we may use Your Personal Information and non-personal information to:

• register and create Your FORTIFIED or Wildfire Prepared Home account on one of our Websites and/or Apps;
• deliver the services that You have requested from us;
• manage Your account, provide You with customer support, or otherwise contact You in response to Your requests, comments, and questions;
• provide information regarding your FORTIFIED or Wildfire Prepared Home designation, relevant mitigation actions You have undertaken, or Current Conditions Report regarding your property to your insurance carrier, insurance agent or broker, or the administrator of a grant program for which a FORTIFIED or Wildfire Prepared Home designation is a required element;
• to conduct research, inform risk communications, improve existing IBHS programs, and contribute to the development of future IBHS programs;
• if You have opted into receiving our emails, provide You with information on our events, webinars, Wildfire Prepared Home resources, FORTIFIED resources, risk research, and other content we develop;
• administer our FORTIFIED or Wildfire Prepared Home programs, including processing Your designation application, conducting audits for FORTIFIED projects, and processing applications for the Wildfire Prepared Home program;
• administer surveys and questionnaires, and perform corresponding analysis;
• for marketing purposes, including helping us create and deliver content most relevant and impactful to You, develop and display marketing and advertising tailored to Your interests, and measure and improve the effectiveness of our marketing campaigns (if you prefer that we not contact you in this manner please follow the Opt-Out instructions contained in Section below);
• perform research and analysis about Your use of, or interest in, our Website, Apps, or services;
• aggregate or de-identify information;
• for service administration where we need to contact You for reasons related to our Websites, Apps, and/or services, (for example, where we need to send you a link to reset your password, notify you about updates to our services, programs, events, this Policy, or our Terms of Service);
• enforce our Terms of Service;
• manage our business and perform related business functions;
• protect against or identify possible fraud or illegal conduct; and
• for legal compliance purposes.

6. We Do Not Sell Your Personal Information

We do not sell Your Personal Information under any circumstances. We may, however, under certain circumstances, charge a fee to member or non-member insurance companies, agents, and brokers, who contact us on Your behalf to confirm that Your property has earned or maintained a FORTIFIED or Wildfire Prepared Home designation or undertaken relevant mitigation actions.

7. How We Share Your Personal Information

Generally, we share Your Personal Information as necessary to provide the services You request, including sharing information with certain Third-Parties, such as service providers and our Member Companies. We also may share Your Personal Information when required to by law, to protect Your rights and safety, and with Your consent.
Specifically, we may share Your Personal Information:

i. With Third-Parties, including:

a. Authorized service providers: We may share Your Personal Information with our authorized service providers that perform certain services on our behalf. These services may include relationship management software; website hosting; inspection, evaluation, audit, and quality assurance services for the FORTIFIED program and Wildfire Prepared Home program; web forms to collect information about homeowners, evaluations, evaluators, engineers, contractors and auditors; email marketing providers; customer service providers; providers that perform business and operations analysis for us; and providers that support and maintain our Websites and/or Apps.
b. Member Companies: We may share certain personal information and non-personal information with our Member Companies, including Your property address, the level of FORTIFIED or Wildfire Prepared Home designation it has achieved, or relevant mitigation actions You have undertaken. Member Companies may also use a look-up function to check property addresses against the FORTIFIED or Wildfire Prepared Home databases. Member Companies may require You to sign a consent form or some other document to enable this request. IBHS is not responsible for, nor does it facilitate such consents.
c. Business partners: When You participate in our services and programs, we may share Your Personal Information, including Your property address, in the FORTIFIED database or Wildfire Prepared Home database, with the businesses with which we partner to administer the services and programs (e.g., evaluators, engineers, contractors). We may also provide Your Personal Information to entities that are aligned with IBHS’s mission and objective to strengthen the resilience of homes, businesses, and communities, including but not limited to administrators of grant programs for which a FORTIFIED or Wildfire Prepared Home designation is a required element.
d. Non-Member Insurance Companies, Agents, and Brokers: We may provide information regarding Wildfire Prepared Home designations, such as confirmation that Your address has achieved the designation or relevant mitigation actions that You have undertaken, to Insurance Companies, Agents, and Brokers, who are not members of IBHS, but which have requested this information from IBHS on Your behalf. Non-Member Insurance Companies, Agents, and Brokers may require You to sign a consent form or some other document to enable this request. IBHS is not responsible for, nor does it facilitate such consents.
e. State insurance regulators and government entities: Upon request or in connection with a legal reason, we may provide Your Personal Information, including FORTIFIED address or Wildfire Prepared Home address information, to insurance regulators and other governmental entities for fraud investigations or other governmental or regulatory purposes.

ii. For a Legal Reason: We may have to share Your Personal Information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.

iii. To Prevent Fraud or Illegal Conduct: We may have to share Your Personal Information in situations where we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our Consumers, our employees, or others; or to enforce our terms of service or other agreements or policies.

iv. For Corporate Reasons: We may also share Your Personal Information as part of a sale, merger, or change in control or ownership of IBHS, or in the unlikely event of bankruptcy, or in preparation for any of these events. If such an event should happen, the new entity would have the right to continue to use Your information, but only in the manner that is set out in this Policy, unless You otherwise agree.

v. With Your consent: When you provide us with Your consent to share your information with a third-party.

Third-Party Marketing Notice: When we share Your Personal Information with our Member Companies or other insurance companies, they may use Your Personal Information to market their services and products to You. As outlined below in Section 8, You have the right to request more information from us about the Personal Information that we share with these companies.

Third-Party Privacy Policies: When we share Your Personal Information with our Member Companies and other insurance industry professionals, in addition to potentially marketing their services and products to You, they may also have their own privacy policies which outlines how they may use and disclose Your Personal Information. In order to learn more about these other privacy policies, You should visit these companies’ websites directly. A list of our Member Companies can be found here:

Mobile information: No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Aggregated Information: We may deidentify and anonymize Your Personal Information in order to combine it with other non-personal information to create a new aggregated data set for our research and business purposes and to share with various third-parties as well.

8. How We Secure Your Personal Information

The security of Your Personal Information is important to us. We utilize commercially available and reasonable data security safeguards, such as a firewall and multi-factor authentication, to secure access to our systems and the data stored in them.

We rely on You to do Your part as well by using a complex password to the accounts that You create with us and keeping access to it safe.

There is no way, however, to completely eliminate the risk of a data security incident. If we do suffer one that affects any of Your Personal Information, We will report the same to You as per applicable data breach notification laws.

9. Your Privacy Rights

A. How You Can Access Your Information

If You have an online account with us, You have the ability to review and update Your Personal Information online by logging into Your account. You can also review and update Your Personal Information by contacting us using the contact information provided in Section 12 below.

You may close Your account with us at any time, but in doing so, You may lose the ability to continue to obtain or renew the designation for Your property. If You close Your Account, it will no longer be accessible by You and we will retain certain information associated with your account for analytical purposes and record keeping integrity, as well as to prevent fraud, collect any fees owed, enforce our terms and conditions, take actionswe deem necessary to protect the integrity of our web site or our users, or take other actions otherwise permitted by applicable law. In addition, if certain information has already been provided to third parties as described in this Policy, retention of that information will be subject to those third-parties’ policies.

B. Opt-Out of Marketing Communications
When you register for an account on one of Our Websites or Apps, or for one of our events, You will be able to choose, or “Opt In” to receiving marketing or promotional e-mail messages. All of these marketing or promotional emails will contain an “Opt Out” link at the bottom of the message. You can use that link to stop receiving these emails from us.
Please note that it may take up to 10 business days for us to process an opt-out request.
Even if You “Opt Out” of receiving marketing emails from us, if You still maintain an account with us or have a designation that requires renewal, we will still send You transactional and relationship e-mail communications in order to service and maintain Your account or designation. If You are receiving marketing emails from a third-party that we have shared Your Personal Information with as outlined above, You will have to separately “Opt Out” of those emails directly with those third-parties.

C. California Resident’s Privacy Rights

a. If You are a resident of California, You have the right to request from us:

i. the categories of Your Personal Information that we have disclosed to third-parties; and
ii. the names and addresses of all of the third-parties, and in some situations examples of the products or services offered by those third-parties, that we have disclosed Your Personal Information to;
in the 12 months immediately preceding the date of Your request for this information.

b. In order to exercise these rights, please contact us at with Your request for this information and we will respond as soon as practicable. Please note that we may need to verify Your identify before we can process Your request, and that such verification may delay our response.
c. This information will be provided to You in response to a verified request free of charge.

10. Children’s Personal Information

We do not knowingly collect personal information from children under the age of 13. Our services, Websites and Apps are not marketed to or geared for children under the age of 13.

11. No Rights of Third Parties

This Policy is not meant to and does not create rights or benefits enforceable by third parties.

12. Changes to this Policy

We may modify this Policy from time to time and will notify you of any updates to our Policy either by sending a copy directly to You or posting a link to the revised Policy on our Websites and Apps. We have indicated the date that this Policy was last updated above. We encourage You to review this Policy each time you visit our Websites and Apps to see if it has been updated since Your last visit.

13. How You can Contact Us

If you have any questions about this Policy or our privacy practices, please contact us by e-mail or postal mail as follows:

Insurance Institute for Business & Home Safety
Attn: Michael Newman
5335 Richburg Road
Richburg, SC 29729

February 3, 2023

Insurance Institute for Business & Home Safety Website and Application Privacy Policy

1. Introduction

This Privacy Policy specifically outlines the Insurance Institute for Business & Home Safety’s (“IBHS,” “we,” “us,” or “our”) Privacy Policy for its Websites and Applications (“Online Policy”). If you are a consumer that is seeking our services in connection with our FORTIFIED and Wildfire Prepared Home programs, our consumer privacy policy can be found here.

By continuing to use our Website and Apps, you are agreeing to the terms of this Online Policy. If you do not agree, then please stop using our Website and Apps.

For purposes of this Online Policy, the term “Websites and Apps” when capitalized and used herein shall refer collectively to as well as the other websites that we operate and that link to this Online Policy, including but not limited to:

2. Third-Party Websites and Apps

Our Websites and Apps may contain links that enable you to share content on social media and to other websites or to third-party apps that do not operate under this Policy. These third-party websites and apps may independently solicit and collect personal information from you and, in some instances, provide us with information about your activities on those websites. We encourage you to review the privacy statements of all third-party websites and apps you visit and download to understand their information practices.

While we strongly support the protection of privacy on the Internet, we do not have control over, and cannot be responsible for, the actions of third-parties. We encourage you to review each third party’s privacy statement and other otherwise understand its privacy practices before providing personal information directly to it.

3. Information that We collect from Our Websites and Apps

We collect certain personal information from you in order to operate our Websites and Apps effectively and provide you with the best experiences when you visit and use them.

a. Information Provided by You

When you register for an account online or download our application, we will collect certain personal information about you such as your name, address, e-mail address, telephone number, and employer name.
If you complete one of our self-assessments or surveys online (i.e. the FORTIFIED home assessment or the Wildfire Prepared Home self-assessment), we will collect certain personal information about you as well such as your home or property address and details about the property and your manner of living.

b. Information collected on our Websites and Apps

We also may use various technologies to collect information from your computer or device about your activities on our Websites or Apps.

i. Information collected automatically: We may automatically collect information from you when you visit our Websites and Apps. This information may include your IP address, location data, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, referring or exit website address, internet service provider, date/time stamp, operating system, locale and language preferences, and system configuration information. We use Google Analytics to collect information. You can learn about how Google Analytics collects and processes data here.

ii. Cookies: When you visit our Websites and/or Apps, we may assign your device one or more cookies to facilitate access to our site and to personalize your online experience. Through the use of a cookie, we also may automatically collect information about your online activity on our site, such as the web pages you visit, the links you click, and the searches you conduct on our site. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on our Websites or Apps.

A cookie is a small text file that is stored on a user’s computer for record keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our website. A persistent cookie remains on your hard drive for an extended period of time. For example, when you sign in to our Websites or Apps, we will record your user or member ID, which is your email address, and the name on your user or member account in the cookie file on your computer. We store your unique member ID in a cookie for automatic sign-in. This cookie is removed when you sign-out. For security purposes, we will encrypt the unique member ID and any other user or member account-related data that we store in such cookies. In the case of sites and services that do not use a user or member ID, the cookie will contain a unique identifier. We may allow our authorized service providers to serve cookies from our website to allow them to assist us in various activities, such as doing analysis and research on the effectiveness of our site, content, and advertising. You may delete or decline cookies by changing your browser settings (click “Help” in the toolbar of most browsers for instructions). If you do so, some of the features and services of our Websites and/or Apps may not function properly.

iii. Other technologies: We may use standard Internet technology, such as web beacons and other similar technologies, to track your use of our Websites and Apps. We also may include web beacons in promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer to users of our Websites and Apps to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming, or other activities. Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies. Unlike cookies, which are stored on your device, web beacons are embedded invisibly on the web pages (or in emails) and are about the size of the period at the end of this sentence. Web beacons may be used to deliver or communicate with cookies, to count visitors to certain pages, and to understand usage patterns. We also may receive an anonymous identification number if you come to our Website or App from an online advertisement displayed on a third-party website.

4. Third-Parties that We share this Information with

We may share information collected from our Websites and Apps with our business partners, member and non-member insurance companies, and service providers. We may also use this information for research and public risk communications.

5. Third-Party Tracking on Our Website and Apps

Third parties may be using Cookies or other technologies to collect your personal information as you navigate through the internet including from our Website and Apps. As described above, you may decline these Cookies by changing your browser settings.

6. Sale of Your Personal Information

IBHS does not generally sell any Personal Information that it has collected via our Website and Apps to any third parties. However, under recent guidance from the California Attorney General, our use of analytics providers for our Website and Apps may be considered a sale under California Law. Thus, to the extent that such activity constitutes a sale, this would be the only situation in which we would sell your Personal Information.

7. Do Not Track (“DNT”) Settings

DNT is a setting on some web browsers or mobile devices that can be turned on to instruct websites to disable tracking of your web browsing activities. DNT is not currently widely adopted and does not have clear standards or guidelines as to how websites are to interpret it. Additionally, its signals can affect the functioning of certain websites. As such, IBHS does not generally respond to these signals.

8. Changes to this Online Policy

Any changes to the Online Policy will be posted directly on our Websites and Apps and reflected with a new Effective Date at the top of this Online Policy. We encourage you to review the Online Policy each time you visit our Websites and Apps to see if it has been updated since your last visit.

February 3, 2023