Privacy Policy
Last updated on October 18, 2024
Root takes protecting your privacy seriously. Root’s Privacy Policy describes how the company collects, shares, stores, and secures your information. If you want to know more, our complete Privacy Policy is available to read below.
This Privacy Policy describes the privacy practices of the Root, Inc. family of companies (“Root”, “us”, “we”, or “our”) in connection with information we collect through our websites (“Websites”), social media pages we control (“Social Media Pages”), and software applications we make available for use on or through computers and mobile devices (“Apps”), that include a link to this Privacy Policy, and through any of our offline activities, such as when you provide your information on the phone via our call centers or in person (“Offline Activities”) (collectively, including the Websites, Apps, Social Media Pages, and Offline Activities, the “Services”). (See Root App End User License Agreement). This Privacy Policy applies to information collected by our Services and is intended to generally notify you of the following:
How and What Information We Collect
Our Practices With Respect to Cookies and Similar Online Tracking Technologies
How We Use and Disclose Your Information
Sale and Sharing of Your Information
Use and Disclosure of Sensitive Information
How We Secure and Retain Your Information
How Long We Retain Your Information
Your Choices
Notice of Privacy Rights for Residents of Certain U.S. States
Exercising Your Rights
Changes to our Privacy Policy
By using our Services you agree to this Privacy Policy and the collection and use of information contemplated by its terms. This is Root’s entire and exclusive Privacy Policy, and it supersedes any earlier version. This Privacy Policy applies to information we collect from all sources. If you feel that we are not abiding by this Privacy Policy, you should contact us immediately at legal@joinroot.com.
This Privacy Policy does not apply to any non-Root affiliates. It also does not apply to the practices of our licensees or business partners, which could include, for example, vendors or advertisers.
This Privacy Policy also does not apply to any information collected in the course of provision of any financial products or services, which is subject to our Insurance and Financial Product Privacy Notice (the notice under the Gramm-Leach-Bliley Act (GLBA)) that describes how Root collects, uses, and discloses non-public information about you that falls under the scope of the GLBA.
How and What Information We Collect We collect information from you when quoting a policy, completing an application, using our websites or mobile apps, during a telematic test drive, or during the claims process. We may also receive information about you from third party data providers, ad networks, social media platforms and other marketing or advertising partners, or aggregators, such as credit and consumer reporting agencies, and state motor vehicle agencies. We also collect information through your use of our App, your internet activity, or through the use of common online tracking technologies like browser cookies, “Local Shared Objects” (such as “Flash” cookies), analytical tools, device IDs or other technologies, as further described in the below section. We may use these technologies to provide our products and for authentication, analytics, security, fraud prevention or similar purposes. To the extent that this information includes “Personal Information” or “Personal Data” as defined under appliable law, this information is referred to collectively as “information.” Specifically, the term “information” includes data relating to an identified or identifiable natural person, who could be identified either directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Root is the sole owner of the information collected from you through our Services. Examples of the information we may collect includes:
Identifiers: including real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, Subscribing Membership ID, social media account information, or other similar identifiers. We will also collect this information about household drivers if considered for addition to a policy.
Vehicle information: including VIN, year/make/model, your annual mileage, and vehicle usage information. We also collect this information from our vendors to collect driving violation information and claims and accident histories to offer you a quote for insurance.
Claim-related information such as vehicle information, value estimates, involved parties, and medical information. Please note, we need to disclose to you that we would obtain your consent before sharing medical information for marketing purposes.
Personal records described in Cal. Civ. Code § 1798.80(e), including name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information.
Characteristics of protected classifications including marital status and demographic information.
Professional, employment or educational information, such as data licenses, designations, or employment history.
Commercial information such as credit or debit card number, current and/or prior insurance policy coverages, premiums, and payment history, driving record, claims history, and credit and/or consumer report information. We also collect additional insured/lienholder information and payment information from you.
Geolocation.
Internet or other electronic network activity information: Additionally, the App and/or our business partners gather information through Internet activity, which may include, for example, your operating system, mobile device identification and/or advertising identification number, your phone carrier, social media messages, and interactions with other features within the mobile device while the App is installed. When you download our App or go on our Site, we collect your mobile device information, your IP address, pixel information, cookies, analytical tools, type and version of the operating system, timestamp, hardware type, language and time-zone setting and installed fonts.
Telematic Data: In accordance with applicable law, we collect certain telematic data, such as accelerometer, GPS, braking, and gyroscope data.
Audio, visual or similar information: We may record and collect voice and video recordings of your contacts with Root customer service agents for quality and business purposes only. We may disclose those recordings with other businesses that play a role in an insurance transaction with you.
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive information: We may need to collect or process information that is deemed “sensitive information” or otherwise defined as such under applicable law. We may process the following categories of sensitive information when you use our Services (which may overlap with information listed above): geolocation information, authentication information, payment information including debit or credit card information in combination with any required security or access code collected for purpose of processing payment for our products or Services, social security number, driver’s license number, passport number and/or state identification card number.
We may also collect other publicly available information.
When required by applicable law, Root will collect consent prior to processing certain categories of sensitive information.
Minors: We do not knowingly market to or target individuals under sixteen (16) years of age, and no part of our Sites, Social Media Pages, Apps and Services is directed to individuals under the age of sixteen (16). If we do incidentally collect or maintain information from individuals under sixteen (16) years of age, we will take steps to comply with any applicable legal requirement to remove such information. If you believe that we have mistakenly or unintentionally collected information from a child under the age of sixteen (16), you may contact us at privacy@joinroot.com to request deletion of such information.
Our Practices with Respect to Cookies and Similar Online Tracking Technologies For users of our Services, we may use common tracking technologies like browser cookies, “Local Shared Objects” (such as “Flash” cookies), analytical tools, device IDs or other technologies. We also collect certain technical information about the device you use to access our Site or services, such as user-agent, timestamp, hardware type, language and time-zone settings, IP address, OS type and version, and installed fonts.
Certain laws require us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time. If you click on links to other party sites, you will be taken to websites we do not control. This Privacy Policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for third-party sites.
Cookies:
Our Site may use “cookies” and similar technologies (collectively, “cookies”). Cookies are small text files this Site sends to your computer for recordkeeping purposes; this information is stored in a file on your computer’s hard drive. Cookies make web surfing and browsing easier for you by saving your preferences so we can use these to improve your next visit to our Site.
One purpose of cookies is to simplify the use of the Site. For example, cookies may save a user’s login details, so that they do not need to login every time.
Cookies may be either “persistent” or “temporary” (or “session”) cookies. A persistent cookie retains user preferences for a particular Site allowing those preferences to be used in future browsing sessions and remains valid until its set expiry date (unless deleted by the user before the expiry date). A temporary cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies are also used for statistical or marketing purposes, to determine how the Site is used. These cookies are provided by us or by third parties (e.g., advertising partners). While we do not control or have access to the advertiser cookies we may permit them to be used on this Site to facilitate tailored advertising and monitor patterns of buying specific goods or interests (e.g., holidays or hobbies). These cookies run advertisements tailored to the user based on their online buying habits.
Pixels, Beacons: We or other party ad servers may use cookies or invisible pixels or beacons on this Site to count how many users visit certain pages or take certain actions to collect or receive information from this Site and elsewhere on the Internet. We may use this information to improve our marketing programs and content, and to target advertisements at this Site and/or on other sites.
Google Analytics: We use Google Analytics to help us get a better understanding of how visitors use this Site and to facilitate interest-based advertising associated with your Google Account and other devices you use. The information generated by the Google Analytics cookie about your use of this Site is transmitted to and stored by Google. If you do not want your activity on this Site to be tracked by Google Analytics, you may opt out by using this link: http://tools.google.com/dlpage/gaoptout?hl=en.
Analytics information: We and our vendors may automatically collect certain website usage information whenever you visit or interact with our Site or the App, including browser type, operating system, the page served, the time, the source of the request, the preceding page view, and other similar information. We may use this usage information for a variety of purposes, including to enhance or otherwise improve the Site or the App. In addition, we may also collect your IP address or some other unique identifier for the particular device you use to access the Internet, as applicable (collectively, referred to herein as a “Device Identifier”). A Device Identifier is a number that is automatically assigned to your device, and we may identify your device by its Device Identifier. When analyzed, usage information helps us determine how our Site or App is used, such as what types of visitors arrive on our Site and/or App, what type of content is most popular, what type of content you may find most relevant and what type of visitors are interested in particular kinds of content and advertising. We may associate your Device Identifier or website usage information with the personal information you provide, but we will treat the combined information as personal information.
How We Use and Disclose Your Information We generally use your information for business purposes and to provide you with our products or services, fulfill a transaction you requested or to service your insurance policy, market our products or in furtherance of our business relationship with a marketing partner as disclosed in our Financial Product Privacy Notice and as allowed under the applicable laws, handle your claim, respond or communicate with you, log activity on our websites, conduct analysis of our Site, App and other electronic tools and services, log activities, risk evaluation, premium/rate calculation, prevent fraud, comply with requests from regulatory and law enforcement authorities, participate in insurance support organizations, to meet obligations to insurance data consolidators, send you push notifications, develop or improve our products or services, for legal or compliance purposes, or as required or permitted by applicable law.
We may disclose your information with business partners for business purposes or as required or permitted by law. Persons or organizations with which we disclose your information include, among others, your insurance agent or broker, affiliated companies, business partners (such as those that assist us with tracking driving behavior, scoring or usage), other companies that play a role in an insurance transaction with you (such as credit reporting agencies and consumer reporting agencies), independent claims adjusters, parties involved in a claim, businesses that conduct actuarial or research studies, certain governmental agencies, and parties involved in a litigation. We do not intend to share health information for marketing purposes and would obtain your consent before doing so.
We may disclose your information to third-party service providers that perform certain functions or services on our behalf (such as to host the Services, manage databases, perform analyses, process credit card payments, provide customer service, or send communications for us). These third-party service providers are authorized to use your information only as necessary to provide these services to us.
We may disclose personal information with another company that buys some, or all, of the assets or stock of Root, and that company may use and disclose personal information for purposes similar to what is described in this Privacy Policy. We may also disclose personal information with prospective purchasers to evaluate the proposed transaction.
We may disclose your information without notice for legal or administrative reasons, such as when required by law or to comply with a court order, subpoena, search warrant, or other legal process; to cooperate or undertake an internal or external investigation or audit; to comply with legal, regulatory, or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your information); to protect and defend the rights, property, or safety of us, our subsidiaries and affiliates, and any of their officers, directors, employees, attorneys, agents, contractors, and partners, and the website Service users; to enforce or apply our terms of use; and to verify the identity of the user of our Services. Data collected by our App from your mobile device may be deemed discoverable by other parties and used in an accident investigation, claims, and/or litigation. Root may be legally required to provide the data to others and/or their legal counsel.
We may also use, share, disseminate, or sell aggregated and anonymized data. This aggregated, anonymized data cannot be reasonably traced to any individual.
Sale and Sharing of Your Information For purposes of this Privacy Policy, “sell,” “sold,” or “sale” means the disclosure of information for monetary or other valuable consideration but does not include, for example, the transfer of information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business. “Sharing” means disclosing or making available information to a third-party for purposes of cross-context behavioral or targeted advertising. While we do not disclose information to third parties in exchange for monetary compensation, we disclose identifiers and Internet and network activity information to third-party advertising networks and analytics providers for purposes of marketing and advertising, and to improve and measure our ad campaigns. Such disclosures may be considered “sales” or “sharing” of information under applicable laws. We do not sell or share sensitive information, nor do we sell or share information about individuals we know are under sixteen (16) years of age.
Use and Disclosure of Sensitive Information We do not collect, use, or disclose sensitive information beyond the purposes authorized by the applicable law. Accordingly, we only use and disclose sensitive information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) with our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
How We Secure and Use Your Information Root takes precautions to protect information you provide to us and information about you from loss, misuse and unauthorized access, disclosure, alteration and destruction. When you submit information or sensitive information via the Services, your information is protected both online and offline.
Wherever we collect nonpublic or public personally identifiable information, that information is encrypted and transmitted to us or by us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser or looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. We cannot guarantee absolute security, however. Our employees are prohibited from using or disclosing information for any purpose other than performing their work for Root.
How Long We Retain Your Information Please note that in many situations we must retain all, or a portion, of your information to comply with our legal obligations; resolve disputes; enforce our agreements; protect against fraudulent, deceptive, or illegal activity; or for another one of our business purposes. We will store your information for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure of the information; the purposes for which we process the information and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove information from our systems and records or take appropriate steps to properly anonymize it.
Your Choices By having an insurance policy with Root, you give us your consent to contact you with communications relating to your policy and our services. Unless you ask us not to, we may contact you via email, regular mail, and via push notification in the App with promotions to tell you about specials, new products or services. If we use automated dialing technology to place calls or texts to your mobile phone number, we will do so with your consent as required by applicable law. We may contact you in person, by recorded message, by the use of automated dialing equipment, by text (SMS) message, or by any other means of communication your device is capable of receiving, as allowed by law and for reasonable business purposes, including to service your policy with us. We do not share SMS consent or phone numbers for the purpose of SMS with third parties.
Opt out of Marketing Distribution We may share your information for marketing purposes as further described in our Insurance and Financial Product Privacy Notice. If you do not have, or no longer have a policy with us, you can contact us at help@joinroot.com and request that we remove you from our marketing distribution lists. Please note that once you request removal, it may take up to 2 weeks to stop receiving email from us.
Notice of Privacy Rights for Residents of Certain U.S. States Residents of certain U.S. states may have rights and choices regarding their information. To the extent any data protection law applies to our collection of your information, this section of our Privacy Policy outlines the individual rights you may be entitled to and how to exercise those rights.
Depending on where you live and subject to certain exceptions, you may have some or all of the following rights:
Right to Know and Access. You may have the right to request that we confirm whether we process your information, and to request information about our collection and use of your information, including whether we sell or share your information. You also have the right to request access to information we may process about you.
Right to Data Portability. Where the processing is carried out by automated means, and subject to certain exceptions, you may have the right to request and obtain a copy of your information that you previously provided to us in a portable format. In addition, to the extent technically feasible, you may have the right to obtain your information in a readily usable format that allows you to transmit the information to another data controller without hindrance.
Right to Request Correction of Inaccurate Information. To the extent that we may maintain inaccurate information, you may have the right to request that we correct such inaccurate information, taking into account the nature of the information and the purposes of the processing of the information.
Right to Request Deletion. You may have the right to request that we delete certain information or records provided by or obtained about you, with certain exceptions and limitations as allowed under law.
Right to Opt Out of the Sale and Sharing of Information. You may have the right to opt out of the processing of your information for the purpose of selling or sharing of your information for cross-context behavioral advertising. You can opt-out of online tracking based targeted advertising (e.g., cookies) by clicking the “Manage cookies” settings or the “Do Not Share or Sell my Personal Information” link on our webpage. If you choose to use the Global Privacy Control (GPC) browser signal, you will be opted out of cookie-based sales or sharing of information, and will need to turn it on for each browser you use. To submit a request to opt out of offline sales and sharing, please use our webform: https://www.joinroot.com/privacy/california/ or send an email to privacy@joinroot.com.
Right to Opt out of the Use of Information for Targeted Advertising and Profiling. You may have the right to opt out of the processing of your information for purposes of targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Right to Limit Use and Disclosure of Sensitive Information. You may have the right to request that we limit the ways we use and disclose your sensitive information to uses which are necessary for us to perform the Services, or deliver the goods reasonably expected by you, or and as authorized by law. Root does not collect or use sensitive information other than to provide Root’s products and services, which fall within the permitted purposes under the law. Therefore, Root does not offer the right to limit the use of sensitive information.
Right to Non-Discrimination. You may have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and Services.
Right to Disclosure of Direct Marketers. You may have a right to know the categories and names/addresses of third parties that have received information for their direct marketing purposes upon simple request, and free of charge.
Right to Appeal. You may have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeal request via the information in the Exercise Your Rights section below. Within the certain timeframe of receipt of your appeal, as proscribed by the applicable law we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Attorney General or another authority which we will help you identify.
To learn more about whether you are guaranteed certain rights, or to submit a request to exercise your rights, please contact us using any of the methods in the Exercise Your Rights section.
Exercising Your Rights To exercise any of the rights described above, please submit a verifiable consumer request to us via the methods described below. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected information, or an authorized representative; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
To help protect your privacy and maintain security, if you request access to or deletion of your information, we will take steps and may require you to provide certain information to verify your identity before granting you access to your information or complying with your request. In addition, if you ask us to provide you with specific pieces of information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose information is the subject of the request.
If permitted by the applicable data protection law, you may use an authorized agent to submit requests on your behalf provided that the authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney pursuant under applicable law. Only you or your authorized agent may make a verifiable consumer request related to your information. We may deny a request from an authorized agent that does not submit proper verification proof. You may also make a verifiable consumer request on behalf of your minor child.
Please note we may not be able to provide information relating to investigations, claims, litigation, and other matters. We will be happy to make corrections whenever possible. We will respond to all such requests within a reasonable timeframe with the timeline provided under the applicable law.
Please contact us at the following:
Email us privacy@joinroot.com
Call us (866) 980-9431
Write us Root, Inc. 80 E. Rich Street Suite 500 Columbus, OH 43215
We May Make Changes to Our Privacy Policy We may modify this Privacy Policy from time to time. The most recent version is always posted at https://www.joinroot.com/privacy-policy/ and/or in our App. When we make changes, we will revise the date of the Privacy Policy and post the updated version at https://www.joinroot.com/privacy-policy/ and/or in our App.