Please ensure Javascript is enabled for purposes of website accessibility
Privacy Policy

Effective July 2025

At Bowhead Specialty Underwriters, Inc., and its affiliates (collectively, “Bowhead”, “Company” “we” “our”, and “us”), the protection of the information we collect about you is important to us.

This privacy policy (“Privacy Policy”) describes the types of information we may collect from you or that you may provide and our practices for collecting, using, maintaining, protecting, and disclosing that information, including when you visit our websites https://bowheadspecialty.com/ and https://www.baleenspecialty.com/ (together the “Website”).

This Privacy Policy applies to information we collect:

  • In email, text, and other messages between you and us.
  • In interactions with our applications on third-party websites and services.
  • When you apply for insurance from us.
  • In transactions with us, our partners or third-party vendors.
  • When you file and insurance claim and provide related information.
  • When you make a payment to us.
  • On the Website.
  • When you interact with our advertising and applications on third party websites and services.

This Privacy Policy does not apply to the following types of information including:

  • Publicly available information, including from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience.
  • Lawfully obtained, truthful information that is a matter of public concern.
  • Deidentified or aggregated consumer information.
  • Any third party, including through any application or content that may link to or be accessible from or through the website.

This notice explains our privacy policies and practices regarding nonpublic personal information about our customers and former customers. We will provide you with an updated privacy notice annually as long as you are our customer, and our privacy protections continue to apply to former customers.

In addition to reading this Privacy Policy, please review our Terms of Use, which governs your use of the Website. If you do not agree to our Terms of Use and the collection, use and sharing of your information as detailed in this Privacy Policy, please do not access or otherwise use this Website or any information or content contained on this Website.

We reserve the right to change this Privacy Policy at any time. Your use of certain services, such as our website, following the posting of an updated Privacy Policy constitutes your acceptance of such updated Privacy Policy. We reserve the right to apply the amended terms to the information that we have already collected, subject to any legal constraints. We will not, however, use your previously collected personal information in a manner materially different than represented at the time of collection. To the extent any provision of this Privacy Policy is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

This Privacy Policy is written in the English language. We do not guarantee the accuracy of any ‎translated versions of this Privacy Policy. To the extent any translated versions of this Privacy ‎Policy conflict with the English language version, the English language version of this Privacy ‎Policy shall control.‎

  1.  Information Collection

We collect information from you in several ways, depending on the product or service you have with us and can include the following:

  1. Information on applications, related insurance forms or in conversations with us including: name, mailing and email addresses, telephone number, date of birth, gender, marital or family status, identification numbers (Social Security Numbers or Federal Employer Identification Number, driver’s license or other license number) employment, education, and occupation.
  2. Policy information such as coverage, claims, premiums, loss and payment history.
  3. Financial Information such as credit history and credit scores, assets and income and other financial information.
  4. Medical information such as history and records.
  5. Any other personal information you may provide to us in connection with our products and services.

We collect this information from sources such as you through insurance forms and related interactions; service providers, vendors, and other third parties through our transactions; reporting agencies; or brokers and agents.

You may choose to provide us with information about third parties. By submitting Personal Information about any third party, you represent and warrant to Bowhead that you have the consent of the third party to do so, and that the information you submit is factually accurate.

Website Usage Information

In addition to any information that you choose to submit to us via the Website, we and our third-party service providers may use a variety of technologies that automatically (or passively) store or collect certain information whenever you visit or interact with the Website (“Usage Information”). This Usage Information may be stored or accessed using a variety of technologies that may be downloaded to your Device whenever you visit or interact with our Website. To the extent we associate Usage Information with your Personal Information we collect directly from you on the Website, we will treat it as Personal Information.

This Usage Information may include:

  • your IP address, UDID or other unique identifier (“Device Identifier”). A Device Identifier is a number that is automatically assigned to your Device used to access the Website, and our computers identify your Device by its Device Identifier;
  • your Device functionality (including browser, operating system, hardware, mobile network information);
  • the URL that referred you to our Website;
  • the areas within our Website that you visit and your activities there, including remembering you and your preferences;
  • your Device location;
  • your Device characteristics; and
  • certain other Device data, including the time of day, among other information.

Tracking Technologies. We may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies include, without limitation, the following (and subsequent technology and methods later developed):

  • Cookies. A cookie is a data file placed on a Device when it is used to visit the Website. A Flash cookie (or locally shared object) is a data file placed on a Device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your Device. HTML5 cookies can be programmed through HTML5 local storage.
  • Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our Website’s pages and messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Website, to monitor how users navigate the Website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
  • Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Website and is deactivated or deleted thereafter.
  • Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
  • ETag or Entity Tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies.
  • Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices in the same user).

Tracking Technologies Usage. We may use Tracking Technologies for a variety of purposes, including:

  • Strictly Necessary. We may use cookies or other Tracking Technologies that we consider are strictly necessary to allow you to use and access our Website, including cookies required to prevent fraudulent activity and improve security.
  • Performance‑Related. We may use cookies or other Tracking Technologies that are useful in order to assess the performance of the Website, including as part of our analytic practices or otherwise to improve the content, products or services offered through the Website.
  • Functionality‑Related. We may use cookies or other Tracking Technologies that are required to offer you enhanced functionality when accessing the Website, including identifying you when you sign‑in to our Website or keeping track of our specified preferences, including in terms of the presentation of content on our Website.
  • Targeting‑Related. We may use Tracking Technologies to deliver content relevant to your interests on our Website and third-party sites based on how you interact with our content. This includes using Tracking Technologies to understand the usefulness to you of the content that has been delivered to you.
  1.  Use of Collected Information

We may use the information that we collect from you for the following purposes:

  1. Insurance service and product development and maintenance;
  2. Communications to provide support, notices, and respond to inquiries;
  3. Insurances claims and related investigations;
  4. Marketing and advertising;
  5. Compliance with legal and regulatory requirements;
  6. Protection of our and our customers rights, property, and safety;
  7. Underwriting and risk assessment;
  8. Fraud prevention and detection;
  9. Reinsurance arrangements;
  10. Loss control and safety services; or
  11. Other internal business purposes.

We may also use the information that we collect to customize your experience on the Website, to better tailor our product offerings, to improve the Website and the content provided on and through the Website, to provide customer support, to enforce our Terms of Use, and to provide you with content or advertisements that may be of interest to you.

  1.  Information Sharing

We may share the information that we collect from you, including personal information, with third parties for a variety of purposes, including the following examples described below:

Affiliates

We may share information with our subsidiaries, affiliates, and companies under common control for business purposes including marketing, underwriting, claims processing, and other insurance operations.

Service Providers and Vendors

We share information with service providers who assist us in our business operations including claims administrators, loss control providers, legal counsel, auditors, consultants, and technology service providers.

Business Partners

We may share information with our partners in order to provide you with quotes, products, and services including insurance agents, brokers, managing general agents, and distribution partners.

Insurance Business Purposes

We share information as necessary for standard insurance business operations including:

  • Reinsurers: To transfer risk and obtain reinsurance coverage
  • Other Insurance Companies: For joint underwriting, claims handling, or loss experience
  • Rating Organizations: For loss data reporting and industry analytics
  • Industry Databases: Including fraud monitoring and claims databases

Regulatory and Legal Requirements

We may share information where required by law or to satisfy any applicable law, regulation, subpoena, government request, or other legal process.

Fraud Prevention and Law Enforcement

We may share information with third parties, including law enforcement, to protect our customers and ourselves, investigate suspected fraud, and prevent criminal activity.

Business Transfers

We reserve the right to share the information that we collect with any subsequent owner in the event of a merger, consolidation, sale of our assets, or other change in our business, including during the course of any due diligence process.

Website-Specific Sharing

We may provide certain parts of our Website in association with third parties, such as promotional partners or affiliates. These “co-branded areas” will identify the third party. If you choose to use these co-branded areas, we may share your information with the identified third party, and that third party may also collect information from you, in addition to the information that we collect, as described above. You should review the privacy policies of those identified third parties to understand how they collect and use information.

Our Website may include links to third-party websites or other online services. We are not responsible for these other sites and services, and they may collect and use information about you. You should review the privacy policies for such third parties before using their sites or services to understand how they collect and use information.

Third parties may use tracking technologies in connection with our Website, which may include the collection of information about your online activities over time and across third-party websites. This Privacy Policy does not apply to these third-party technologies because we may not control them and we are not responsible for them. Do Not Track is a technology that enables users to opt out of tracking by websites they do not visit. Currently, we do not monitor or take any action with respect to Do Not Track technology.

Nonaffiliated Third Parties: We disclose nonpublic personal information about our customers or former customers to nonaffiliated third parties as permitted by law, including to service providers who perform services for us, and for fraud prevention purposes. You may have the right to opt out of certain information sharing with nonaffiliated third parties. To exercise this right, please contact us using the information provided in Section 12.

  1. Information Protection

We use commercially reasonable and industry standard security technologies and safeguards to protect the information that we collect and use. We also expect our service providers to protect information in the same manner. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed 100% secure. Please note that we cannot guarantee the security of any information you transmit to us.

We maintain physical, electronic, and procedural safeguards that comply with federal and state standards to guard nonpublic personal information about you. We restrict access to your personal information to those employees who need to know that information in order to provide products or services to you.

  1. Changing Information and Communication Preferences.

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Website may allow you to review, correct or update Personal Information you have provided through the Website’s forms or otherwise.  When you edit your Personal Information or change your preferences on the Website, information that you remove may persist internally for our administrative purposes. We may provide marketing communications, and you may be able to change your preferences with respect to such communications through the Website. Please note that we reserve the right to send you certain communications relating to your account or use of our Website, such as administrative and service announcements and these transactional account messages may be unaffected if you choose to opt-out from receiving our marketing communications. If you have any questions about the Privacy Policy or practices described in it, please contact us at: [email protected].

You can always contact us in order to (i) remove the personal information that you have provided to us from our systems, (ii) update the personal information that you have provided to us, and (iii) change your preferences with respect to our use of your personal information by e-mailing us at [email protected]. If so, we will make good faith efforts to make requested changes in our then active databases as ‎soon as reasonably practicable (but we may retain prior information as business records). Please ‎note that it is not always possible to completely remove or delete all of your information from our ‎databases and that residual data may remain on backup media or for other reasons‎.

  1. Information Retention

We retain the personal information we collect only as reasonably necessary for the purposes described in this Privacy Policy. and as required by applicable laws and regulations. For insurance-related information, we typically retain records for the duration of the policy period plus additional years as required by state insurance laws and regulations.

  1.  Persons Outside of the United States

Our services and products are targeted to those in the United States and intended for those located in the United States. The privacy and data protection laws in the United States differ from those of other countries. If you are located outside of the United States, please be aware that the information that we collect will be transferred to and processed, stored, and used in the United States, and that by using our Website, you consent to such transfers and processing.

8.  Social Security Protection Policy Statement‎

Bowhead seeks to protect the confidentiality of social security numbers (“SSNs”) by maintaining physical, ‎electronic, and procedural safeguards. We limit access to SSNs to help protect against their loss, ‎misuse or unlawful disclosure. We do not disclose SSNs to third parties except where required or ‎permitted by law.

  1.  Children’s Privacy

Our sites and applications are intended for general audiences, and we do not knowingly seek or collect personal information from children under the age of eighteen (18). In accordance with the Child Online Privacy Protection Act, in the event that we learn that we have collected personal information from a child under age thirteen (13) without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any personal information from or about a child, please contact us at [email protected].

  1.  California Privacy Rights

If you are a resident of California you have additional rights under the California Consumer Privacy Act (“CCPA”) of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”).

Within the last twelve (12) months, we may have collected some or all the following categories of personal information from and about consumers. Note: Bowhead does not sell information to third parties.

Category of Personal Information Description
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, date of birth, policy number or other similar identifiers.
Personal Information Information that identifies, relates to, or could be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics. Some personal information included in this category may overlap with other categories.
Sensitive Personal Information A specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership.
Personal Characteristics Race, color, age (40 years and older), ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran or military status, or genetic information.
Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric Information Physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise.
Internet or Other Electronic Network Activity Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
Geolocation Data Physical location and/or movements.
Professional or Employment-Related Information Current and/or past employment history including performance evaluations.
Education Information Education records, files, documents, and other materials related to a student maintained by an educational agency or institution or by a person acting for such an agency or institution, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Insurance Information Policy numbers, billing account information, policy benefits and beneficiaries, or ownership structure.
Inferences from Other Personal Information Information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Audio, Video, and other Electronic Data Audio information including call recordings, video, and photographs, recorded meetings and webinars.

We obtain the above personal information from some or all the following sources:

  • Our clients and customers through insurance forms and related interactions;
  • Service providers, vendors, and other third parties through our transactions;
  • Reporting agencies; or
  • Brokers and agents.

We may use or disclose sensitive personal information for the following statutorily approved reasons (“Permitted SPI Purposes”):

  1. Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect.
  2. Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
  3. Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at us.
  4. Ensuring physical safety.
  5. Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
    1. disclose the sensitive personal information to another third party; or
    2. use it to build a profile about you or otherwise alter your experience outside your current interaction with us.
  6. Services performed for us, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for us.
  7. Activities required to:
    1. verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
    2. improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.
  8. Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.

We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes.

We may use or disclose personal information for the following business purposes:

  • Insurance service and product development and maintenance;
  • Communications to provide support, notices, and respond to inquiries;
  • Insurances claims and related investigations;
  • Marketing and advertising;
  • Compliance with legal and regulatory requirements;
  • Protection of our and our customers rights, property, and safety; or
  • Other internal business purposes.

The categories of personal information we may have disclosed for a business purpose in the preceding twelve (12) months include: identifiers, online identifiers, customer records, financial information, characteristics of protected classifications, usage data, biometric information, education information, insurance information, commercial information, geolocation data, audio, video, and other electronic data, professional or employment-related information, and inferences.

The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:

  • Insurance or financial institutions;
  • Insurance agents and brokers;
  • Service providers and vendors;
  • Advertising, social media networking, or marketing firms;
  • Law enforcement, regulators, or other governmental agencies; or
  • Advisors, auditors, consultants, and representatives.

The CCPA provides California residents with specific rights regarding their personal information. This section describes your rights under the CCPA and explains how to exercise those rights. Subject to certain exceptions, California consumers have the right to make the following requests:

Right to Know. With respect to the personal information, we may have collected about you in the prior (twelve) 12 months, you have the right to request from us:

  • The categories of Personal Information we collected about you;
  • The categories of sources from which we have collected that personal information;
  • Our business or commercial purpose for collecting, selling, or sharing that personal information;
  • The categories of third parties to whom we have disclosed that personal information; and
  • The specific pieces of your personal information we have collected.

Right to Correct. You have the right to request that we correct inaccuracies in your personal information. We may deny your request to correct if we are unable to verify your identity.

Right to Delete. You have the right to request deletion of your personal information that we have collected about you. We may deny your request to delete if we are unable to verify your identity.

Right to Opt-Out. You have the right to opt-out of the selling and sharing of your personal information. To submit an opt-out request, please access the below link. We will process your request(s) in accordance with applicable law. Note: Bowhead does not sell personal information.

Right to Limit Use and Disclosure of Sensitive Personal Information. We do not generally, use, or disclose sensitive personal information for purposes beyond those authorized by the CCPA. However, if we discover that we have, you have a right to limit the use of sensitive personal information that is collected or processed.

Right to Non-Discrimination. We will not discriminate or retaliate against you for exercising any of the rights described in this Privacy Policy.

We may deny your request in accordance with applicable law.

To exercise any of your rights described above, please submit a request to us either by:

  • Completing the request form found here
  • Phone at 1-833-240-8996

We strive to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically unless you indicate preference to receive a response by mail.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that you verify your identity and the authority of your authorized agent.

  1. Businesses operating as an authorized agent on behalf of a California resident must provide both of the following:
    1. Certificate of good standing with its state of organization; and
    2. A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident.
  2. Individuals operating as an authorized agent on behalf of a California resident must provide a written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident.
  3. We reserve the right to reject in accordance with the law:
  4. authorized agents who have not fulfilled the above requirements, or
  5. automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk.

Before responding to certain requests, we must determine your identity using the personal information you recently provided to us. The information we need to determine your identity differs depending on the request made and our relationship with you and might include (as applicable) your name, the mailing or email address you use to interact with us, your phone number, your date of birth, and, if available, your policy number. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. In some cases, we may also conduct checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

  1.  Other State Privacy Rights

Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Correct inaccuracies in their personal information, taking into account the information’s nature and processing purpose (excluding Iowa and Utah).
  • Data portability.
  • Opt-out of personal data processing for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Either limit (opt-out of) or require consent to process sensitive personal data.

The exact scope of these rights may vary by state. To exercise any of these rights please contact us at [email protected].

Nevada provides its residents with a limited right to opt-out of certain personal information sales. Nevada residents who wish to exercise this sale opt-out rights may submit a request to us at [email protected]. However, please know we do not currently sell data triggering that statute’s opt-out requirements.

  1.  Contact Us.

If you have any questions about our Privacy Policy or become aware of misuse of our products or services by any person, please contact us at:

Bowhead Specialty Underwriters, Inc.
452 5th Ave, 24th Floor
New York, NY 10018
[email protected]

For Privacy-Related Requests or Opt-Out Requests: Phone: 1-833-240-8996 Email: [email protected]