Menu
close

Privacy Policy

August 8, 2024

Last updated April 2026

Copic is committed to protecting your privacy. This Privacy Policy (“Policy”) explains how Copic may collect, use, disclose, and protect your personal information when providing insurance and related services to you through our Website and products (our “Services”) and our practices for using, maintaining, protecting, and disclosing that information. For purposes of this Policy, Copic includes Copic Insurance Company and its affiliate, Copic, a Risk Retention Group, referred to collectively herein as “Copic,” “Company,” “we,” “our” or “us.” As used in this Policy, “Website” includes Copic.com, education platforms, and the Customer Portal.

This Policy applies to information we collect through the Services and in communications, including electronic messages, between you and Copic. It does not apply to information collected by us through any other means or by any third party, including content that may link to or be accessible from or through the Services.

We may provide additional or different privacy policies that are specific to certain affiliates, Services, or activities.

Please read this Policy carefully to understand our policies and practices regarding your information. This Policy applies to all users of our Services and Website, regardless of where you are located. By accessing our Website and interacting with our Services or providing us with your information, you acknowledge and agree to the terms of this Policy. This policy may change from time to time (see Changes to this Policy). Your continued use of the Services after we make changes as described here is deemed to be acceptance of those changes.

What Information We Collect

Copic collects personal and business information as necessary to provide our Services. We may collect information that can identify you or relates to you, including:

  • Contact information: Name, email, address, and phone number.
  • Personal identifiers: Date of birth, Social Security number, driver’s license number, National Provider Identifier, medical license number, and policy number.
  • Payment information: Credit/debit card and bank account numbers.
  • Employment/professional information: Occupation, job title, credentials, licenses, certifications, work history, practice characteristics, procedures performed, disciplinary actions, professional investigations, risk management, claims history or details.
  • Demographic information: Gender and education.
  • Location information: General geographic location, city and state, or zip code.
  • Health information: Medical history, as relevant to our Services.
  • Internet/online network activity information: IP address, device identifiers, patterns across the Website, and duration of session.
  • Other: Criminal and civil liability history, content you submit, and any further information required during the application and underwriting process.

How We Collect Information

  • Directly from you: We collect information about you when you interact with our Services, including when you complete applications, make a payment, report an occurrence or claim, participate in education and patient safety and risk management reviews and activities, respond to surveys, or contact us.
  • From others: We may receive personal data about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from affiliates, employers, agents, brokers, government or public databases, business partners, service providers, social media, claimants, and certification organizations.
  • Automatically: We use cookies and similar technologies to collect and analyze information about your use of the Website, including reports and statistics. For example, Copic uses Google Analytics features to collect information that may include your session statistics, approximate geolocation, and browser and device information to enable us to evaluate Website activities and trends. Visit our Cookie Policy for more information about Website cookies and your consent options.

How We Use Your Information

We may use your information to:

  • Provide you with the Services and any information, claims management, education, or services that we make available through the Services.
  • Communicate Service updates, policy changes, and important administrative information.
  • Send newsletters, healthcare guidance and updates, surveys, and tailored content.
  • Fulfill legal, regulatory, tax, and audit compliance.
  • Conduct internal business purposes, including data analysis, security, and research, which may include the use of nonpublic technology like machine learning and large language models.
  • Meet contractual and legal obligations.
  • Fulfill any other purpose for which you provide information.

Much of the information we collect is governed by specific privacy laws and regulations, including the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and Department of Insurance regulations. For health-related, HIPAA-protected, or other sensitive data, we comply with applicable privacy laws and regulations, and use your information only as permitted for the performance of our insurance functions.

To Whom We Disclose Your Information

We may share your information with:

  • Affiliates, including Copic Trust, Copic Insurance Company, and Copic, a Risk Retention Group, to underwrite or service your policy and account.
  • Contractors and service providers, who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.
  • Business partners who support us in delivering our Services, including agents and brokers, reinsurers, with whom we contractually require to keep personal data confidential and use it only for the purposes for which we disclose it to them.
  • Legal counsel, auditors, and other professionals.
  • A buyer or other successor in the event of merger, divestiture, restructuring, joint venture, reorganization, or other sale or transfer of some or all Copic assets, including as part of bankruptcy or similar proceeding.
  • Other third parties as needed to comply with legal obligations, court orders, or as required by government or regulatory authorities.
  • Other third parties at your direction or with your consent.

We do not sell personal information or sensitive personal information.
We do not disclose information to third parties for their own marketing.

How We Protect Your Information

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no electronic transmission is completely secure, and you should carefully decide what information you send to us via electronic communication channels. Do not include protected health information when you report an incident through the Website.

How We Retain Your Information

We keep your information described in this Policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Services, operating our Company, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, tax and audit obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data.

Minors’ Data

Our Website and Services are not for children under 18. We do not knowingly collect personal information from minors. If we learn we have collected or received personal data from a child under 18 years old without verification of parental consent, we will delete that information.

Links to Other Sites

Our Website may link to third-party sites for your convenience. We are not responsible for the privacy practices, security, or content of those sites. Please review their privacy policies before submitting information or using other websites.

Changes to This Policy

We may update this Policy from time to time. Changes will be posted with the new “last updated” date. Please check back regularly. Continuing to use our Services means you accept the revised Policy.

Business Associate Agreements and Protected Health Information

If we handle your protected health information (PHI) for insurance, risk management, or other Services, we comply with applicable state and federal health privacy laws and regulations, including HIPAA. We enter into Business Associate Agreements where appropriate, including with policyholders, to safeguard your PHI. Do not include protected health information when you report an incident through the Website.

California Residents:

The California Consumer Privacy Act and the California Privacy Rights Act (CCPA/CPRA) grant California residents with additional rights regarding your personal information as follows:

  • Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information, including the specific pieces of personal information we have collected about you and whether such information was sold or disclosed, since January 1, 2022. You may exercise your right to know twice in any 12-month period.
  • Right to Delete and Right to Correct: You have the right to request that we delete any of your information, subject to certain exceptions and limitations. You also have the right to request correction of personal information we maintain about you that you believe is inaccurate.
  • Right to Limit Sensitive Personal Information Use and Disclosure: You have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to the CCPA/CPRA permitted purposes. We do not use or disclose sensitive personal information beyond the CCPA/CPRA's purposes, so we do not currently provide this consumer right.
  • Right to Opt-Out and Opt-In Rights: You have the right to opt-out of the sale or sharing of your personal information. As we do not sell or share personal data, we do not currently provide these consumer rights.
  • ADMT Rights: When a business uses automated decision-making technology (ADMT) to make significant decisions about you, you may have rights to that information and to opt-out. We do not currently use ADMT to make significant decisions about consumers, so we do not provide ADMT access, opt-out, or appeal rights.
  • Right to Non-Discrimination: You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA/CPRA.

To exercise your rights described above, please submit a verifiable request to us by any of the means set forth below. Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your request. Most of the information we collect is governed by the GLBA and/or HIPAA, and therefore the rights permitted under the CCPA/CPRA are inapplicable to such information. Copic does not sell or share your information for cross context behavioral advertising.

How to Contact Us

For questions, requests, or concerns about this Policy or your privacy rights:

Featured Resources

Our Resource Center is a comprehensive collection of materials that provide guidance and insight for medical professionals.

Information in this article is for general educational purposes and is not intended to establish practice guidelines or provide legal advice.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram