Privacy policy

 

Effective date and last revised: Oct. 20, 2025

This Privacy Policy describes the categories of information that SFM Mutual Insurance Company (“SFM“) and its affiliates CompRehab, Inc. (“CompRehab“) and SFM Risk Solutions, Inc. (“Superior Point“) (Superior Point is a business unit of and the assumed name of SFM Risk Solutions, Inc.) (collectively, “we,” “us,” or “our“) collect from users of and others who visit or access the www.sfmic.com (the “SFM website“), www.comprehab.com (the “CompRehab website“), and www.superiorpoint.com (the “Superior Point website“) websites and their successor URLs (each, a “Website,” and collectively, the “Websites“) and associated web apps and online services (each, a “Service,” and collectively, the “Services“). This Privacy Policy also explains how we can use, disclose, and protect such information, and your choices regarding it. The information we collect and the purposes for which we use or disclose it will depend to some extent on how you use the Websites and Services and how you interact with us. Throughout this Privacy Policy, “information” includes personal information about you.

We may provide additional, different, or supplemental privacy notices for specific services or other business activities that we offer or in which we are engaged.

PLEASE READ THIS PRIVACY POLICY AND THE TERMS OF SERVICE (THE “TOS”) CAREFULLY. IF YOU DO NOT AGREE WITH THE PROVISIONS OF THIS PRIVACY POLICY OR THE TOS, DO NOT USE OR ACCESS ANY OF THE WEBSITES OR SERVICES. BY USING OR ACCESSING ANY OF THE WEBSITES OR SERVICES, OR BY CLICKING A BUTTON, CHECKING A BOX, OR TAKING ANY OTHER ACTION INDICATING YOUR AFFIRMATIVE AGREEMENT, YOU SIGNIFY THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE PROVISIONS OF THIS PRIVACY POLICY AND THE TOS. 

1. What Information Do We Collect and How Do We Collect It?

We may collect the following categories of information in the manner described below. We also can collect information about you through other individuals or our service providers, third parties, and/or other parties (throughout this Privacy policy, this includes without limitation, vendors) in the manner described below.

We collect information from or about you when you use or access a Website or Service.

Examples of ways in which you can use or access a Website or Service include without limitation:

• To register for, use, or make changes (for example, corrections, updates, or deletions) to your user account with us: generally, information including without limitation, email address and user name and password; and, more specifically, information, including without limitation:

SFM website regarding:

– Agency Manager (SAM): SFM agency number;

– Claim Connection: last four digits of social security number and date of birth, or date of birth, home zip code, and claim number;

– CompOnline: policy number, officer/owner name, title, telephone number, email address, and certain other information;

– Provider Connection: provider name, tax ID, postal address, user’s name, telephone number, and email address, and clinic manager’s name and title, and certain other information; and

– Online recruiting: name, primary telephone number, online application, profile information, and any resume/cover letter information that is uploaded, and, for the EEOC – Voluntary Self-Identification Survey, gender, ethnic origin, veteran status, and voluntary self-identification of disability.

– Superior Point website regarding electronic document delivery: for a policyholder, policy number and postal address zip code, or, for an agent, policy number and last four digits of social security number or FEIN, and for each of a policyholder and an agent, user’s name and email address, and password.

– SFM website and Superior Point website regarding Online Payment: policy number, user’s name, telephone number, email address, and certain other information.

• To provide information to us and/or a service provider, third party, and/or other party in connection with our insurance and/or insurance-related products and services, including without limitation, information for transactions with us and/or a service provider, third party, and/or other party, including without limitation:

SFM website regarding:

– Agency Manager (SAM): user name and password, FEIN or social security number of business owner, certain payment information, which could include payment card information and/or bank account information, certain other information, any other information that is provided, and, for certain SAM users, direct deposit information;

– Claim Connection: user name and password, last four digits of social security number and date of birth, or date of birth, home zip code, and claim number, and telephone number, email address, and certain other information;

– CompOnline: user name and password, user’s email address, and additional user name, title, telephone number, and email address, and certain other information; and, for reporting an injury: policy number, date of injury, and certain other information for reporting an injury;

– Provider Connection: user name and password, date range, patient/encounter number, claim number, patient last name, telephone number, social security number or last four digits of social security number, and date of birth, and any pre-authorization documents or supporting documents related to appeals and reconsiderations that are uploaded (including medical records (for example, medical records attached to a prior authorization request) and any other information you voluntarily upload, transmit, or provide to us);

– Quotes: user’s name, telephone number, email address, and certain other information; and

– Requesting a donation to an organization: certain information regarding organization and request, and.

SFM website and Superior Point website regarding:

– Completing a premium audit: user ID and password, and user’s name and contact information, and certain other information, including without limitation, any information that is uploaded;

– Downloading a certificate of insurance: policy number and effective date, certificate holder’s name, postal address, zip code, and certain other information;

– Online Payment: policyholder’s username and password, policy number, user’s name, telephone number, email address, policyholder’s bank account information, and certain other information, and, solely on the SFM website, alternatively, payment card information;

– Paying a bill (one-time payment that is not through Online Payment): policy number, user’s name, telephone number, email address, bank account information, and certain other information, and, solely on the SFM website, alternatively, payment card information; and

– Reporting an injury: policy number, date of injury, and certain other information for reporting an injury.

CompRehab website regarding requesting a referral: user name, postal address, telephone number, email address, services requested, and certain other information.

• information you disclose during communications and interactions with us, which may include when you contact or otherwise interact with us or a service provider, third party, and/or other party (for example, your name, email address, telephone number, and certain other information when you contact us or report suspected fraud to us on the SFM website, your name, email address, business name, policy number, and certain other information when you contact us on the Superior Point website, your name, email address, and certain other information when you contact us on the CompRehab website, your search queries on a Website or Service, asking questions or requesting information and materials, providing comments or suggestions, participating in surveys and evaluations, using interactive tools or features, signing up for news, updates and educational emails, and reporting an issue with a Website or Service).

We can receive information about you through other individuals or our service providers, third parties, and/or other parties, which information can be used as described in this Privacy Policy.

We can automatically collect other information from or about you, including:

• Operating system,

• Browser type,

• Internet protocol (IP) address,

• Platform type,

• Software and hardware attributes,

• Domain name of your internet service provider,

• Your geographic location,

• Information regarding your access to and use of the Websites and Services, and

• Anonymized information.

In addition, we can automatically collect information about content viewed or downloaded, landing pages, browsing activity, dates and times of access, pages viewed, forms you complete or partially complete, search terms, the date, time, and duration of any telephone call or text message, the parties’ telephone numbers, and the content of any text messages, whether you open an email and your interaction with email content, search terms, error logs, and other similar information.

We, along with our service providers, third parties, and/or other parties, can automatically collect such information through cookies, web beacons, tags, application analytics software, and other technologies. Please see “Cookies and Other Technologies; Do Not Track” below.

We may collect information about you from:

• Social networking services;

• Publicly accessible sources;

• Our affiliates and/or subsidiaries;

• Other individuals; and

• Our service providers, third parties, and/or other parties.

We can combine any of the information we collect from or about you and use it and disclose it in the manner described in this Privacy Policy.

2. Cookies and Other Technologies; Do Not Track

We, along with our service providers, third parties, and/or other parties, use cookies, web beacons, tags, application analytics software, and other technologies. These technologies are used for tracking, analytics, and personalization and optimization of the Websites and Services.

• Cookies. Cookies are small text files that are stored on your computer.

Persistent cookies remain on the computer of the user of or others who access a Website or Service after the browser has been closed.

Session cookies exist only during an online session and disappear from the computer of the user of or others who access a Website or Service when they close the browser software. You can instruct your browser to stop accepting cookies. But if you do not accept cookies, you may not be able to use all portions or all functionality of a Website or Service. Please see www.allaboutcookies.org for additional information about cookies.

• Web beacons. Web beacons or tags (small images embedded into websites or emails that send information about your computer when you access or use a Website or Service or open an email we send to you) can be used by either us or a service provider, third party, and/or other party. 

• Service providers, third parties, and/or other parties may collect personally identifiable information about an individual user’s online activities over time and across different internet services when a user uses a Website or Service. 

Below are links to resources regarding online tracking.

For Google Analytics, please see https://policies.google.com/privacy, https://policies.google.com/technologies/partner-sites, https://www.google.com/analytics/terms/, and https://tools.google.com/dlpage/gaoptout. 

For Hotjar, please see https://www.hotjar.com/legal/policies/privacy/, and https://trust.contentsquare.com/?product=hotjar. 

For Siteimprove, please see https://www.siteimprove.com/privacy/, and https://www.siteimprove.com/legal/. 

• Do not track. At this time, we do not respond to “Do Not Track” signals sent from web browsers or other mechanisms that provide users the ability to exercise choice regarding the collection of personally identifiable information about an individual user’s online activities over time and across service provider, third party, and/or other party internet services.

3. How We Use the Information We Collect

We can use the information that we collect from and about you to conduct our business and for any of the purposes described in this Privacy Policy, subject to applicable law. Examples are as follows.

• To provide, operate and improve the Websites and Services and our business.

• To provide you with insurance and/or insurance-related products and services, such as to process your transactions, to process your payments, and to process, manage, maintain, and service your user account or accounts.

• To administer and troubleshoot the Websites and Services and our business.

• To communicate with you to provide information, content, and notifications, including without limitation, based on information you provide from us or our affiliates and/or subsidiaries.

• To respond to you, such as when you make a transaction, contact us, make a request or inquiry, complete a survey or evaluation, or provide a comment or suggestion.

• For personalization and enhancement of your experiences with us, including to customize the insurance and/or insurance-related products and services we provide you with, facilitate your interactions with us, and track and categorize your activity and interests on the Websites and Services.

• For marketing and advertising, such as to send you marketing and advertising communications and to show you marketing and advertising on the Websites and Services. We may also run advertising on other websites and applications through our advertising display partners.

• For analytics, including to understand how you use the Websites and Services, determine how you access the Websites and Services, to improve the Websites and Services, and for research and development, and/or fixing errors, by us or a service provider, third party, and/or other party, subject to applicable law.

• For our business purposes, such as to operate and improve upon our business, and lawful business activities; to maintain our accounts (including without limitation, user accounts) and records, research and development, product, service and content improvement and development; fixing errors; to determine your satisfaction with our insurance and/or insurance-related products and services; to detect and prevent fraud or misuse of our insurance and/or insurance-related products and services; and for any other business purpose that is permitted by applicable law.

• To create and/or administer surveys and evaluations and conduct research.

• For legal and safety purposes. Legal and safety purposes include defending or protecting us, you, or others, from harm or in legal proceedings; protecting our rights; protecting our security and the security of others and property; responding to court orders, lawsuits, subpoenas, and government and regulator requests; addressing legal and regulatory compliance; for certificate holder or policyholder purposes; enforcing the TOS; and notifying you of safety issues.

• For collecting, processing, and/or creating anonymized information, which we or a service provider, third party, and/or other party can do, subject to applicable law, and which we or a service provider, third party, and/or other party can use for any purpose, subject to applicable law.

• We can use your information other than as described in this Privacy Policy if we notify you, and you consent to such use.

• We can use your information at your request, subject to applicable law.

• We can use your information for any other purpose for which we provide you with notice, subject to applicable law.

• Please see “Cookies and Other Technologies; Do Not Track” above.

4. To Whom Do We Disclose Your Information?

Information can be disclosed to service providers, third parties, and/or other parties in accordance with this Privacy Policy, subject to applicable law. Please note that users and/or others can choose not to disclose certain information. Please see “What Information Do We Collect and How Do We Collect It?,” “Cookies and Other Technologies; Do Not Track,” and “How We Use the Information We Collect” above and “Children’s Privacy,” “Storage,” “Retention,” and “Choices Regarding Your Information” below.

• Service providers, third parties, and/or other parties. We can use service providers, third parties, and/or other parties to perform certain services on our behalf, including without limitation, processing transactions, processing payments, working with professionals (for example, independent insurance agents and/or brokers, independent claims investigators, medical providers, and attorneys), and other insurance companies and reinsurance companies and insurance support organizations and consumer reporting agencies, data reporting, online recruiting, monitoring compliance by users with and enforcement of and applying the TOS, auditing interactions and transactions with users, detecting and preventing fraud, addressing security issues, fixing errors, helping us with advertising or marketing, maintaining accounts (including without limitation, user accounts), providing customer service, helping with our internal research and development, verifying insurance and/or insurance-related product and service quality or safety, and performing any of the other actions or activities allowed under this Privacy Policy. We can disclose information about you that they need to perform their functions, and in accordance with our agreements with them.

• Social networking service. If you choose to use a social networking service, information from or about you may be disclosed to or collected by the social networking service. Please see “Choices Regarding Your Information—Social networking service” below.

• Affiliates and subsidiaries. We can also disclose your information to any affiliate or subsidiary of ours for purposes consistent with this Privacy Policy. Any affiliate or subsidiary of ours will be required to maintain that information in accordance with this Privacy Policy.

• Business changes. If we become involved in or engage in the preparatory steps leading to a merger, acquisition, sale of assets, divestiture, joint venture, securities offering, financing, bankruptcy, reorganization, liquidation, dissolution, or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we can disclose or transfer your information to another party or other parties, and it can be used subsequently by such party or parties.

• For analytics. For analytics, including to understand how you use the Websites and Services, determine how you access the Websites and Services, and improve the Websites and Services, by us or a service provider, third party, and/or other party, subject to applicable law.

• Legal and safety. Other parties, such as law enforcement, government entities, regulators, courts, or service providers, third parties, or other parties (for example, certificate holders or policyholders), as required or allowed by applicable law and/or for enforcement of or applying the TOS, such as for the legal and safety purposes described in “How We Use the Information We Collect” above, or otherwise to help prevent harm or fraud to us, you, or others.

• Anonymized information. We can disclose anonymized information relating to users of and others who access any Website or Service to any service provider, third party, and/or other party for any purpose, subject to applicable law.

• With your consent. We can disclose your information other than as described in this Privacy Policy if we notify you, and you consent to this disclosure.

• At your request. We can disclose your information to any other individual or service provider, third party, and/or other party at your request, subject to applicable law.

• For any other purpose with notice by us. We can disclose your information for any other purpose for which we provide you with notice, subject to applicable law.

• Cookies and other technologies; do not track. Please see “Cookies and Other Technologies; Do Not Track” above.

5. Links to Other Websites

This Privacy Policy applies only to the Websites and Services. The Websites and Services may have links to other websites, applications, information, content, or services to which this Privacy Policy does not apply. We do not endorse or assume any responsibility for any of such other websites, applications, information, content, or services. The policies and procedures we describe here do not apply to these websites, applications, information, content, or services. We neither can control, nor are responsible for the privacy practices or content of these websites, applications, information, content, or services. We suggest reviewing the privacy policies of these websites, applications, information, content, or services.

6. Children’s Privacy

We do not knowingly collect personal information from individuals under age thirteen (13). If you are under age thirteen (13), please do not access, use, or submit any personal information through, or in connection with, the Websites and Services. If you have reason to believe that we may have accidentally received personal information from an individual under age thirteen (13), please immediately email us at sfm_legal@sfmic.com.

7. How We Protect Your Information

We take physical, technological, and administrative measures to protect the information that you provide through, or in connection with, the Websites and Services from accidental or unlawful destruction, loss, or alteration, and from unauthorized access, use, or disclosure. Please be aware, however, that no security measures can guarantee absolute security. No Internet, email, or application transmission or method of electronic storage is ever fully secure or error free. Email or other communications, including without limitation, those sent through, or in connection with, the Websites and Services, may not be secure. You should use caution whenever submitting information through, or in connection with, the Websites and Services, and take special care in deciding which information you provide us with. To further protect yourself, you should safeguard your password and not share it with anyone. You should also sign off your account and close your browser window when you have finished your visit to a Website or Service.

8. Storage

Your personal information is stored on servers in various locations, including the United States. Your personal information may be disclosed in response to inquiries or requests from government authorities and regulators in any country in which we operate, namely, the United States. United States federal and state governments and regulators, courts or law enforcement, or regulatory agencies may be able to obtain disclosure of your information through laws applicable in the United States. By using or accessing a Website or Service, you understand that your information can be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

9. Retention

We will retain your personal information for as long as reasonably necessary for the purposes outlined in this Privacy Policy, while we have a legitimate business need to do so in connection with your user account, or as required by law (for example, for legal, tax, accounting, or other purposes), whichever is the longer.

If you have elected to receive email communications from us, we retain information about your email preferences until you opt out of receiving these email communications and in accordance with our policies.

To determine the appropriate retention period for the categories of your personal information, we will consider the amount, nature, and type of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information, whether we can achieve those purposes through other means, and the applicable legal requirements. In certain circumstances, we can anonymize your personal information, subject to applicable law.

10. Choices Regarding Your Information

You have choices regarding your information on the Websites and Services.

• Changing your information. You can make changes to your information, including without limitation, accessing your information, correcting or updating your information, or deleting your information by signing in to your account, emailing us at sfm_legal@sfmic.com, or via postal mail as described in “How to Contact Us” below, subject to applicable legal restrictions. We may take reasonable steps to verify your identity before providing access to, correction of, update of, or deletion of, your personal information.

• Email communications. You can make changes regarding receiving emails from us by emailing us at sfm_legal@sfmic.com. You also can opt out of receiving marketing emails from us by following the opt out or unsubscribe instructions in each such email. You may continue to receive service-related and other non-marketing emails.

• Postal mail. We can send you communications via postal mail. If you wish to opt out of communications sent via postal mail, please contact us via sfm_legal@sfmic.com or via postal mail as described in “How to Contact Us” below.

• Automated calls and text messages. Your consent to receive automated and/or marketing calls and text messages is completely voluntary, You may opt-out at any time by contacting SFM Legal Department at sfm_legal@sfmic.com, providing your name and telephone number and specifying that you want to opt out of automated and/or marketing calls and text messages (as the case may be). You may also reply “STOP” to any text message you receive from us. When opting out by text message, you acknowledge and agree to accept a final text message confirming your opt-out; this message may also seek to clarify the scope of your opt-out.

• Withdrawing consent. You can withdraw your consent to our use or disclosure of your information at any time by emailing us at sfm_legal@sfmic.com or via postal mail as described in “How to Contact Us” below.

• Cookies and other technologies; do not track. Please see “Cookies and Other Technologies; Do Not Track” above.

• Social networking service. You should make sure you are comfortable with what information from or about you may be disclosed to or collected by a social networking service. For what information is disclosed or collected and how it is used, please carefully review the social networking service’s privacy policy and terms and conditions, and modify your privacy settings directly on that service.

• Please see “Retention” above.

• Declining to provide information. We need to collect information to provide certain products and services. If you do not provide the information we request, we may not be able to provide certain products and services, including insurance and/or insurance-related products and services.

11. How To Contact Us

If you have any questions or comments about this Privacy Policy, please contact us via email at sfm_legal@sfmic.com or at the following postal address:

SFM Companies
PO Box 9416
Minneapolis, MN 55440
Attention: Legal Department

12. Changes to this Privacy Policy

We reserve the right to update or make changes to this Privacy Policy from time to time in our sole discretion, and we may notify you of changes by any reasonable means, including without limitation, by posting the revised version of this Privacy Policy on the Websites. You can determine when this Privacy Policy was last revised by referring to the “Effective Date and Last Revised” legend at the top of this Privacy Policy. Please return to this Privacy Policy to ensure familiarity with the most current version of this Privacy Policy. Your continued access or use of the Websites and Services after any changes to these TOS have been posted shall constitute your agreement and consent to such changes.