Peak Re

Legal

StormView Privacy Policy

Last updated: June 2026

1. Who We Are

Peak Reinsurance Company Limited ("Peak Re", "we", "us", or "our") operates StormView. This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data in connection with StormView.

2. Scope of This Policy

This Privacy Policy applies to personal data processed through StormView. It is intended for authorised clients, Peak Re personnel, and other approved users of the service. It does not describe every other website, platform, or service that may be operated by Peak Re or by unrelated third parties.

3. Personal Data We Collect

Depending on how you use StormView, we may collect and process:

  • Identity and account data, such as your name, username, email address, and unique account or directory identifiers;
  • Upload and job metadata, such as the files you submit for analysis, related filenames, submission parameters, and processing metadata. StormView is designed for non-personal exposure data only; you must not include personal data in uploaded files or filenames (see Section 4A).
  • Job and output records, such as submission parameters, run identifiers, analysis history, generated artefact references, and job status information;
  • Technical and usage data, such as IP address, timestamps, and service or security logs. Additional technical request data (such as browser or device information) may be processed by our hosting, security, and authentication providers, as described in the Cookies Policy; and
  • Support or correspondence data, such as information you provide when contacting us about StormView, privacy, or legal matters.

4. How We Collect Personal Data

We collect personal data directly from you when you use StormView, submit files, or contact us. We also receive certain account and identity information from the authentication layer or identity provider used to control access to the service. In addition, StormView generates operational, security, and audit records as part of normal service use.

4A. Personal Data in Uploads

StormView is built to analyse non-personal exposure data (such as location coordinates, insured values, and building characteristics). Personal data is neither required nor intended in any file you upload. Before submission you must confirm that the file and its filename contain no personal data, and StormView runs an automated, sample-based screening control over file headers and sampled file content that rejects uploads in which personal data is detected.

These controls reduce but do not eliminate the risk that personal data is submitted. Where personal data is nonetheless included — for example, filename personal data is not currently detected by the automated file-content screening control — that data may be incidentally processed and stored as part of the uploaded content until it is removed. You remain responsible for ensuring your uploads do not contain personal data.

5. How We Use Personal Data

We may use personal data for the following purposes:

  • to authenticate users and manage access to StormView;
  • to receive, store, process, and return the files and analysis jobs you submit;
  • to maintain job history, generated outputs, and service records;
  • to secure StormView, detect misuse, investigate incidents, and maintain audit trails;
  • to troubleshoot, support, maintain, and improve the service; and
  • to comply with legal, regulatory, contractual, or internal governance requirements.

6. Legal Bases

Depending on the context and applicable law, our legal bases for processing may include legitimate interests, performance of a contract or steps taken at your request before entering into a contract, compliance with legal obligations, and other lawful grounds that apply to the relationship between you and Peak Re.

7. Sharing and Disclosure

We may share personal data with:

  • relevant Peak Re personnel and affiliated internal teams on a need-to-know basis;
  • hosting, storage, infrastructure, security, and support providers that help us operate and protect StormView, including Microsoft Azure and Cloudflare;
  • third-party service providers that support specific features or functionality of StormView, including Mapbox for map rendering, Google Fonts for fallback typography, and Tailwind CSS CDN for script delivery;
  • professional advisers, auditors, insurers, regulators, courts, law-enforcement bodies, or other authorities where required or appropriate; and
  • other parties in connection with a corporate transaction, restructuring, or legal claim where permitted by law.

We do not sell personal data collected through StormView for marketing purposes.

8. International Transfers

StormView may involve storage, remote access, or support activity across more than one jurisdiction. Where personal data is transferred across borders, Peak Re will use contractual, organisational, or other safeguards that are appropriate under applicable law.

9. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including operational, security, compliance, and record-keeping purposes. The main categories are currently handled as follows:

  • Uploaded source files: in the hosted service, an uploaded source file is deleted on a best-effort basis after its analysis job reaches a terminal state (completed, or failed after any retries are exhausted).
  • Transient queue data: job-processing results and failure records held in the task queue expire automatically after 24 hours.
  • Generated outputs, run artefacts, and job metadata (including stored job logs): retained for 2 years for existing clients and 1 year for new clients, after which they are deleted in line with our data retention and deletion controls.
  • Platform operational, security, and audit logs: retained for 90 days.

10. Security

We use technical and organisational measures designed to protect personal data processed through StormView. However, no system can be guaranteed to be completely secure, and you should not assume that transmission or storage is risk-free in every circumstance.

11. Your Rights

Subject to applicable law, you may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal data, or to request data portability or lodge a complaint with a competent authority. Those rights may be subject to verification, legal exceptions, and practical limitations relevant to the context in which StormView is used.

12. Cookies and Similar Technologies

In the hosted production service, Microsoft Azure's authentication layer (Easy Auth) may set strictly necessary cookies used for the sign-in handshake and authenticated browser session. StormView application code does not set its own cookies. For more detail, see the StormView Cookies Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date shown on this page indicates when this version was last revised.

14. Contact

StormView is operated by Peak Reinsurance Company Limited, which is the controller for the personal data it processes through StormView (as described in Section 3). Questions about this Privacy Policy, the personal data processed through StormView, or the exercise of privacy rights are handled by the StormView project team at [email protected].