Skip to Main Content

Start Of Main Content

California Privacy Rights

The privacy notice(s) that apply to you vary based on the type of relationship you have with State Farm.

If you have financial products or services (banking, securities, or insurance) which are used primarily for personal, family, or household purposes or State Farm has your information in connection with these types of products, you are subject to the Notice of Privacy Policy which is required by the Gramm-Leach-Bliley Act (GLBA).

If you have insurance products (auto, homeowners, life, or health) or are a claimant or beneficiary related to insurance products primarily for personal, family, or household purposes, you are subject to the California Insurance Information and Privacy Protection Act notice. This notice may apply in addition to the notices described above, which are provided in accordance with GLBA and/or HIPAA.

If you are a State Farm employee or independent contractor agent and have enrolled in a State Farm group health plan or if you are a consumer who has purchased a health insurance policy, you are subject to the Health Insurance Portability and Accountability Act notice.

If you are a resident of California, you may have protections, subject to certain limitations, under the California Consumer Privacy Act (CCPA) notice. In general, consumers subject to this notice will be those who do not have an existing customer relationship with State Farm.

In addition to the information collection and sharing practices described above, State Farm website properties and mobile applications may use common tracking technologies. To learn more about our ads and tracking activities, click here.

For job applicants, click here to view the applicable CCPA notice.

Get Your

Notice of Privacy Policy Online

A Good Neighbor is a Green NeighborTM

California Consumer Privacy Act

If you are a California resident and would like to exercise your CCPA rights, utilize the applicable link below to access and complete the data access request form.

  • California Consumers with prior State Farm employment - Request Form
  • California Consumers without State Farm Account online access - Request Form
  • California Consumers with State Farm Account online access - Request Form

California Consumer Privacy Notice

We value your privacy.

This State Farm® California Consumer Privacy Notice describes how we collect, use, and disclose the personal information of California consumers and the rights prescribed by the California Consumer Privacy Act (CCPA).

Your Personal Information covered by this notice may also be protected by other laws such as the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and the Fair Credit Reporting Act (FCRA), and where applicable, those laws primarily govern how we use and disclose personal information. Our privacy notices concerning personal information protected by state laws, as well as by GLBA and HIPAA, can be found on our website. The website also provides information concerning our online advertisements and mobile applications.

This notice does not apply to California residents in their capacity as State Farm job applicants, current and former employees, contractors of State Farm, and persons we interact with in their capacity of representing another business.

This notice does not apply to Sundial Labs, LLC which has its own California privacy notice.

In the event of a conflict between this Notice and other State Farm privacy notices or policies, this Notice will prevail as to California consumers’ rights under the CCPA.


The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

We collect personal information from multiple sources, including directly from you or your agent, from other individuals, service providers or other third party vendors, publicly available sources, consumer reporting agencies, government agencies, or other businesses.

We collected and disclosed the following categories of personal information (in the last 12 months) about California consumers:

Categories of Personal Information Collected and Disclosed Categories of Third Parties to Whom Personal Information is Disclosed
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number or passport number. We may disclose identifiers to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
2. Personal Records such as physical characteristics or description, signature, telephone number, education, employment, employment history, insurance policy number, or any other financial information, medical information or health insurance information. We may disclose personal records to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
3. Classifications such as sex, marital status, familial status, race and gender. We may disclose classifications to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
4. Commercial Information such as personal property records, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We may disclose commercial information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
5. Biometric Information such as genetic, physiological, behavioral and biological characteristics, that can be used to establish individual identity, including but not limited to fingerprints, voiceprints, retina scans from which an identifier template can be extracted, other physical patterns and sleep, health or exercise data, that contain identifying information. We may disclose biometric information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
6. Internet Usage Information such as browsing history, search history, and information regarding your interaction with an Internet Web Site, application, or advertisement. We may disclose internet usage information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
7. Geolocation Data such as precise physical location or movements and travel patterns. We may disclose geolocation data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
8. Sensory Data such as audio recordings of customer care calls, electronic, visual or similar information. We may disclose sensory data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
9. Professional or Employment Information such as professional licenses or designations, employment history. We may disclose professional or employment information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
10. Education Information such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, education level, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records. We may disclose education information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
11. Inferences from Personal Information Collected such as creating a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We may disclose inferences to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.

We may disclose any or all of the categories of personal information collected for business purposes such as offering, developing and maintaining products and services, completing transactions with individuals or other businesses, preventing fraud, for our everyday business operations, or as required or permitted by law.

Personal information does not include public information lawfully made available from governmental records or de-identified or aggregate consumer information. We will implement technical safeguards to prohibit re-identification of de-identified information about you. We also reserve the right to create or allow others to create aggregate consumer information data sets by ensuring that individual consumer identities have been removed and are not linked or reasonably linkable to any consumer or household, including via a device. The CCPA does not require that such information be re-identified in response to a request made pursuant to the CCPA.



We collect, use, and disclose personal information to offer, provide, or maintain insurance and financial products and services and as otherwise related to the operation of our business, or as required or permitted by law. We may collect, use, and disclose the personal information we collect for one or more of the following business purposes:

  • Processing Interactions and Transactions such as customization of advertisements as a result of visiting one of our web pages.
  • Managing Interactions and Transactions such as auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Performing Services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Research and Development for technological development and demonstration.
  • Quality Assurance to verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
  • Security such as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.

We restrict the use of personal information that is shared with our vendors for business purposes.

We may collect, use, and disclose personal information for commercial purposes such as marketing. As described in the section below (“Sale of Personal Information”), we may also collect, use and disclose personal information for interest-based advertising.



We do not believe that we sell your personal information as “sell’ is defined by the CCPA. However, we do use third party cookies and tracking devices associated with our websites and mobile apps. While there is not yet a consensus about whether such practices constitute a “sale” of your personal information as defined by the CCPA, we nevertheless offer you choices about our use of certain tracking technologies, including for advertising purposes. You can exercise control over browser-based cookies by adjusting the settings on your browser. In addition, third party tools enable you to search for and opt-out of some of these devices, such as the Ghostery browser plug-in available at https://www.ghostery.com/. Further, we endeavor to comply with industry guidelines on behavioral advertising, and you can learn more about your choices regarding certain kinds of online interest-based advertising here. We do not represent that these third party tools, programs or statements are complete or accurate.



California consumers have the privacy rights described in this section, subject to certain limitations. Personal information protected by other laws such as the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley Act (GLBA)), the Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act (FCRA)) is exempted from the following CCPA rights.

You may submit a request described below or submit one through an authorized agent (examples of an authorized agent may include a power of attorney, guardian, conservator or one registered with the California Secretary of State). Requests submitted to us are subject to review, identification, and verification. We will acknowledge receipt of your request and provide information about processing the request and the verification process. We may ask you for information which allows us to confirm your identity in relation to information we currently have. In addition, we may require notarization of any forms submitted. We will reimburse you for reasonable fees incurred for the notarization of documents. We may also ask for documentation verifying that your designated agent is authorized to act on your behalf. We may not be able to fulfill your request if we are unable to verify you are the consumer that is the subject of the request, or that the agent is, in fact, authorized to act on your behalf.

We will make reasonable efforts to identify personal information that we collect, use, and disclose to respond to your request. In some instances we may not be able to process a request because, for example, we may not be able to sufficiently verify your identity based on the information you provide to us in response to our verification process. In such instances, we will provide you with a written explanation as to the reason we cannot process your request.

In some cases, we may suggest that you receive the most recent or a summary of your personal information and give you the opportunity to elect whether to receive the rest of your personal information. We reserve the right to direct you to where you may access and copy responsive personal information.

Instructions on making a request and submitting documentation are contained in the Contact Us section.



You have the right to request the following, which will be provided for the period that is 12 months prior to the request date:

  • The specific pieces of personal information we have collected about you and are maintaining;
  • The categories of personal information we have collected about you;
  • The categories of sources from which we collected your personal information;
  • The business or commercial purposes for our collecting or selling your personal information;
  • The categories of third parties to whom we have shared your personal information;
  • A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or a confirmation that no disclosure occurred.


You may request we delete your personal information we collected directly from you and are maintaining. There may be instances where we are unable to delete personal information. The personal information may be:

  • Necessary to complete a transaction or service you requested;
  • Needed for security purposes;
  • Needed to identify and repair system errors;
  • Needed for the exercise of free speech or exercise another right provided for by law;
  • Necessary for compliance with the California Electronic Communications Privacy Act;
  • Necessary for internal business purposes; or
  • Needed to comply with laws or legal obligations.


The CCPA gives California residents the right to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This is referred to as the right to opt-out.

However, as stated in the section of this notice entitled “Sale of Personal Information”, we do not believe that we sell your personal information as the term “sell’ is defined by the CCPA. However, we do use third party cookies and tracking devices associated with our websites and mobile apps. While there is not yet a consensus about whether such practices constitute a “sale” of your personal information as defined by the CCPA, we nevertheless offer you choices about our use of certain tracking technologies, including for advertising purposes. Please refer to the section entitled “Sale of Personal Information” for more detail on these choices.



We will not unlawfully discriminate against you for exercising your CCPA rights.


You may submit requests pursuant to the California Consumer Privacy Act (Right to Know or Delete) by one of three methods outlined below. Once a request is received, we will acknowledge receipt of the request. In addition to acknowledging your request, we may ask you for additional information, including information to verify your identity. In order to submit a request:

  • Call us toll free at 1-800-865-6035 1-800-865-6035 and we will assist you including verifying your identity. We may ask you for personal information such as name, phone number, address and/or date of birth. In order to complete authentication, we will send a verification code to the phone number or email you previously provided, or you may provide the Personal Identification Number associated with your State Farm account.
  • Use your State Farm online account:
    • Go to statefarm.com and log into your account using your user ID and password at the top right of the home page. Go to the CCPA section of the Privacy & Security page and then click on the “California Consumers with State Farm Account online access” link. Some of your personal information will pre-populate once the form is accessed. Follow the instructions on the form, then submit.
    • An online State Farm account is not required to submit a CCPA request. However, you may be able to create an online account at statefarm.com by clicking on “Manage Your Accounts” under the Customer Care section. Once created, you can access the form and submit it electronically as noted above.
  • Complete, print, notarize and return the Data Access Request Form via U.S. Mail. Attach any relevant documentation to the form.
    • You must verify your identity by having the form notarized. We will reimburse you for reasonable fees incurred for notarization of forms/documents for identity verification. Please send the original receipt for notary services along with the notarized forms/documents to us at the address listed on the Data Access Request Form for reimbursement.

For more information on your California privacy rights contact us at 1-800-865-6035 1-800-865-6035 or email us. Or, write to us at:

State Farm
Attention: Enterprise Compliance & Ethics - Office of Privacy, C-2
PO Box 2322
Bloomington, IL 61704-2322

Statistics regarding State Farm’s handling of CCPA related requests can be found here.

If you need a copy of this notice in an alternative accesible format, please contact us using any of the above contact methods.

Si desea recibir una copia de esta notificación en español, por favor, póngase en contacto con su agente de State Farm o visite es.statefarm.com.


Last Reviewed 10/2021
Last Updated 10/22/2021