Guidewire’s Notice of Certification Under the EU-U.S. Data Privacy Framework, the UK Extension and Swiss-U.S. Data Privacy Framework
Effective: March 24th, 2026
Guidewire Software, Inc. is involved in the processing of personal information (hereafter referred to as “we” or “Guidewire”) per the categories specified below, and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “Data Privacy Framework”), as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland.
The U.S. Guidewire parent corporation covered by this certification is:
Guidewire Software, Inc.
970 Park Pl
Suite 200
San Mateo, CA 94403.
If there is any conflict between the terms in this Notice and the Data Privacy Framework Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit the Data privacy framework website.
Categories of Personal Information Transferred
The types of personal information processed by Guidewire vary based upon our cloud services contracted by and provisioned to each Guidewire customer. Customers define the specific categories of personal information that need to be processed by Guidewire on their behalf within each individual customer contract. Guidewire provides cloud services and intelligent insurance, including data and analytics, specifically designed for property and casualty (P&C) insurers, supporting the entire insurance lifecycle, from underwriting and policy administration to claims and billing. When providing these cloud services, Guidewire processes customer data that customers submit and the processing is based on instructions provided by the customer to Guidewire. The nature and scope of the customer data submitted is determined by Guidewire’s customers and will be information about their customers (insureds), prospects, employees and agents, and any other person dealing with insurance contracts, including claims, underwriting and billing, and users of online tools, such as contact information, purchases, and billing information.
Purposes of Transfers
Guidewire processes customer data submitted by customers to fulfill the services and to offer customer support in accordance with the instructions of Guidewire customers. This may include accessing the data to operate the services and to respond to support requests, to address and resolve technical or service problems, and to comply with contractual obligations.
Third-party Recipients
We use a limited number of third-party service providers to assist us in providing our services to our customers. These third-party service providers offer hosting services, transactional event logging and observability, and in some instances, assist with the transmission of data, identity management, and support and other technical operations. We maintain contracts with our third-party service providers restricting their access, use and disclosure of personal information in compliance with our Data Privacy Framework obligations, including the onward transfer provisions. Guidewire remains contractually-liable under the Data Privacy Framework for onward transfers if our third-party providers, acting as agents on our behalf, fail to meet those obligations, unless we prove we are not responsible for the event giving rise to the damage.
Data Subject rights
If European Union or European Union member state law, United Kingdom law or Swiss law applies to the processing of your data, you have the right to request access, rectification, deletion and portability of your personal data, the right to object to processing and to request the restriction of such processing. Guidewire is committed to upholding these rights through our Data Privacy Framework self-certification. Since Guidewire processes personal information on behalf of Guidewire customers as a processor, we encourage you to first contact the Guidewire customer-controller to whom you submitted your personal information to exercise your rights.
In compliance with the Data Privacy Framework, Guidewire commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the Data Privacy Framework should first contact Guidewire at: privacy@guidewire.com.
Guidewire Software commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.trustarc.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
If neither Guidewire nor our dispute resolution provider resolves your complaint regarding DPF compliance, you have the option, under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel. For further details on this option, please refer to Annex I of the Data Privacy Framework Principles.
U.S. Federal Trade Commission
Guidewire’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Guidewire may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. For more information on our DPF certification and how we handle requests, please read our DPF FAQs.