Privacy Policy
Last updated: July 7, 2026
**Last Updated and Effective as of:** July 7, 2026
## 1. Introduction
Growth Marshal, LLC, doing business as Marshal ("Marshal," "we," "us," or "our"), operates the website located at [https://www.runmarshal.com](https://www.runmarshal.com) and provides Managed AI Ops services for founder-led businesses.
Marshal designs, deploys, and operates AI agents and related systems for clients. Our services may include AI visibility work inside answer engines, Generative Engine Optimization ("GEO"), AI agent systems, workflow automation, business development support, lead research, enrichment, CRM workflows, customer support workflows, operational workflows, reporting systems, and related consulting, implementation, monitoring, and support.
This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you visit our website, contact us, book a consultation, download resources, become a client, interact with our services, or authorize us to access third-party tools, accounts, platforms, APIs, or data sources in connection with our services.
This Privacy Policy applies to information we process about website visitors, prospective clients, clients, business contacts, client-authorized contacts, client customers, client leads, client prospects, vendors, partners, and other individuals whose information may be processed in connection with our services.
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.
## 2. Who We Are
Growth Marshal, LLC is a New York limited liability company doing business as Marshal.
Marshal is headquartered in New York, United States.
For privacy questions or privacy rights requests, contact us at [privacy@runmarshal.com](mailto:privacy@runmarshal.com).
For general support questions, contact us at [support@runmarshal.com](mailto:support@runmarshal.com).
## 3. The Roles We Play
We process information in different roles depending on the context.
When we operate our website, manage prospective client communications, schedule meetings, handle billing, publish our own materials, or market our services, we generally act as an independent business responsible for that processing.
When we process Client Data on behalf of a client as part of a service engagement, we generally process that information as a service provider, contractor, processor, or similar role under applicable privacy laws, depending on the law and the engagement. In that context, the client is generally responsible for determining what data may be provided to us, what instructions apply, what notices or consents are required, and whether the client has the legal right to authorize us to process that data.
If a signed data processing agreement, statement of work, order form, or other written agreement between Marshal and a client conflicts with this Privacy Policy, that written agreement controls for the specific conflict.
## 4. Information We Collect
We collect different types of information depending on how you interact with us.
### 4.1 Information You Provide Directly
We may collect information you provide directly to us, including:
- Name
- Email address
- Phone number
- Company name
- Job title
- Website URL
- Business information
- Consultation requests
- Contact form submissions
- Resource download information
- Communications with us
- Billing and payment-related information
- Information you provide during onboarding, discovery, strategy, implementation, support, or account management
### 4.2 Website and Usage Information
When you visit our website, we may collect information automatically, including:
- IP address
- Browser type
- Device type
- Operating system
- Referring URLs
- Pages viewed
- Dates and times of visits
- Approximate location derived from IP address
- Interactions with our website
- Diagnostic, security, and performance information
We may use cookies, pixels, tags, scripts, analytics tools, and similar technologies to operate, secure, analyze, and improve our website.
### 4.3 Consultation and Scheduling Information
If you book a consultation or meeting with us, we may collect information related to that booking, including your name, email address, company, meeting time, responses to booking questions, calendar metadata, and any information you provide in connection with the booking.
We may use third-party scheduling providers, including Cal.com or similar providers, to process consultation and meeting bookings.
### 4.4 Client Data
When we provide services to a client, we may process information provided by or on behalf of that client ("Client Data"). Client Data may include:
- Client business information
- Client website content
- CRM data
- Lead, prospect, and customer records
- Sales pipeline information
- Customer support records
- Onboarding, implementation, or operations workflow information
- Email, calendar, or communication metadata
- Internal business process information
- Information from client-authorized tools, platforms, APIs, accounts, or databases
- Information reasonably necessary to build, deploy, operate, monitor, troubleshoot, or improve client-authorized systems
Clients are responsible for ensuring they have the necessary rights, permissions, notices, consents, contracts, and legal bases to provide Client Data to us or authorize us to access Client Data.
### 4.5 Client-Authorized Customer, Lead, Prospect, Vendor, and Partner Data
In connection with our services, we may process information about a client’s customers, leads, prospects, vendors, partners, or other business contacts. This may include names, email addresses, phone numbers, company names, job titles, public profile information, lead source information, CRM records, qualification details, communications, customer support details, and related business information.
We process this information only as needed to provide services to our client, as authorized by the client, as described in an applicable agreement, or as otherwise permitted by law.
### 4.6 Prospecting, Enrichment, and Public Business Information
If we provide business development, outbound, research, enrichment, or AI visibility services, we may collect or process business contact information and publicly available information from sources such as company websites, search engines, directories, public databases, social and professional profiles, review platforms, media mentions, podcasts, public articles, structured data sources, knowledge graphs, and other publicly accessible sources.
This information may be used for lead research, enrichment, qualification, outreach support, market research, entity analysis, GEO, structured data work, authority distribution, answer engine visibility work, or other business-to-business services.
### 4.7 AI and Automation Data
When we build, operate, maintain, monitor, or support AI agent systems, workflow automations, or AI-assisted services, we may process data used as inputs, prompts, instructions, context, outputs, classifications, summaries, drafts, recommendations, tool calls, workflow steps, system actions, logs, evaluation records, error records, approval records, exception queues, or operational events.
Depending on the engagement, AI agent systems may interact with client-authorized tools, generate drafts, classify leads, route information, update records, trigger workflows, create tasks, prepare reports, or send communications if authorized.
### 4.8 Integration Credentials and Access Information
If a client authorizes us to connect to third-party tools, platforms, accounts, APIs, or systems, we may process access credentials, tokens, API keys, OAuth permissions, service account credentials, application passwords, webhook secrets, or similar access information.
Where reasonably practical, we use scoped permissions, OAuth, API keys, service accounts, role-based access, secrets management, or other limited-access methods rather than shared passwords.
We store integration credentials or access information only as reasonably necessary to provide the services and use reasonable safeguards designed to protect them. Clients are responsible for managing permissions within their own systems and revoking access when appropriate.
### 4.9 Payment Information
We may provide paid services. We use third-party payment processors, including Stripe, Chargebee, or similar providers, to process payments. We do not store full payment card details on our own systems. Payment information is provided directly to payment processors and is governed by their privacy policies and security practices.
## 5. How We Use Information
We may use information for the following purposes:
- To operate, maintain, secure, and improve our website
- To respond to inquiries and contact requests
- To schedule consultations and meetings
- To provide resources, downloads, and requested materials
- To communicate with you
- To provide, operate, maintain, monitor, support, and improve our services
- To perform discovery, strategy, implementation, reporting, account management, and support
- To provide GEO, answer engine visibility, structured data, entity optimization, and related public-facing services
- To create, update, optimize, submit, or distribute public-facing business information, schema, profiles, listings, citations, and related materials
- To build, deploy, operate, monitor, troubleshoot, and improve AI agent systems and workflow automations
- To process client-authorized data from third-party tools, platforms, systems, APIs, or integrations
- To perform lead research, enrichment, qualification, outbound support, CRM support, and business development workflows
- To draft, route, trigger, or send communications when authorized
- To maintain approval gates, exception queues, logs, audit trails, and operational records
- To analyze website and service performance
- To maintain security, prevent fraud, debug issues, and protect our rights
- To process payments and manage billing
- To comply with legal obligations
- To enforce our agreements
- For any other purpose disclosed to you at the time of collection or with your consent
## 6. AI and Automation Services
Marshal provides Managed AI Ops services that may include AI agent systems, AI-assisted workflows, automation, lead research, CRM workflows, outbound support, customer support workflows, and operational systems.
In connection with these services, we may use artificial intelligence systems, large language models, automation tools, data processing systems, APIs, and third-party technology providers. These systems may process information provided by clients, information from client-authorized integrations, publicly available information, business contact information, and other data reasonably necessary to provide the services.
AI agent systems are not always fully autonomous. Depending on the engagement, they may draft recommendations for human review, take actions only after approval, or perform authorized actions automatically. If a client authorizes automatic communications or workflow actions, the client is responsible for ensuring that such use complies with applicable laws, platform rules, industry obligations, the client’s own privacy notices, and the client’s customer commitments.
We do not use website visitor information for solely automated decisions that produce legal or similarly significant effects. Client-authorized AI systems may process Client Data as instructed by the client, and the client remains responsible for determining whether additional notices, consents, review procedures, or safeguards are required.
## 7. AI Model Training
We do not use Client Data to train artificial intelligence models unless we expressly agree otherwise in writing.
We may use learnings, know-how, configurations, templates, generalized patterns, workflows, performance insights, and de-identified or aggregated information to improve our services, provided that we do not disclose Client Data or use it to identify a client, individual, or confidential business information.
Third-party AI providers may process information as service providers, subprocessors, or technology vendors in connection with providing AI functionality. We seek to use providers and configurations appropriate for the nature of the engagement, but clients should not provide sensitive, regulated, or highly confidential information unless it is necessary for the services and addressed in the applicable written agreement.
## 8. Client-Authorized Integrations and Credentials
Our services may require access to client-authorized systems, including CRMs, email platforms, calendars, analytics tools, advertising platforms, workflow tools, databases, communication platforms, customer support systems, CMS platforms, hosting accounts, project management systems, enrichment tools, and other business software.
When a client authorizes us to access such systems, we may process information available through those systems only as needed to provide the services, maintain integrations, troubleshoot issues, secure the services, comply with applicable obligations, and enforce agreements.
Clients are responsible for:
- Ensuring they have the right to authorize our access
- Configuring appropriate permissions and access levels
- Maintaining the accuracy, legality, and quality of Client Data
- Providing required notices to their own customers, prospects, employees, contractors, vendors, or other individuals
- Ensuring their use of our services complies with applicable laws and contracts
- Revoking access when access is no longer needed
## 9. Generative Engine Optimization and Public-Facing Distribution
Our GEO, answer engine visibility, structured data, entity optimization, authority distribution, and related services may involve creating, updating, optimizing, submitting, publishing, or distributing public-facing business information. This may include:
- Website content
- Structured data and schema
- Business profiles
- Directory listings
- Public biographies
- Public company descriptions
- Customer case studies
- Review platform information
- Knowledge graph materials
- Public databases
- Third-party mentions
- Editorial or contributed content
- Podcast, media, or public research references
- Other public-facing materials designed to improve discoverability, entity consistency, authority, or AI search visibility
Clients are responsible for ensuring that information they provide for public distribution is accurate, lawful, authorized, non-infringing, and not confidential unless intended for publication.
Unless otherwise agreed, we may use client names, logos, trademarks, case studies, results, testimonials, and related materials as permitted by our agreements with the client.
## 10. Communications and Outbound Support
If we provide outbound, business development, sales, customer support, or communication support, we may process business contact information, prospect information, enrichment data, lead records, CRM records, email drafts, message content, reply data, and related information.
Automated or AI-assisted systems may draft, classify, route, schedule, or send communications if authorized by the client. Clients are responsible for ensuring that outreach campaigns, communications, messaging, consent practices, unsubscribe handling, customer notices, and related activities comply with applicable laws and platform requirements.
## 11. Cookies and Similar Technologies
We may use cookies and similar technologies to operate our website, remember preferences, analyze performance, improve functionality, secure the website, and understand how visitors interact with our website.
Cookies may include:
- Essential cookies required for website functionality
- Preference cookies that remember settings
- Analytics cookies that help us understand website performance
- Security cookies that help protect the website
You can instruct your browser to refuse cookies or alert you when cookies are being sent. If you disable cookies, some parts of the website may not function properly.
We do not currently use cookies or tracking technologies to sell personal information or share personal information for cross-context behavioral advertising. If that changes, we will update this Privacy Policy and provide any legally required notices or choices.
## 12. Analytics
We may use third-party analytics providers, including Google Analytics or similar providers, to help us understand how visitors use our website and to improve website performance.
Analytics providers may collect information such as IP address, browser type, device information, pages visited, referring pages, and interactions with the website. These providers process information according to their own privacy policies and terms.
## 13. How We Disclose Information
We may disclose information in the following circumstances.
### 13.1 Service Providers and Vendors
We may disclose information to third-party service providers, vendors, contractors, advisors, and technology providers that help us operate our business and provide our services. These may include providers for:
- Hosting and infrastructure
- Analytics
- Scheduling
- Payment processing
- Email and communications
- CRM and sales tools
- Automation and workflow tools
- AI and large language model services
- Data enrichment and research
- Security and secrets management
- Storage and backups
- Monitoring and logging
- Professional services
- Customer support
- Project management
- Development and operations
These providers may access information only as needed to perform services on our behalf or as otherwise permitted by their agreements with us.
### 13.2 Client-Directed Disclosures
We may disclose or transfer information as directed, authorized, or requested by a client, including through client-authorized integrations, workflows, publications, submissions, listings, emails, CRM updates, customer support actions, reports, or other service-related actions.
### 13.3 Public Distribution
When our services involve public-facing content, structured data, directory listings, business profiles, public research, case studies, testimonials, knowledge graph work, or similar materials, information may be made publicly available as part of the services.
### 13.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, change of control, or similar transaction, information may be transferred or disclosed as part of that transaction.
### 13.5 Legal Compliance and Protection
We may disclose information when we believe it is necessary or appropriate to comply with law, legal process, government requests, enforce our agreements, protect our rights, investigate fraud or security issues, or protect the rights, property, or safety of Marshal, our clients, users, or others.
### 13.6 With Consent
We may disclose information with your consent or at your direction.
## 14. No Sale of Personal Information
We do not sell personal information.
We do not currently share personal information for cross-context behavioral advertising or retargeting.
We do not knowingly sell or share personal information of children under 16.
## 15. Sensitive and Regulated Information
We do not intentionally request sensitive personal information unless it is necessary for a specific client engagement and addressed in the applicable written agreement.
Sensitive personal information may include information such as government identification numbers, financial account credentials, precise geolocation, health information, biometric information, information about children, account login credentials, private keys, secrets, privileged legal information, employment records, consumer reports, or other information subject to heightened legal protections.
Clients should not provide sensitive, regulated, or highly confidential information unless it is necessary for the services, authorized, and addressed in the applicable written agreement. Clients are responsible for ensuring that their use of our services complies with any sector-specific obligations, including obligations related to healthcare, legal, financial, insurance, employment, education, children’s, or other regulated data.
Unless expressly agreed in writing, Marshal does not act as a HIPAA business associate, financial institution service provider, law firm, legal professional, employment decision-maker, consumer reporting agency, or regulated professional services provider.
## 16. Data Retention
We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, provide the services, maintain security, troubleshoot issues, comply with legal obligations, resolve disputes, and enforce our agreements.
For Client Data, we retain information only as long as reasonably necessary to provide the services, comply with our legal and contractual obligations, maintain security, troubleshoot issues, and enforce our agreements, unless otherwise agreed in writing.
Some information may remain in backups, logs, archives, or records for a limited period after deletion, where permitted by law and subject to appropriate safeguards.
## 17. Data Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.
These safeguards may include access controls, scoped permissions, secrets management, limited-access methods, vendor controls, monitoring, logging, backup practices, and internal review procedures appropriate for the nature of the information and engagement.
However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
Clients are responsible for maintaining appropriate security controls within their own systems, accounts, platforms, and integrations, including permissions, passwords, user access, API access, backups, and revocation of access.
## 18. International Data Transfers
Marshal is based in the United States. If you access our website or services from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate.
Those countries may have data protection laws that differ from the laws of your jurisdiction.
If an engagement requires additional international transfer terms, data processing terms, or similar documentation, those terms must be addressed in the applicable written agreement.
## 19. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information, including the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of personal information
- Request a copy of personal information
- Object to or restrict certain processing
- Opt out of certain uses or disclosures, where applicable
- Withdraw consent where processing is based on consent
- Appeal a privacy rights decision where required by law
To exercise privacy rights, contact us at [privacy@runmarshal.com](mailto:privacy@runmarshal.com).
We may need to verify your identity before responding to a request. We may deny or limit requests where permitted by law, including where information is needed to provide services, comply with legal obligations, protect security, resolve disputes, or enforce agreements.
If your request relates to information we process on behalf of a client, we may direct you to that client or handle the request in coordination with that client.
## 20. State Privacy Rights and California Notice
Depending on your state of residence and how applicable law applies to us, you may have additional rights regarding personal information.
For California residents, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, may provide rights including access, deletion, correction, portability, opt out of sale or sharing, limitation of certain sensitive personal information uses, and non-discrimination for exercising privacy rights.
We do not sell personal information. We do not currently share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of children under 16.
In the preceding 12 months, we may have collected the following categories of personal information, depending on your relationship with us:
| Category | Examples | Sources | Purposes | Disclosures |
| --- | --- | --- | --- | --- |
| Identifiers | Name, email address, phone number, company, IP address, account identifiers | You, clients, public sources, service providers, client-authorized systems | Communications, services, support, security, billing, website operation | Service providers, clients, client-authorized systems, vendors |
| Commercial information | Services purchased, billing records, transaction details, client relationship information | You, clients, payment providers, service providers | Billing, account management, services, legal compliance | Payment processors, service providers, advisors |
| Internet or network activity | Pages viewed, device data, browser data, referral data, logs, interactions | Website, analytics providers, security tools | Website operation, analytics, security, debugging | Analytics providers, infrastructure providers, security vendors |
| Professional or employment-related information | Company, job title, role, business contact details, public profile information | You, clients, public sources, enrichment providers | B2B services, outreach support, qualification, account management | Clients, service providers, enrichment vendors |
| Approximate geolocation | Location derived from IP address | Website, analytics providers | Website operation, analytics, security | Analytics providers, infrastructure providers |
| Sensitive personal information | Account login credentials, access tokens, API keys, financial account-related information, regulated information when required for a written engagement | Clients, client-authorized systems, service providers | Integration access, security, service delivery, legal compliance | Service providers, client-authorized systems, vendors as needed for services |
| Inferences and business insights | Lead qualification, account attributes, operational patterns, performance insights | Clients, public sources, service providers, service activity | Services, reporting, optimization, service improvement | Clients, service providers |
| Other information you provide | Form submissions, messages, files, meeting notes, support requests | You, clients, client-authorized systems | Communications, support, services, legal compliance | Service providers, clients, vendors as needed |
We use sensitive personal information only for purposes permitted by law, such as providing services, maintaining security, processing authorized integrations, preventing fraud, and complying with legal obligations. We do not use sensitive personal information to infer characteristics about individuals unless permitted by law and necessary for the engagement.
To exercise California privacy rights or other state privacy rights, contact us at [privacy@runmarshal.com](mailto:privacy@runmarshal.com). Authorized agents may submit requests where permitted by law, but we may require proof of authorization and identity verification.
## 21. Do Not Track and Opt-Out Preference Signals
Some browsers or tools may transmit "Do Not Track" or opt-out preference signals.
Because there is not a uniform industry standard for "Do Not Track," our website may not respond to all such signals. However, we do not currently sell personal information or share personal information for cross-context behavioral advertising.
If we engage in activities that require honoring legally recognized opt-out preference signals, we will honor those signals to the extent required by applicable law and update our practices as needed.
## 22. Email Communications
We may send you emails related to inquiries, consultations, services, transactions, resources, updates, or marketing.
You may opt out of marketing emails by following the unsubscribe instructions in the email or contacting us at [privacy@runmarshal.com](mailto:privacy@runmarshal.com). We may still send non-marketing emails related to transactions, services, security, legal notices, or administrative matters.
## 23. Third-Party Links and Services
Our website and services may contain links to third-party websites, platforms, tools, or services that we do not operate or control.
This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites or services. We encourage you to review their privacy policies.
## 24. Children’s Privacy
Our website and services are not intended for children under 13, and we do not knowingly collect personal information from children under 13 through our website.
If you believe a child has provided us with personal information, contact us at [privacy@runmarshal.com](mailto:privacy@runmarshal.com), and we will take appropriate steps to delete the information where required by law.
If a client engagement requires processing information about children, students, minors, or other protected groups, the client is responsible for notifying us in advance and ensuring that the processing is authorized, lawful, and addressed in the applicable written agreement.
## 25. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we update the Privacy Policy, we will revise the "Last Updated and Effective as of" date above. Changes are effective when posted unless otherwise stated.
We encourage you to review this Privacy Policy periodically.
## 26. Contact Us
If you have questions about this Privacy Policy or want to exercise privacy rights, contact us at:
Growth Marshal, LLC, doing business as Marshal
New York, United States
Email: privacy@runmarshal.com