Skip to content

/ LEGAL

Privacy Policy

Last updated: May 1, 2026

# Growth Marshal Privacy Policy

**Last Updated and Effective as of:** May 1, 2026

## 1. Introduction

Growth Marshal, LLC (“Growth Marshal,” “we,” “us,” or “our”) operates the website located at [https://www.growthmarshal.io](https://www.growthmarshal.io) and provides AI Business Integration services, including Generative Engine Optimization, AI Agent Systems, business development support, workflow automation, and related consulting and implementation services.

This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you visit our website, contact us, book a consultation, download resources, become a client, interact with our services, or authorize us to access third-party tools, accounts, platforms, or data sources in connection with our services.

This Privacy Policy applies to information we process about website visitors, prospective clients, clients, business contacts, client-authorized contacts, client customers or prospects, and other individuals whose information may be processed in connection with our services.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

## 2. Who We Are

Growth Marshal, LLC is a New York limited liability company.

Growth Marshal provides AI Business Integration services that help companies improve how they get found, sell, and operate. Our services may include Generative Engine Optimization, AI search visibility work, structured data and entity optimization, AI Agent Systems, workflow automation, outbound support, lead research, enrichment, CRM workflows, operational systems, and related consulting or implementation services.

## 3. Information We Collect

We collect different types of information depending on how you interact with us.

### 3.1 Information You Provide Directly

We may collect information you provide directly to us, including:

- Name
- Email address
- Phone number
- Company name
- Job title
- Website URL
- Business information
- Consultation requests
- Contact form submissions
- White paper or resource download information
- Communications with us
- Billing and payment-related information
- Information you provide during onboarding, discovery, strategy, implementation, or support

### 3.2 Website and Usage Information

When you visit our website, we may collect information automatically, including:

- IP address
- Browser type
- Device type
- Operating system
- Referring URLs
- Pages viewed
- Dates and times of visits
- Approximate location derived from IP address
- Interactions with our website
- Diagnostic and performance information

We may use cookies, pixels, tags, scripts, analytics tools, and similar technologies to operate, analyze, secure, and improve our website.

### 3.3 Consultation and Scheduling Information

If you book a consultation or meeting with us, we may collect information related to that booking, including your name, email address, company, meeting time, responses to booking questions, calendar metadata, and any information you provide in connection with the booking.

We may use third-party scheduling providers, such as Cal.com, to process consultation and meeting bookings.

### 3.4 Client Data

When we provide services to a client, we may process information provided by or on behalf of that client (“Client Data”). Client Data may include:

- Client business information
- Client website content
- CRM data
- Lead and prospect records
- Customer or contact information
- Sales pipeline information
- Support, onboarding, or operational workflow information
- Email, calendar, or communication metadata
- Internal business process information
- Information from client-authorized tools, platforms, APIs, accounts, or databases
- Other information reasonably necessary to provide the services

Clients are responsible for ensuring they have the necessary rights, permissions, notices, and legal bases to provide Client Data to us or authorize us to access Client Data.

### 3.5 Client-Authorized Customer, Lead, and Prospect Data

In connection with our services, we may process information about a client’s customers, leads, prospects, vendors, partners, or other business contacts. This may include names, email addresses, phone numbers, company names, job titles, public profile information, lead source information, CRM records, qualification details, communications, and related business information.

We process this information only as needed to provide services to our client, as authorized by the client, or as otherwise permitted by law.

### 3.6 Prospecting, Enrichment, and Public Business Information

If we provide business development, outbound, research, enrichment, or AI search visibility services, we may collect or process business contact information and publicly available information from sources such as company websites, search engines, directories, public databases, social and professional profiles, review platforms, media mentions, podcasts, public articles, structured data sources, knowledge graphs, and other publicly accessible sources.

This information may be used for lead research, enrichment, qualification, outreach support, market research, entity analysis, Generative Engine Optimization, structured data work, or other business-to-business services.

### 3.7 AI and Automation Data

When we build, operate, maintain, or support AI Agent Systems, workflow automations, or AI-assisted services, we may process data used as inputs, prompts, instructions, context, outputs, classifications, summaries, drafts, recommendations, tool calls, workflow steps, system actions, or operational events.

Depending on the engagement, AI Agent Systems may interact with client-authorized tools, generate drafts, classify leads, route information, update records, trigger workflows, or send communications if authorized.

### 3.8 Integration Credentials and Access Information

If a client authorizes us to connect to third-party tools, platforms, accounts, APIs, or systems, we may process access credentials, tokens, API keys, OAuth permissions, service account credentials, webhook secrets, or similar access information.

Where possible, we use scoped permissions, OAuth, API keys, service accounts, role-based access, or other limited-access methods rather than shared passwords. Clients are responsible for managing access permissions within their own systems and revoking access when appropriate.

We store integration credentials or access information only as reasonably necessary to provide the services and use reasonable safeguards designed to protect them.

### 3.9 Payment Information

We may provide paid services. We use third-party payment processors, including Stripe and Chargebee, to process payments. We do not store full payment card details on our own systems. Payment information is provided directly to payment processors and is governed by their privacy policies and security practices.

## 4. How We Use Information

We may use information for the following purposes:

- To operate, maintain, and improve our website
- To respond to inquiries and contact requests
- To schedule consultations and meetings
- To provide resources, downloads, and requested materials
- To communicate with you
- To provide, operate, maintain, support, and improve our services
- To perform discovery, strategy, implementation, reporting, and support
- To provide Generative Engine Optimization and AI search visibility services
- To create, update, optimize, or distribute public-facing business information, structured data, schema, profiles, listings, knowledge graph materials, content, citations, and related materials
- To build, operate, monitor, troubleshoot, and improve AI Agent Systems and workflow automations
- To process client-authorized data from third-party tools, platforms, systems, APIs, or integrations
- To perform lead research, enrichment, qualification, outbound support, CRM support, and business development workflows
- To draft, route, trigger, or send communications when authorized
- To analyze website and service performance
- To maintain security, prevent fraud, debug issues, and protect our rights
- To process payments and manage billing
- To comply with legal obligations
- To enforce our agreements
- For any other purpose disclosed to you at the time of collection or with your consent

## 5. AI and Automation Services

Growth Marshal provides AI Business Integration services that may include AI Agent Systems, AI-assisted workflows, automation, lead research, CRM workflows, outbound support, and operational systems.

In connection with these services, we may use artificial intelligence systems, large language models, automation tools, data processing systems, APIs, and third-party technology providers. These systems may process information provided by clients, information from client-authorized integrations, publicly available information, business contact information, and other data reasonably necessary to provide the services.

AI Agent Systems are not always fully autonomous. Depending on the client engagement, they may draft recommendations for human review, take actions only after approval, or perform authorized actions automatically. If a client authorizes automatic communications or workflow actions, the client is responsible for ensuring that such use complies with applicable laws, platform rules, industry obligations, and the client’s own privacy notices and customer commitments.

## 6. AI Model Training

We do not use Client Data to train artificial intelligence models unless we expressly agree otherwise in writing.

We may use learnings, know-how, configurations, templates, generalized patterns, workflows, performance insights, and de-identified or aggregated information to improve our services, provided that we do not disclose Client Data or use it to identify a client, individual, or confidential business information.

Third-party AI providers may process information as service providers or subprocessors in connection with providing AI functionality. We seek to use providers and configurations appropriate for the nature of the engagement, but clients should not provide sensitive, regulated, or highly confidential information unless it is necessary for the services and addressed in the applicable agreement.

## 7. Client-Authorized Integrations

Our services may require access to client-authorized systems, including CRMs, email platforms, calendars, analytics tools, advertising platforms, workflow tools, databases, communication platforms, customer support systems, project management systems, enrichment tools, and other business software.

When a client authorizes us to access such systems, we may process information available through those systems only as needed to provide the services, maintain integrations, troubleshoot issues, secure the services, and comply with applicable obligations.

Clients are responsible for:

- Ensuring they have the right to authorize our access
- Configuring appropriate permissions and access levels
- Maintaining the accuracy and legality of Client Data
- Providing required notices to their own customers, prospects, employees, contractors, or other individuals
- Ensuring their use of our services complies with applicable laws and contracts
- Revoking access when access is no longer needed

## 8. Generative Engine Optimization and Public-Facing Distribution

Our Generative Engine Optimization and AI search visibility services may involve creating, updating, optimizing, submitting, publishing, or distributing public-facing business information. This may include:

- Website content
- Structured data and schema
- Business profiles
- Directory listings
- Public biographies
- Public company descriptions
- Customer case studies
- Review platform information
- Knowledge graph materials
- Public databases
- Third-party mentions
- Editorial or contributed content
- Podcast, media, or public research references
- Other public-facing materials designed to improve discoverability, entity consistency, authority, or AI search visibility

Clients are responsible for ensuring that information they provide for public distribution is accurate, lawful, authorized, and not confidential unless intended for publication.

Unless otherwise agreed, we may use client names, logos, trademarks, case studies, results, testimonials, and related materials as permitted by our agreements with the client.

## 9. Communications and Outbound Support

If we provide outbound, business development, sales, or communication support, we may process business contact information, prospect information, enrichment data, lead records, CRM records, email drafts, message content, reply data, and related information.

Automated or AI-assisted systems may draft, classify, route, schedule, or send communications if authorized by the client. Clients are responsible for ensuring that outreach campaigns, communications, messaging, consent practices, unsubscribe handling, and related activities comply with applicable laws and platform requirements.

## 10. Cookies and Similar Technologies

We may use cookies and similar technologies to operate our website, remember preferences, analyze performance, improve functionality, secure the website, and understand how visitors interact with our website.

Cookies may include:

- Essential cookies required for website functionality
- Preference cookies that remember settings
- Analytics cookies that help us understand website performance
- Security cookies that help protect the website

You can instruct your browser to refuse cookies or alert you when cookies are being sent. If you disable cookies, some parts of the website may not function properly.

We do not currently use cookies or tracking technologies to sell personal information or share personal information for cross-context behavioral advertising. If that changes, we will update this Privacy Policy and provide any legally required notices or choices.

## 11. Analytics

We may use third-party analytics providers, including Google Analytics, to help us understand how visitors use our website and to improve website performance.

Analytics providers may collect information such as IP address, browser type, device information, pages visited, referring pages, and interactions with the website. These providers process information according to their own privacy policies and terms.

## 12. How We Disclose Information

We may disclose information in the following circumstances:

### 12.1 Service Providers and Vendors

We may disclose information to third-party service providers, vendors, contractors, and technology providers that help us operate our business and provide our services. These may include providers for:

- Hosting and infrastructure
- Analytics
- Scheduling
- Payment processing
- Email and communications
- CRM and sales tools
- Automation and workflow tools
- AI and large language model services
- Data enrichment and research
- Security
- Storage and backups
- Professional services
- Customer support
- Project management
- Development and operations

These providers may access information only as needed to perform services on our behalf or as otherwise permitted by their agreements with us.

### 12.2 Client-Directed Disclosures

We may disclose or transfer information as directed, authorized, or requested by a client, including through client-authorized integrations, workflows, publications, submissions, listings, emails, CRM updates, or other service-related actions.

### 12.3 Public Distribution

When our services involve public-facing content, structured data, directory listings, business profiles, public research, case studies, testimonials, knowledge graph work, or similar materials, information may be made publicly available as part of the services.

### 12.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be transferred or disclosed as part of that transaction.

### 12.5 Legal Compliance and Protection

We may disclose information when we believe it is necessary or appropriate to comply with law, legal process, government requests, enforce our agreements, protect our rights, investigate fraud or security issues, or protect the rights, property, or safety of Growth Marshal, our clients, users, or others.

### 12.6 With Consent

We may disclose information with your consent or at your direction.

## 13. No Sale of Personal Information

We do not sell personal information.

We do not currently share personal information for cross-context behavioral advertising.

We do not knowingly sell or share personal information of children under 16.

## 14. Sensitive Information

We do not intentionally request sensitive personal information unless it is necessary for a specific client engagement and addressed in the applicable agreement.

Sensitive personal information may include information such as government identification numbers, financial account credentials, precise geolocation, health information, biometric information, information about children, or other information subject to heightened legal protections.

Clients should not provide sensitive, regulated, or highly confidential information unless it is necessary for the services, authorized, and addressed in the applicable agreement. Clients are responsible for ensuring that their use of our services complies with any sector-specific obligations, including obligations related to healthcare, legal, financial, employment, children’s, or other regulated data.

## 15. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, provide the services, maintain security, troubleshoot issues, comply with legal obligations, resolve disputes, and enforce our agreements.

For Client Data, we retain information only as long as reasonably necessary to provide the services, comply with our legal and contractual obligations, maintain security, troubleshoot issues, and enforce our agreements, unless otherwise agreed in writing.

Some information may remain in backups, logs, archives, or records for a limited period after deletion, where permitted by law and subject to appropriate safeguards.

## 16. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

Clients are responsible for maintaining appropriate security controls within their own systems, accounts, platforms, and integrations, including permissions, passwords, user access, API access, and revocation of access.

## 17. International Data Transfers

Growth Marshal is based in the United States. If you access our website or services from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate.

Those countries may have data protection laws that differ from the laws of your jurisdiction.

## 18. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information, including the right to:

- Request access to personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of personal information
- Request a copy of personal information
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Opt out of certain uses or disclosures, where applicable

To exercise privacy rights, contact us at **hello@growthmarshal.io**.

We may need to verify your identity before responding to a request. We may deny or limit requests where permitted by law, including where information is needed to provide services, comply with legal obligations, protect security, resolve disputes, or enforce agreements.

## 19. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, depending on how the law applies to us and your relationship with us.

These rights may include:

- The right to know the categories of personal information we collect, use, disclose, sell, or share
- The right to know the specific pieces of personal information we have collected about you
- The right to request deletion of personal information
- The right to request correction of inaccurate personal information
- The right to opt out of the sale or sharing of personal information
- The right to limit the use or disclosure of sensitive personal information, where applicable
- The right not to be discriminated against for exercising privacy rights

We do not sell personal information. We do not currently share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of children under 16.

In the preceding 12 months, we may have collected the categories of personal information described in this Privacy Policy, including identifiers, commercial information, internet or electronic network activity information, professional or employment-related information, inferences, and other information you provide or that is processed in connection with our services.

We may disclose personal information to service providers, vendors, clients, client-authorized platforms, payment processors, analytics providers, scheduling providers, AI and automation providers, and other parties described in this Privacy Policy for business or commercial purposes.

To exercise California privacy rights, contact us at **hello@growthmarshal.io**.

## 20. Do Not Track and Opt-Out Preference Signals

Some browsers or tools may transmit “Do Not Track” or opt-out preference signals.

Because there is not a uniform industry standard for “Do Not Track,” our website may not respond to all such signals. However, we do not currently sell personal information or share personal information for cross-context behavioral advertising.

If we begin engaging in activities that require honoring legally recognized opt-out preference signals, we will update our practices and this Privacy Policy as required by applicable law.

## 21. Email Communications

We may send you emails related to inquiries, consultations, services, transactions, resources, updates, or marketing.

You may opt out of marketing emails by following the unsubscribe instructions in the email or contacting us at **hello@growthmarshal.io**. We may still send non-marketing emails related to transactions, services, security, legal notices, or administrative matters.

## 22. Third-Party Links and Services

Our website and services may contain links to third-party websites, platforms, tools, or services that we do not operate or control.

This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites or services. We encourage you to review their privacy policies.

## 23. Children’s Privacy

Our website and services are not intended for children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child has provided us with personal information, contact us at **hello@growthmarshal.io**, and we will take appropriate steps to delete the information where required by law.

## 24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When we update the Privacy Policy, we will revise the “Last Updated and Effective as of” date above. Changes are effective when posted unless otherwise stated.

We encourage you to review this Privacy Policy periodically.

## 25. Contact Us

If you have questions about this Privacy Policy or want to exercise privacy rights, contact us at:

Growth Marshal, LLC
New York, United States
Email: hello@growthmarshal.io