Privacy & Data Use

• Email & Role (optional): Provided when you request the Week 1 Right-Sizing Playbook or book time.
• Explicit Consent Flag: Whether you agreed to receive the two follow-up messages.
• Operational Events: Anonymous page interactions (e.g. booking success) pushed to a local dataLayer for analytics aggregation.
• Scheduling Inputs: Data you enter into the embedded Cal.com widget (handled under their policy).
• Server Logs: Minimal request logs (timestamp, route, status) for abuse detection and uptime diagnostics.

We do not collect: passwords, payment card data, sensitive personal categories, or behavioral heatmaps.

• Send the requested asset (playbook) and confirm delivery.
• Provide at most two consult-oriented follow-ups (day 3 + day 7) if you consented.
• Evaluate anonymized funnel performance (conversion ratios, not individual profiles).
• Protect the site from automated abuse and diagnose stability issues.
• Fulfill direct communication you initiate (contact form / scheduling).

Legal bases (where applicable): Consent (asset + follow-ups) and Legitimate Interest (security, performance, core service delivery).

We seek to keep cookies/lightweight storage minimal. Categories currently in use or potentially deployed:

No third‑party advertising, retargeting pixels, social media trackers, or fingerprinting scripts are intentionally deployed.

Submitting the playbook form requires checking a box that clearly states you consent to receive up to two follow-ups (day 3 and day 7). If you do not consent, we do not send any marketing or nurture emails—only transactional replies you explicitly trigger.

• Day 0: Asset delivery email.
• Day 3: Optional check-in / consult invitation.
• Day 7: Final executive / tactical session invitation.

After day 7, no further automated nurture emails are sent. You can opt out at any time by replying with “unsubscribe” or emailing privacy@marphil.us.

Lead records (email + consent flag) are stored in a minimal internal store. If no engagement occurs after the final follow-up, we may purge the record during periodic clean-ups (generally within 90–180 days).

Deletion / access requests: email privacy@marphil.us. We will remove or provide an export of your record within a reasonable timeframe (usually < 10 business days).

• Cal.com: Scheduling workflow (meeting logistics, confirmation emails).
• Email Infrastructure (SMTP / AWS SES / SendGrid): Asset delivery + follow-ups (only one active provider at a time).
• Hosting: Application hosting & edge delivery (may include regional replication & CDN caching).
• Error & Performance Monitoring (if enabled): Anonymous stack traces / timing metrics.

We select providers with encryption in transit and industry-standard security practices. Data residency may involve US and other regions depending on CDN edge caching.

• Access: Ask what data we hold.
• Deletion: Request removal at any time.
• Rectification: Correct an email/role mismatch.
• Restriction / Objection: Opt out of follow-ups instantly.
• Portability: Receive a simple export (JSON or text).

We respond to reasonable requests promptly and without unnecessary friction.

Controls include principle-of-least-privilege for operational email credentials, transport encryption (HTTPS / TLS), minimal data surface, and periodic dependency updates. We intentionally avoid collecting high-risk personal or financial data.

Incident response: If we ever discover unauthorized access affecting you, we will notify impacted contacts using the last known valid email.

Questions or requests: privacy@marphil.us

We may revise this policy to reflect process or provider changes. A new “Last Updated” date will appear at the top. Material changes (scope expansion or new tracking categories) will be clearly flagged.