AI privacy policy & data flow

Where your data goes when AI is involved.

This policy explains what we collect, how we use AI to process it, which third-party AI providers may be involved, and the safeguards that protect your information at each step.

Last updated: June 2026 · Version 1.0

The data flow, at a glance

01

Collection

You share business inputs, site access and goals through forms and onboarding.

02

Preparation

We minimize and structure data, removing unnecessary personal details before any AI step.

03

AI processing

Bounded prompts sent to vetted providers under no-training agreements.

04

Human review

Specialists validate, correct and approve. Nothing ships unreviewed.

05

Delivery & retention

Approved output is delivered; inputs are retained only as long as needed.

1. What we collect

  • Contact & business data — name, email, phone, company, website, country, industry and goals you submit.
  • Engagement data — materials, access credentials and assets you provide so we can deliver services.
  • Analytics data — standard website measurement (page views, events, CTA and form interactions, traffic source).
  • Performance data — metrics from your channels used to produce reporting and optimization.

2. How AI processes your data

  • Data minimization first. We send the smallest amount of information necessary, and strip identifiers that are not needed for the task.
  • No training on your data. We use AI providers under business/enterprise terms that contractually exclude your inputs from being used to train their models.
  • Bounded prompts. AI is given specific, scoped tasks — not open-ended access to your systems.
  • Human gate. AI output is reviewed by a person before it is delivered, published or executed.

3. Third-party AI & sub-processors

Depending on the task, your data may be processed by reputable third-party AI and infrastructure providers (for example, large language model and image providers, analytics platforms and hosting). We select providers that offer enterprise data-processing terms with no-training commitments, documented security practices, and clear data-retention and deletion options. A current list of sub-processors is available on request via [email protected].

4. Legal bases & your rights

We process data to perform our services (contract), to operate and improve our business (legitimate interests), and where required, with your consent (e.g. certain analytics cookies). Depending on your location, you may have rights to access, correct, delete, restrict or port your data, and to object to certain processing.

5. Retention

We keep personal and business data only as long as needed to deliver services, meet legal and accounting obligations, and support ongoing engagements. Prompt-level data sent to AI providers is retained according to the provider’s enterprise retention settings, which we configure for minimal retention where available.

6. Security

  • Access to client data is limited to team members who need it.
  • Credentials and sensitive assets are stored in access-controlled systems.
  • We avoid placing sensitive personal data into AI prompts unless strictly necessary and permitted.

7. International transfers

We serve clients in the United States and globally. Where data is transferred across borders (including to AI providers), we rely on appropriate safeguards such as standard contractual clauses and provider compliance programs.

8. Cookies & analytics

Our website uses analytics and tag-management tools to understand performance. You can control non-essential cookies through your browser and any consent banner presented on the site.

9. Contact

Questions about this policy or your data: [email protected]. See also our AI Transparency & Content Marking page.

This document is provided for transparency and does not constitute legal advice. It is a professional template that should be reviewed by qualified counsel and adapted to Meridian Growth’s actual practices and jurisdictions before being relied upon.