Legal

Privacy Policy

What data is collected, how it is used, and how it is protected.

Version 1.1  ·  Last updated: May 2026  ·  Marshall Williams Consulting

1. Overview

Marshall Williams Consulting ("Consultant," "I," "me") is committed to protecting the privacy of all clients and website visitors. This policy describes what information is collected, how it is used, and the protections in place during and after an engagement.

By using this website or engaging the Consultant's services, you agree to the practices described in this policy.

2. Information Collected

2.1 Website Contact and Intake Forms

When you submit the contact form or intake form, the following information is collected:

  • Full name
  • Email address
  • Company or organization name (optional)
  • Service and package selection
  • Environment and scope description
  • IP address (recorded by the server at form submission)

This information is used solely to process your request, communicate with you about your engagement, and deliver the agreed service.

2.2 Payment Information

Payment is processed by Stripe, a third-party payment processor. The Consultant does not collect, store, or have access to credit card numbers, bank account information, or other payment credentials. All payment data is handled directly by Stripe under their own privacy policy and PCI DSS compliance program.

2.3 Engagement Data

During an engagement, the Client may provide or grant access to data such as:

  • Microsoft 365 tenant access credentials
  • Sign-in logs, audit logs, or email exports
  • Scripts, code, or data files for review or processing
  • Business data for analysis or reporting

This data is accessed and processed solely within the dedicated virtual machine provisioned for the engagement. It is not copied to any other system, shared with any third party, or retained after the engagement concludes.

2.4 Website Analytics

This website does not use Google Analytics, Facebook Pixel, or other third-party tracking scripts. Basic access logs (IP address, requested URL, timestamp) may be retained by the web server for up to 30 days for security and operational purposes, then deleted.

3. How Information Is Used

Information collected through forms and engagement intake is used to:

  • Process and fulfill the engagement request
  • Communicate with the Client about their project
  • Send the delivery confirmation and VM Destruction Certificate
  • Respond to support or billing inquiries

Client information is never sold, rented, shared with, or disclosed to third parties for marketing or any other purpose.

4. Data Retention

4.1 Engagement Data

All Client data provided during an engagement — including credentials, files, audit logs, scripts, and any other material — is stored exclusively within the dedicated VM for that engagement. The VM is kept for a 3-business-day revision window after delivery, then fully destroyed. No engagement data is retained after VM destruction.

4.2 Contact and Intake Records

Name and email address may be retained in email records for up to 12 months for the purpose of responding to follow-up questions, issuing receipts, or handling billing disputes. After 12 months, records are deleted.

4.3 Payment Records

Transaction records (amount, date, service type) may be retained for up to 7 years for accounting and tax purposes. These records do not contain payment credentials or sensitive financial data.

5. VM Isolation & Security

Every engagement runs inside a dedicated virtual machine on a private, self-hosted Proxmox infrastructure. Key protections include:

  • Each VM is provisioned fresh — never reused between clients
  • The VM operates on an isolated network segment with no routing to other client environments
  • No client data is ever stored outside the dedicated VM
  • The VM is kept for a 3-business-day revision window, then fully destroyed — not archived
  • A signed VM Destruction Certificate is issued after destruction confirming provision and destruction dates

6. Third-Party Services

The following third-party services may process data in connection with this website or engagements:

  • Stripe — payment processing. Stripe's privacy policy governs their handling of payment data.
  • Web hosting provider — the server that hosts this website. Standard server logs may be retained per the provider's policies.

No other third-party services are used. There are no advertising networks, social media integrations, or tracking pixels on this website.

7. Your Rights

You have the right to:

  • Request confirmation of what personal data is held about you
  • Request deletion of your contact records at any time (subject to legal retention obligations)
  • Revoke access credentials provided for an engagement at any time
  • Receive a copy of your VM Destruction Certificate upon request

To exercise these rights, contact: [email protected]

8. Security

Reasonable technical and organizational measures are in place to protect data against unauthorized access, including network isolation of engagement VMs, encrypted communications, and access controls on the hosting infrastructure. No method of transmission or storage is 100% secure, and the Consultant cannot guarantee absolute security.

9. Children's Privacy

This website and services are not directed at individuals under 18 years of age. The Consultant does not knowingly collect personal information from minors.

10. Changes to This Policy

This policy may be updated periodically. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of services after updates constitutes acceptance of the revised policy.

11. Contact

Privacy questions or requests may be sent to: [email protected]

Start an Engagement Terms of Service