Your data,
your terms.
Marrow is account-based. Your household model is stored encrypted in our database with per-account isolation. This page spells out what we collect, what we don't, and what your rights are.
What we collect
Marrow is account-based. We collect the minimum needed to operate the service and keep your household model intact across sessions.
Account data
Your email address, a hashed password, and an optional display name.
Household data
The household model you build through onboarding and ongoing edits — members, accounts, holdings, plan, goals, LLCs, properties, debts, policies, estate items, and conversations. All stored encrypted at rest in our Postgres database, with per-account isolation enforced at the database layer.
AI-assisted features
When you use the assistant or run strategy discovery, the relevant household context is sent to Anthropic via OpenRouter for that single request only. It is not stored by Anthropic beyond their inference window and is not used to train models. Your conversation transcripts are stored against your household so you can resume them.
What we don't do
- No model training. Your data is not used to train any AI model — ours or any provider's.
- No selling. We do not sell your data to advertisers, brokers, or any third party.
- No sharing. We do not share your data with partners, affiliates, or analytics vendors. The one exception is the AI provider, on a per-request basis, for the duration of that request only.
- No advertising. Marrow does not run ads, profile you for ad targeting, or embed third-party ad networks.
- No tracking pixels. We do not run third-party tracking pixels on planning pages.
How we use what we collect
- To provide the planning service — store and serve your household data back to you, run analyses against it, generate AI-assisted answers.
- To enable cross-device access in account mode — sync your latest plan state to your other devices.
- To respond to support requests — only if you contact us directly and provide enough context to help you.
- To comply with legal obligations — for example, responding to lawful requests we are required to honor.
Third-party services
Marrow uses a small number of third-party services to operate. Each handles a specific scope of data under its own terms.
- Anthropic (via OpenRouter) — receives per-request household context to power the assistant and strategy discovery. Does not train on API traffic. Does not retain data beyond the request.
- Vercel — hosts the application. Sees standard server logs (IP address, request paths). Does not see your planning data.
- Our database — stores household data encrypted at rest. Used only by Marrow to serve your data back to you.
Your rights
- Export. Settings → Data → Export gives you a complete JSON dump of every household, ready to import on another device or archive offline.
- Delete. You can delete any household, conversation, or your entire account at any time. Deletes are hard-deletes, not soft-deletes.
- Correct. You can edit any data you have entered through the standard UI. Account details (name, email) can be changed from Settings.
Data retention
Household data is retained for as long as your account exists. When you delete your account, household and conversation data are hard-deleted within 30 days.
Server logs (IP, request metadata) are retained for up to 90 days for security and debugging, then deleted.
Children
Marrow is not designed for children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it.
Changes
We may update this policy as the product evolves. Material changes will be communicated via email (account mode) or a banner on the site before they take effect. The "last updated" date below tracks the most recent revision.
Contact
Privacy questions: privacy@brief.app. Data access or deletion requests: same address. We respond within 30 days.