This Privacy Policy explains how Market Rithm, Inc. handles personal information. Use the navigation to jump to a section, or read it top to bottom. Questions? Reach us at requests@privacyreply.com.
Introduction
Market Rithm, Inc. ("Market Rithm," "MRI," "we," "our," or "us") is a marketing technology company headquartered at 1750 Tysons Blvd, 15th Floor, McLean, Virginia 22102. We operate the websites marketrithm.com, govrithm.com, rithmuniversity.com, and related domains, and provide enterprise email delivery, web publishing, data hygiene, AI-powered marketing tools, and related services (collectively, the "Services").
This Privacy Policy describes how we collect, use, disclose, and otherwise process personal information in connection with our websites, applications, platforms, and Services. It also explains the choices available to you regarding our use of your personal information and how you can access, update, or exercise your rights with respect to that information.
By using our websites or Services, you acknowledge that you have read and understand this Privacy Policy. We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. Your continued use of our websites or Services after such changes constitutes your acceptance of the revised Privacy Policy.
Our Role: Controller and Processor
Market Rithm operates in two capacities with respect to personal information:
When we collect and process personal information for our own purposes—such as operating our websites, marketing our products, managing customer accounts, and providing customer support—we determine the purposes and means of processing and are responsible for complying with applicable privacy laws as a controller.
When we process personal information on behalf of our clients through our platforms (such as Deployer® for email delivery, Structure CMS® for web publishing, or Validate Plus® for data hygiene), we act as a processor under the direction of our clients. In these cases, our clients are the controllers, and their privacy policies govern the processing of that data. We process such data solely in accordance with our clients' instructions and applicable data processing agreements.
This Privacy Policy applies to personal information we process as a controller. If you are a subscriber, website visitor, or end user of one of our clients' services and have questions about how your data is handled, please contact the relevant client directly.
Information We Collect
We collect personal information from various sources and through various means, including directly from you, automatically through technology, and from third parties.
3.1 Information You Provide
- Contact and Account Information: Name, email address, postal address, phone number, job title, company name, and account credentials when you register, request information, subscribe to communications, or engage with us.
- Commercial and Transaction Information: Purchase history, billing details, subscription plans, service usage, and payment information (processed by our payment processors; we do not store full payment card numbers).
- Communications: Content of emails, form submissions, support tickets, survey responses, and other correspondence you send to us.
- Professional and Employment Information: Resume, employment history, and qualifications if you apply for a position with us.
- User-Generated Content: Any content you post, upload, or submit through our platforms, including forum posts, course submissions, and feedback.
3.2 Information Collected Automatically
- Device and Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences, and referring URL.
- Usage Data: Pages visited, links clicked, time spent on pages, navigation paths, search queries, and interaction patterns across our websites and platforms.
- Email Engagement Data: Open events, click-through activity, bounce information, and delivery status for emails sent through our platforms or by us directly.
- Geolocation Data: Approximate geographic location derived from IP address, used for content personalization, analytics, and regulatory compliance (such as determining applicable privacy jurisdiction).
- Cookie and Tracking Data: Information collected through cookies, pixel tags, web beacons, and similar technologies, as described in Section 7 below.
3.3 Information from Third Parties
- Business Partners and Data Providers: We may receive personal information from business partners, data brokers, publicly available sources, social media platforms, advertising networks, and analytics providers to supplement the information we collect directly.
- Single Sign-On Providers: If you authenticate using a third-party service (such as Google or Microsoft via MrSign.in®), we receive profile information authorized by your identity provider.
- Client-Provided Data: Our clients may provide us with information about their customers, subscribers, or contacts for purposes of delivering our Services.
How We Use Your Information
We use the personal information we collect for the following purposes. Where we rely on a specific legal basis under the EU/UK General Data Protection Regulation (GDPR), it is noted in parentheses.
4.1 Service Delivery and Operations
- Providing, maintaining, and improving our websites, platforms, and Services (Performance of contract; Legitimate interest)
- Processing transactions and managing your account (Performance of contract)
- Delivering customer support and responding to inquiries (Performance of contract; Legitimate interest)
- Authenticating users and managing access credentials (Performance of contract)
4.2 Marketing and Advertising
- Sending promotional communications about our products, services, events, and offers (Legitimate interest; Consent where required)
- Personalizing content and advertisements based on your interests, preferences, and behavior (Legitimate interest; Consent where required)
- Conducting targeted and cross-context behavioral advertising through our own and third-party advertising networks (Legitimate interest; Consent where required)
- Measuring and analyzing the effectiveness of our marketing campaigns and those of our clients (Legitimate interest)
- Generating leads and conducting outreach to prospective customers (Legitimate interest)
4.3 Analytics, AI, and Product Improvement
- Analyzing usage patterns, trends, and preferences to improve our products and Services (Legitimate interest)
- Training, developing, and improving our AI and machine learning models, including Aight® and related technologies, using aggregated or de-identified data (Legitimate interest)
- Conducting A/B testing, research, and product development (Legitimate interest)
- Generating inferences about preferences, behavior, and interests to enhance user experience and service quality (Legitimate interest)
4.4 Security, Compliance, and Legal
- Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues (Legitimate interest; Legal obligation)
- Complying with applicable laws, regulations, legal processes, and governmental requests (Legal obligation)
- Enforcing our terms of service, acceptable use policies, and other agreements (Legitimate interest)
- Exercising or defending legal claims (Legitimate interest)
4.5 Business Operations
- Facilitating corporate transactions, including mergers, acquisitions, reorganizations, or asset sales (Legitimate interest)
- Conducting internal audits, financial reporting, and business planning (Legitimate interest)
- Managing vendor and partner relationships (Performance of contract; Legitimate interest)
- Any other purpose disclosed to you at the time of collection or with your consent (Consent)
How We Share Your Information
We may disclose your personal information to the following categories of recipients for the purposes described below. We require all recipients to protect personal information in accordance with applicable law and our contractual requirements.
5.1 Service Providers and Processors
We share personal information with third-party service providers who perform services on our behalf, including cloud hosting providers, payment processors, email delivery infrastructure, analytics services, customer support tools, and security providers. These providers are contractually obligated to use personal information only for the purposes of providing services to us and in accordance with our instructions.
5.2 Advertising and Marketing Partners
We may share personal information—including identifiers, internet activity, and inferences—with advertising networks, social media platforms, demand-side platforms, data management platforms, and marketing partners for purposes of targeted advertising, audience creation, campaign measurement, attribution, and analytics. This sharing may constitute a "sale" or "sharing" of personal information under certain state privacy laws (see Section 8 for your opt-out rights).
5.3 Analytics Providers
We share usage data and device information with analytics providers (such as Google Analytics) to understand how our websites and Services are used, identify trends, and improve performance.
5.4 Business Partners and Affiliates
We may share personal information with our business partners, affiliates, and related entities for joint marketing initiatives, co-branded services, referral programs, and internal business operations. We may also share aggregated, de-identified, or non-personally identifiable information with partners for any lawful purpose.
5.5 Clients
Where we provide services on behalf of clients, we may share information with those clients as necessary to deliver the contracted services, including campaign performance data, subscriber engagement metrics, and delivery analytics.
5.6 Professional Advisors
We may disclose personal information to our attorneys, accountants, auditors, insurers, and other professional advisors as necessary for the provision of professional services.
5.7 Legal and Regulatory Disclosures
We may disclose personal information when we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Market Rithm, our users, or the public; to enforce our terms and agreements; or to detect, prevent, or address fraud, security, or technical issues.
5.8 Corporate Transactions
In the event of a merger, acquisition, reorganization, bankruptcy, or other corporate transaction, personal information may be transferred to the acquiring or successor entity. We will provide notice if your personal information becomes subject to a materially different privacy policy as a result of such transaction.
5.9 With Your Consent or Direction
We may share your personal information with third parties when you direct us to do so or provide your consent, including when you use integrations, connect third-party accounts, or participate in promotions offered jointly with partners.
5.10 Summary of Sharing Practices
AI and Automated Processing
Market Rithm uses artificial intelligence and automated decision-making technologies in connection with its products and Services, including:
Powers content generation, analytics, and intelligent automation across our platform.
Generates audience segments, behavioral predictions, and engagement scoring to optimize campaign targeting.
Uses algorithmic analysis of delivery signals and reputation metrics to optimize email deliverability.
Provides AI-powered customer success insights and recommendations.
These technologies may process personal information to generate inferences, predictions, scores, and recommendations. We use automated processing to improve service quality, personalize experiences, and optimize performance—not to make decisions that produce legal or similarly significant effects on individuals without human oversight.
You may have the right to opt out of certain automated decision-making or profiling activities, as described in Section 8.
Cookies and Tracking Technologies
We use cookies, pixel tags, web beacons, local storage, and similar technologies to collect information about your interactions with our websites and Services. These technologies serve the following purposes:
7.1 Cookie Categories
7.2 Consent and Controls
When you visit our websites, you will be presented with a consent banner that allows you to accept all cookies, reject non-essential cookies, or manage your preferences by category. Your choices are stored in a signed, tamper-proof consent cookie and honored across your browsing session.
For visitors in jurisdictions that require opt-in consent (such as the EU and UK under GDPR), non-essential cookies and scripts are blocked until you affirmatively grant consent. For visitors in U.S. jurisdictions that follow an opt-out model, non-essential cookies are permitted by default, and you may opt out at any time through the preference center.
7.3 Global Privacy Control (GPC)
We recognize and honor the Global Privacy Control (GPC) signal. When your browser transmits a GPC signal (Sec-GPC: 1), we treat it as a valid opt-out of the sale and sharing of personal information and of targeted advertising, as required by applicable state privacy laws. Non-essential cookie categories are automatically denied for visitors sending a GPC signal, regardless of any previously stored consent preferences.
7.4 Google Consent Mode
Our websites implement Google Consent Mode v2, which communicates your consent state to Google services (including Google Analytics and Google Ads) via the ad_storage, analytics_storage, ad_user_data, and ad_personalization signals. When you decline analytics or advertising cookies, these signals are set to "denied," and Google's tags operate in a limited, cookieless mode.
7.5 Do Not Track
The Do Not Track (DNT) browser signal is not a legally mandated standard, and there is no industry consensus on how to respond to it. We do not alter our data collection or use practices in response to DNT signals. We do, however, honor the Global Privacy Control signal as described above.
Your Privacy Rights
Depending on your jurisdiction, you may have certain rights with respect to your personal information. We honor all rights required by applicable law. To exercise any of these rights, please submit a request through the Data Subject Access Request form available on our website or contact us using the information provided in Section 14.
8.1 Rights Under U.S. State Privacy Laws
If you are a resident of a state with a comprehensive privacy law—including but not limited to California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Kentucky, Rhode Island, and Arkansas—you may have the following rights:
- Right to Know / Access: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for processing, and the categories of third parties with whom we share your data.
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain legal exceptions (such as data necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Data Portability: Request a copy of your personal information in a portable, machine-readable format.
- Right to Opt Out of Sale: Direct us not to sell your personal information to third parties. Under California law, "sale" includes making personal information available to a third party for monetary or other valuable consideration.
- Right to Opt Out of Sharing for Cross-Context Behavioral Advertising: Direct us not to share your personal information with third parties for purposes of cross-context behavioral advertising (California).
- Right to Opt Out of Targeted Advertising: Opt out of processing of your personal information for targeted advertising purposes.
- Right to Opt Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (where applicable).
- Right to Limit Use of Sensitive Personal Information: If we process sensitive personal information (as defined by applicable law), you may request that we limit use to purposes necessary to provide the services you requested.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Appeal: If we deny your request, you may appeal our decision. We will respond to your appeal within the time period required by applicable law and provide written explanation of our reasoning.
To opt out of the sale or sharing of your personal information, you may: (1) click the "Do Not Sell or Share My Personal Information" link in the footer of our website; (2) submit a request through our preference center; (3) enable the Global Privacy Control signal in your browser; or (4) contact us using the information in Section 14.
8.2 California-Specific Disclosures
In the preceding 12 months, we have collected, disclosed for a business purpose, and sold or shared (as defined by the CCPA/CPRA) the categories of personal information described in Sections 3 and 5 of this Privacy Policy. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
California residents may also designate an authorized agent to make requests on their behalf. We may require verification of the agent's authority and the requestor's identity.
Financial Incentives: We may offer financial incentives, including discounts, coupons, or other benefits, to consumers who provide personal information or opt in to certain data practices. Participation is voluntary. You may opt in or withdraw at any time. The value of the incentive is reasonably related to the value of the personal information provided, based on a good-faith estimate of the revenue generated or expenses avoided through the collection and use of such information.
8.3 Rights Under GDPR (EU/EEA and UK)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:
- Legal Bases: We process your personal data on the legal bases identified in Section 4 (consent, performance of a contract, legitimate interest, or legal obligation). Where we rely on legitimate interest, we have conducted balancing tests to ensure your rights are not overridden.
- Right to Restrict Processing: Request that we restrict processing of your personal data in certain circumstances.
- Right to Object: Object to processing based on legitimate interest or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
Data Protection Officer: Market Rithm does not currently have operations in the EU/EEA that require the appointment of a Data Protection Officer under Article 37 of the GDPR. For privacy inquiries from EU/EEA or UK residents, please contact us at requests@privacyreply.com.
8.4 Verification and Response Timing
When you submit a request, we will verify your identity using information associated with your account or, where no account exists, through other reasonable means. We may request additional information to confirm your identity.
We will respond to verified requests within the time periods required by applicable law: generally 45 days for U.S. state privacy law requests (extendable by an additional 45 days with notice) and one month for GDPR requests (extendable by two additional months for complex requests with notice).
Email and Electronic Communications
9.1 Email Processing
Market Rithm operates Deployer®, an enterprise email delivery platform. When we send emails on our own behalf (marketing, transactional, or informational), we act as a controller and the following applies:
- We use tracking technologies (pixel tags, click-tracking links) to measure email engagement, including whether an email was opened, which links were clicked, and related metrics.
- This data is used to improve our communications, personalize content, and measure marketing effectiveness.
- You may opt out of marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us.
9.2 Deployer Platform Processing
When our clients use Deployer® to send emails to their subscribers, Market Rithm acts as a processor. Subscriber consent and email preferences are managed by the client through Deployer's preference center and suppression list features. We maintain suppression lists and honor unsubscribe requests in accordance with CAN-SPAM, CASL, and applicable law.
9.3 SMS/Text Messaging
If you opt in to receive text messages from us, we collect your phone number and message content. You may opt out at any time by replying STOP. Standard message and data rates may apply. We will not share your mobile opt-in data with third parties for their own marketing purposes.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with legal obligations, to resolve disputes, to enforce our agreements, and to protect our legitimate business interests. Specific retention periods include:
- Account and Customer Data: Retained for the duration of the business relationship plus three (3) years, or as required by applicable law.
- Marketing and CRM Data: Retained for up to five (5) years from the date of last interaction, unless you opt out or request deletion.
- Website Analytics Data: Retained for up to twenty-six (26) months.
- Consent Records: Retained for the duration specified in our consent management configuration (default: 730 days) to demonstrate compliance.
- Email Engagement Data: Retained for up to three (3) years for analytics and deliverability optimization.
- Job Applicant Data: Retained for up to two (2) years from the date of application.
- Legal and Compliance Records: Retained as required by applicable law, regulation, or legal process.
When personal information is no longer required, we will securely delete or de-identify it in accordance with our data retention and destruction policies.
International Data Transfers
Market Rithm is based in the United States. If you access our websites or Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States and potentially other jurisdictions where our service providers operate, including cloud infrastructure in the United States.
The data protection laws of these jurisdictions may differ from those in your country of residence. By using our websites or Services, you acknowledge and consent to the transfer of your personal information to the United States and other jurisdictions as described in this Privacy Policy.
For transfers of personal data from the EU/EEA or UK to the United States, we rely on the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as appropriate. You may request a copy of the applicable transfer mechanism by contacting us.
Children's Privacy
Our websites and Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child under 16 has provided personal information to us, please contact us using the information in Section 14.
With respect to the California Consumer Privacy Act, we do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. For purposes of compliance with COPPA, we do not knowingly collect personal information from children under 13 without verifiable parental consent.
Security
We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures include encryption in transit and at rest, access controls, multi-factor authentication, intrusion detection systems, security information and event management (SIEM), and regular security assessments.
No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:
1750 Tysons Blvd, 15th Floor
McLean, Virginia 22102
DSAR Portal: Available via the "Privacy Choices" link in our website footer.
California residents: You may also submit requests through the California Attorney General's website or via our online DSAR form.
EU/EEA and UK residents: If you are not satisfied with our response to your inquiry, you have the right to lodge a complaint with your local data protection supervisory authority.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" and "Last Updated" date at the top of this policy and, where required by law, provide additional notice (such as a banner on our website or an email notification). We encourage you to review this Privacy Policy periodically.
Your continued use of our websites or Services after the posting of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Privacy Policy, you should discontinue use of our websites and Services and contact us to request deletion of your personal information.
© 2026 Market Rithm, Inc. All rights reserved.
Deployer®, Structure CMS®, Validate Plus®, Aight®, Aigotchu™, MrSign.in®, and Ignite CDN® are trademarks of Market Rithm, Inc.