Privacy Policy

Crest Momentum LLC dba Gateway Capital Growth

Effective April 13, 2026 (Version 2.0)

Your privacy is important to us. This Privacy Policy explains how Crest Momentum LLC, doing business as Gateway Capital Growth ("GCG," "we," "our," or "us"), collects, uses, discloses, and protects your personal information when you visit our website at https://gcgrowth.io (the "Site"), use our Client Portal, interact with our sales team and authorized sales representatives, apply for our services, or otherwise engage with us.

By accessing our Site, submitting an application, or engaging with our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Site or services.

Information We Collect

We collect information that you voluntarily provide to us, information collected automatically through your use of our Site and services, and information from third-party sources.

1.1 Information You Provide Directly

When you apply for our services, create an account, complete onboarding documentation, contact us, or interact with our sales team or authorized sales representatives, we may collect:

Name, email address, phone number, and mailing address
Date of birth
Social Security Number (SSN) or Employer Identification Number (EIN)
Business entity information (LLC name, formation state, registered agent)
Bank account and financial institution information
Government-issued identification
Credit and debit card information
Reseller certificates, sales tax permits, or tax exemption documentation
Signed Receipt Acknowledgments confirming delivery of FTC and Florida disclosure documents
Any other information you voluntarily provide in connection with our services

1.2 Information Collected Automatically

When you visit our Site, we may automatically collect: IP address, browser type and version, operating system, referring URL, pages visited and time spent on each page, device identifiers, and cookies and similar tracking technologies (see Section 8 below).

1.3 Information from Third Parties

We may receive information about you from third-party sources, including: e-commerce marketplace platforms (Amazon, Walmart, eBay, TikTok Shop, Shopify); payment processors; identity verification services; credit reporting agencies; our sales representatives, affiliates, and referral partners; fulfillment and warehousing providers; and analytics and advertising partners.

How We Use Your Information

We use the information we collect to: provide, operate, and improve our services, including the Multi-Platform E-Commerce Program; process your application and onboard your e-commerce stores; deliver the FTC § 437.3 Disclosure Document, the Florida § 559.803 Disclosure Document, the Refund Policy Statement, and the Receipt Acknowledgment, and timestamp delivery in our Disclosure Enforcement System for compliance recordkeeping; form business entities, obtain EINs, and submit marketplace platform applications on your behalf; coordinate with third-party fulfillment, warehousing, and logistics providers; calculate and distribute compensation, including payments to affiliates and sales representatives; communicate with you about your account, stores, and operational matters; provide access to the Client Portal, training modules, and reporting dashboards; send marketing and promotional communications (with your consent, where required); comply with legal obligations, including tax reporting, FTC Business Opportunity Rule recordkeeping, Florida § 559 recordkeeping, and other regulatory requirements; detect, prevent, and address fraud, security incidents, and technical issues; enforce our agreements; and for internal analytics, research, and business improvement.

Sensitive Personal Information

We collect certain categories of sensitive personal information, including Social Security Numbers, EINs, government-issued identification, and financial account information, solely for the purpose of providing our services (business entity formation, tax compliance, platform onboarding, and payment processing). We do not sell sensitive personal information. Sensitive personal information is stored in designated secure systems (currently TaxDome for PII) with access restricted to authorized personnel on a need-to-know basis.

How We Share Your Information

We may share your personal information with the following categories of third parties:

Service Providers. Third-party providers who assist us in delivering our services, including fulfillment and warehousing providers, product sourcing partners, listing management services, payment processors, and technology platform providers.

Technology Platforms. GoHighLevel (CRM, client communications, and pipeline management); TaxDome (secure storage of PII, tax documents, and sensitive client information); BlinkMetrics (business intelligence and reporting); Zapier (workflow automation); Vbout (marketing automation); the Disclosure Enforcement System (DES) and its Affiliate Compliance Register (ACR) partition (compliance event recordkeeping); and such other platforms as we may adopt from time to time.

E-Commerce Marketplaces. When we submit platform applications and create seller accounts on your behalf, we share your business entity information, EIN, bank account details, and other required information with Amazon, Walmart, eBay, TikTok Shop, and Shopify.

Affiliates, Sales Representatives, and Referral Partners. Our authorized sales representatives, affiliates, and referral partners may have access to your name, contact information, and application status for the purpose of facilitating your enrollment. These individuals operate under signed agreements that include confidentiality, data security, and FTC Endorsement Guides compliance obligations, and they are prohibited from storing your sensitive personal information on personal devices or unapproved systems.

FTC § 437.3(a)(5) References List. Under the FTC Business Opportunity Rule, we are required to provide prospective purchasers with a list of certain prior purchasers (the "References List"). If you have purchased the Program and are included on the References List, your name, city, state, and telephone number may be disclosed to prospective purchasers as part of the FTC Disclosure Document. You may opt out of being included on the References List by contacting us in writing. Persons on the References List who receive compensation from GCG are flagged in accordance with 16 C.F.R. § 437.6(r).

Professional Advisors. Attorneys, accountants, auditors, and consultants who provide professional services to us.

Legal and Regulatory. Government authorities, law enforcement, courts, and regulatory bodies (including the Federal Trade Commission, state attorneys general, and the Florida Department of Agriculture and Consumer Services) when required by law, legal process, or to protect our rights, property, or safety.

Business Transfers. In connection with a merger, acquisition, reorganization, or sale of substantially all of our assets.

We do not sell your personal information for monetary consideration. We do not share your personal information with third parties for cross-context behavioral advertising purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These safeguards include: encryption of sensitive data in transit and at rest; access controls restricting PII access to authorized personnel; secure storage of sensitive personal information in designated systems; prohibition on storage of client PII on personal devices, local hard drives, or unapproved cloud services; mandatory use of password-protected and encrypted devices for remote access; and 24-hour breach notification protocols for affiliates, sales representatives, and service providers.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Specifically:

Active client account information is retained for the duration of your service agreement and for five (5) years following termination or expiration, consistent with the recordkeeping requirements of the FTC Business Opportunity Rule (16 C.F.R. § 437.7) and the Service Agreement.
Tax-related records (including SSN, EIN, and financial documentation) are retained for a minimum of seven (7) years as required by applicable tax law.
Disclosure Enforcement System records, including disclosure delivery timestamps, signed Receipt Acknowledgments, and compliance event logs, are retained on an append-only basis for twenty (20) years.
Marketing and communications data is retained until you unsubscribe or request deletion.
Automatically collected data (cookies, analytics) is retained in accordance with our cookie settings and third-party provider policies.

When personal information is no longer required, we will delete it or anonymize it by removing all identifying details, subject to applicable regulatory recordkeeping requirements.

Your Rights and Choices

Depending on your state of residence, you may have certain rights regarding your personal information, including the right to: know what personal information we have collected about you; access your personal information; correct inaccurate personal information; delete your personal information (subject to legal retention requirements, including FTC and tax retention obligations); opt out of the sale or sharing of your personal information; opt out of targeted advertising; limit the use of sensitive personal information; and not be discriminated against for exercising any of these rights.

To exercise any of these rights, please contact us at info@gcgrowth.io with the subject line "Privacy Rights Request." We will verify your identity and respond within the timeframe required by applicable law (typically 45 days).

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of our Site. We use the following types of cookies: essential cookies (required for Site functionality); performance cookies (anonymous, aggregated usage data); and targeting and advertising cookies (to deliver relevant promotional content). You may control cookies through your browser settings. Disabling cookies may affect certain features of our Site.

Do Not Track

Some browsers offer a "Do Not Track" feature. At this time, we do not respond to Do Not Track signals. We adhere to the standards outlined in this Privacy Policy regardless of Do Not Track settings.

Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under the age of 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete such information.

. International Data Transfers

Your personal information is stored and processed in the United States. If you are accessing our Site or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Our services are intended only for residents of the United States who meet the eligibility requirements in our Terms of Service.

. State-Specific Disclosures

12.1 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act. In the past 12 months, we have collected the following categories of personal information: identifiers; financial information; commercial information; internet and electronic activity; professional and employment information; and sensitive personal information (SSN, EIN, financial account information, government-issued ID). You have the right to know, access, correct, delete, opt out of sale or sharing, opt out of targeted advertising, and limit the use of sensitive personal information. To exercise your rights, contact info@gcgrowth.io with "Request for California Privacy Information" in the subject line.

12.2 Florida

If you are a Florida resident, you may have rights under the Florida Digital Bill of Rights (Fla. Stat. §§ 501.701–501.722), including the right to access, correct, delete, and opt out of the sale of personal information and targeted advertising. To exercise your rights, contact info@gcgrowth.io with "Florida Privacy Rights Request" in the subject line.

12.3 Other States

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have similar privacy rights under their respective state laws, including the right to access, correct, delete, opt out of the sale or sharing of personal information, and opt out of targeted advertising. To exercise your rights, contact info@gcgrowth.io with your state's name in the subject line.

. Third-Party Links

Our Site may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will post the updated policy on our Site with a revised "Effective" date. If we make material changes, we will notify you by email or prominent notice on our Site.