Privacy Policy

Crest Momentum LLC dba Gateway Capital Growth

Effective April 13, 2026

Your privacy is important to us. This Privacy Policy explains how Crest Momentum LLC, doing business as Gateway Capital Growth ("GCG," "we," "our," or "us"), collects, uses, discloses, and protects your personal information when you visit our website at https://gcgrowth.io (the "Site"), use our Client Portal, interact with our sales team, apply for our services, or otherwise engage with us.

By accessing our Site, submitting an application, or engaging with our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Site or services.

Information We Collect

We collect information that you voluntarily provide to us, information collected automatically through your use of our Site and services, and information from third party sources.

1.1 Information You Provide Directly

When you apply for our services, create an account, complete onboarding documentation, contact us, or interact with our sales team, we may collect:

Name, email address, phone number, and mailing address
Date of birth
Social Security Number (SSN) or Employer Identification Number (EIN)
Business entity information (LLC name, formation state, registered agent)
Bank account and financial institution information
Government issued identification
Credit and debit card information
Reseller certificates, sales tax permits, or tax exemption documentation
Any other information you voluntarily provide in connection with our services

1.2 Information Collected Automatically

When you visit our Site, we may automatically collect: IP address, browser type and version, operating system, referring URL, pages visited and time spent on each page, device identifiers, and cookies and similar tracking technologies (see Section 8 below).

1.3 Information from Third Parties

We may receive information about you from third party sources, including: e commerce marketplace platforms (Amazon, Walmart, eBay, TikTok Shop, Shopify); payment processors; identity verification services; credit reporting agencies; our sales representatives, referral partners, and authorized marketing channels; and analytics and advertising partners.

How We Use Your Information

We use the information we collect to: provide, operate, and improve our services, including the Multi Platform E Commerce Program; process your application and onboard your e commerce stores; form business entities, obtain EINs, and submit marketplace platform applications on your behalf; coordinate with third party fulfillment, warehousing, and logistics providers; calculate and distribute profit sharing payments; communicate with you about your account, stores, and operational matters; provide access to the Client Portal, training modules, and reporting dashboards; send marketing and promotional communications (with your consent, where required); comply with legal obligations, including tax reporting and regulatory requirements; detect, prevent, and address fraud, security incidents, and technical issues; enforce our agreements; and for internal analytics, research, and business improvement.

Sensitive Personal Information

We collect certain categories of sensitive personal information, including Social Security Numbers, EINs, government issued identification, and financial account information, solely for the purpose of providing our services (business entity formation, tax compliance, platform onboarding, and payment processing). We do not sell sensitive personal information. Sensitive personal information is stored in designated secure systems (currently TaxDome for PII) with access restricted to authorized personnel on a need to know basis.

How We Share Your Information

We may share your personal information with the following categories of third parties:

Service Providers: Third party providers who assist us in delivering our services, including fulfillment and warehousing providers, product sourcing partners, listing management services, payment processors, and technology platform providers.
Technology Platforms: GoHighLevel (CRM, client communications, and pipeline management); TaxDome (secure storage of PII, tax documents, and sensitive client information); BlinkMetrics (business intelligence and reporting); Zapier (workflow automation); Vbout (marketing automation); and such other platforms as we may adopt from time to time.
E Commerce Marketplaces: When we submit platform applications and create seller accounts on your behalf, we share your business entity information, EIN, bank account details, and other required information with Amazon, Walmart, eBay, TikTok Shop, and Shopify.
Sales Representatives and Referral Partners: Our authorized sales representatives and referral partners may have access to your name, contact information, and application status for the purpose of facilitating your enrollment. They are bound by confidentiality obligations and prohibited from storing your PII on personal devices or unapproved systems.
Professional Advisors: Attorneys, accountants, auditors, and consultants who provide professional services to us.
Legal and Regulatory: Government authorities, law enforcement, courts, and regulatory bodies when required by law, legal process, or to protect our rights, property, or safety.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of substantially all of our assets.

We do not sell your personal information to third parties for monetary consideration. We do not share your personal information with third parties for their own direct marketing purposes.

Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These safeguards include: encryption of sensitive data in transit and at rest; access controls restricting PII access to authorized personnel; secure storage of sensitive personal information in designated systems; prohibition on storage of client PII on personal devices, local hard drives, or unapproved cloud services; mandatory use of password protected and encrypted devices for remote access; and 24 hour breach notification protocols.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Specifically:

Active client account information is retained for the duration of your service agreement and for three (3) years following termination or expiration.
Tax related records (including SSN, EIN, and financial documentation) are retained for a minimum of seven (7) years as required by applicable tax law.
Marketing and communications data is retained until you unsubscribe or request deletion.
Automatically collected data (cookies, analytics) is retained in accordance with our cookie settings and third party provider policies.

When personal information is no longer required, we will delete it or anonymize it by removing all identifying details.

Your Rights and Choices

Depending on your state of residence, you may have certain rights regarding your personal information, including the right to: know what personal information we have collected about you; access your personal information; correct inaccurate personal information; delete your personal information (subject to legal retention requirements); opt out of the sale or sharing of your personal information; opt out of targeted advertising; limit the use of sensitive personal information; and not be discriminated against for exercising any of these rights.

To exercise any of these rights, please contact us at info@gcgrowth.io with the subject line "Privacy Rights Request." We will verify your identity and respond within the timeframe required by applicable law (typically 45 days).

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of our Site. We use the following types of cookies: essential cookies (required for Site functionality); performance cookies (anonymous, aggregated usage data); and targeting/advertising cookies (to deliver relevant promotional content). You may control cookies through your browser settings. Disabling cookies may affect certain features of our Site.

Do Not Track

Some browsers offer a "Do Not Track" feature. At this time, we do not respond to Do Not Track signals. We adhere to the standards outlined in this Privacy Policy regardless of Do Not Track settings.

. Children's Privacy

Our services are not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete such information.

. International Data Transfers

Your personal information is stored and processed in the United States. If you are accessing our Site or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

. State Specific Disclosures

12.1 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act. In the past 12 months, we have collected the following categories of personal information: identifiers; financial information; commercial information; internet/electronic activity; and professional/employment information. You have the right to know, access, correct, delete, and opt out as described in Section 7. To exercise your rights, contact info@gcgrowth.io with "Request for California Privacy Information" in the subject line.

12.2 Florida

If you are a Florida resident, you may have rights under the Florida Digital Bill of Rights, including the right to access, correct, delete, and opt out of the sale of personal information and targeted advertising.

12.3 Other States

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia may have similar privacy rights under their respective state laws. To exercise your rights, contact info@gcgrowth.io.

Third Party Links

Our Site may contain links to third party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third party sites you visit.

. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will post the updated policy on our Site with a revised "Last Updated" date. If we make material changes, we will notify you by email or prominent notice on our Site.