9% Club Privacy Policy

Effective Date: July 1, 2025 Last Updated: May 12, 2026

Introduction and Scope

1.1 This Privacy Policy explains how Peako Enterprises, LLC ("Company," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information obtained through websites, landing pages, funnels, hosted forms, and other online properties operated by Company under any brand or domain, including but not limited to Lexi AI, 9% Club, The Selling Shift, and related programs.

1.2 This Privacy Policy applies to personal information we collect as a business about website visitors, leads, prospective customers, and certain end users who interact directly with Company-operated pages or programs.

1.3 Where a business customer uses the Lexi AI platform to process personal information on its own behalf, that customer generally acts as the controller or business, and Company generally acts as a service provider or processor for the limited purpose of providing the platform and related services, subject to the applicable service agreement.

1.4 By using the Website or providing personal information through the Website, you acknowledge the practices described in this Privacy Policy.

Categories of Personal Information We Collect

2.1 Identifiers and contact information. We may collect identifiers and contact details such as name, email address, phone number, company name, job title, mailing address, username, account identifiers, and other similar information.

2.2 Commercial and account information. We may collect account registration details, subscription information, plan selections, payment-related details received through our payment providers, billing records, customer support records, and transaction history.

2.3 Internet and device activity. We may collect IP address, browser type, device identifiers, operating system, referral URLs, pages viewed, dates and times of access, clickstream data, cookie identifiers, and similar technical information.

2.4 Messaging and communications data. Depending on how you interact with our Website or services, we may collect message content, message metadata, recipient or sender contact information, consent records, timestamps, opt-in source, opt-out records, delivery status, call records, and other communications data.

2.5 Audio, electronic, and support records. We may collect communications with us, including emails, chat transcripts, support tickets, recorded calls where lawfully permitted, and similar records.

2.6 Inferences and preferences. We may derive information about preferences, interests, engagement, or likely service needs based on interactions with the Website or our communications.

2.7 Sensitive data. We ask that you do not submit sensitive personal information unless specifically requested and necessary. To the extent sensitive personal information is processed through our services, it is handled in accordance with the applicable service agreement and our operational needs, legal obligations, and security measures.

Sources of Personal Information

3.1 Directly from you. We collect information you provide when you complete forms, request a demo, contact us, subscribe to communications, create an account, submit support inquiries, opt in to messages, or otherwise interact with us.

3.2 Automatically. We collect certain information automatically through cookies, pixels, server logs, analytics tools, and similar technologies when you use the Website.

3.3 From customers or partners. We may receive information from business customers, referral partners, resellers, implementation partners, or other parties in connection with providing services or evaluating opportunities.

3.4 From public or third-party sources. We may receive information from publicly available sources, data enrichment providers, advertising partners, fraud prevention providers, and social media or business networking platforms where permitted by law.

Purposes for Collection and Use

4.1 We use personal information to operate, maintain, secure, and improve the Website and our services.

4.2 We use personal information to respond to inquiries, schedule demos, provide support, create and manage accounts, send transactional communications, process payments, and administer customer relationships.

4.3 We use personal information to personalize Website content, evaluate engagement, conduct analytics, develop new features, troubleshoot issues, prevent abuse, protect against fraud or unauthorized activity, and enforce our terms and agreements.

4.4 We use personal information to comply with legal obligations, respond to lawful requests, preserve evidence, protect rights and safety, and cooperate with regulators, carriers, law enforcement, or courts.

4.5 Where permitted by law, we use personal information to send marketing or promotional communications and to measure campaign effectiveness. You may opt out of marketing communications as described below or at the point of collection.

4.6 Where you begin a multi-step form on the Website, we may use the information you provide in the first step to send follow-up communications encouraging you to complete the request, including a limited series of reminder emails. These follow-up communications are described in further detail in Section 6.

SMS, Messaging, and Communications Privacy

5.1 If you provide your mobile number through a Company-operated form or otherwise opt in to receive SMS messages from Company, we may collect and use your mobile number, consent records, and messaging activity for the purposes disclosed at the point of collection.

5.2 SMS-related data may include your mobile number, opt-in source, timestamp, consent language, message content, delivery status, STOP/HELP requests, and related metadata. We retain SMS consent records for at least four (4) years to support compliance, dispute resolution, and legal defense.

5.3 Message frequency may vary. Message and data rates may apply. You may opt out of Company SMS messages by replying STOP to any message. After opting out, you will receive a final confirmation message and no further messages will be sent. For assistance, reply HELP or contact us at [email protected].

5.4 We do not disclose mobile phone numbers collected for Company-operated message programs to third parties for their own marketing purposes. We may disclose such numbers to service providers, carriers, messaging vendors, and infrastructure providers solely as needed to deliver and support the program.

5.5 If a business customer uses the Lexi AI platform to send messages to its own end users, that customer is responsible for the legality of its messaging practices, including consent, content, disclosures, and honoring opt-out requests, as described in the applicable service agreement.

Email Communications and Multi-Step Form Submissions

6.1 If you provide your email address through a Company-operated form or otherwise opt in to receive emails from Company, we may collect and use your email address, consent records, and email engagement activity for the purposes disclosed at the point of collection and in this Privacy Policy.

6.2 Multi-Step Form Submissions. The Website includes forms that are completed in two or more sequential steps. When you proceed past the first step of such a form by clicking "Continue," "Next," or a similar progression control, we may capture and store the information you have provided up to that point — including your name and email address — even if you do not complete the remaining steps. By clicking such a control, you acknowledge and consent to (a) the collection and storage of that information and (b) the receipt of emails from Company related to the request you have initiated.

6.3 Follow-Up Communications for Incomplete Submissions. If you begin but do not complete a form, demo request, or other multi-step submission, we may send you a limited series of follow-up emails to help you complete the request, address questions you may have about the request, or notify you that we are closing out the request. Our standard follow-up sequence consists of no more than five (5) emails sent over a period of approximately ten (10) days, after which we will not send further emails relating to that specific incomplete submission unless you initiate a new request.

6.4 Email-related data. Email-related data we may collect and process includes your email address, consent records, opt-in source, timestamps, the specific consent language presented at the time of submission, message content, delivery status, open and click activity, opt-out records, and related metadata. We retain email consent records for at least four (4) years to support compliance, dispute resolution, and legal defense.

6.5 Opting Out. You may opt out of Company emails at any time by clicking the "Unsubscribe" link included in every email we send, by replying to any email and requesting removal, or by contacting us at [email protected]. After opting out, you will not receive further follow-up or marketing emails, though you may continue to receive transactional emails directly related to your account, request, or services.

6.6 Marketing Emails. Separately from follow-up emails described in Section 6.3, we may send marketing or promotional emails only to recipients who have explicitly opted in to receive them through a clearly designated mechanism, such as an affirmative checkbox or other affirmative action at the point of collection.

6.7 No Sale of Email Addresses. We do not sell or share email addresses collected through Company-operated forms with third parties for their own marketing purposes. We may disclose email addresses to service providers, email infrastructure providers, customer relationship management platforms, workflow automation platforms, and similar vendors solely as needed to deliver and support our communications and services.

6.8 Business Customer Responsibilities. If a business customer uses the Lexi AI platform to send emails to its own end users, that customer is responsible for the legality of its email practices, including consent, content, disclosures, and honoring opt-out requests, as described in the applicable service agreement.

AI and Automated Processing

7.1 The Website and related services use artificial intelligence and automated systems to support communications, content generation, summarization, routing, support, analytics, product improvement, and related operational functions.

7.2 AI-related processing may involve prompts, instructions, knowledge-base content, chat content, support records, and other data submitted through or to our services.

7.3 The Lexi AI platform delivers AI-generated content through third-party AI providers, including OpenAI. These providers operate under contractual terms that restrict use of API inputs for model training by default. We do not sell or share personal information with AI providers for their own training or marketing purposes. We may use aggregated, de-identified, or non-personal operational data to evaluate and improve our own service features and workflows, subject to applicable law and contractual restrictions.

7.4 You should not submit sensitive information to AI-enabled features unless necessary and authorized. Automated outputs may be inaccurate, incomplete, or misleading and should not be treated as legal, medical, financial, or other professional advice. Users are responsible for reviewing AI-generated content before relying on or distributing it.

Cookies, Pixels, Analytics, and Similar Technologies

8.1 We use cookies, pixels, tags, local storage, and similar technologies to operate the Website, remember preferences, analyze traffic, maintain security, personalize content, and measure campaign effectiveness.

8.2 These technologies may be categorized as: (a) strictly necessary technologies required for core Website functionality and security; (b) functional technologies that remember settings or preferences; (c) analytics technologies that help us understand Website performance and user behavior; and (d) advertising or attribution technologies, where used, that help us understand the effectiveness of marketing activities.

8.3 You may be able to manage cookies through your browser settings or other tools. Blocking certain technologies may affect Website functionality.

8.4 At this time, the Website may not respond to all browser-based Do Not Track signals due to a lack of consistent industry standards. Where required by applicable law, we will honor browser signals or consent choices to the extent legally mandated.

Disclosure of Personal Information

9.1 We may disclose personal information to service providers, processors, contractors, and vendors that perform services on our behalf, including hosting, security, communications delivery, telecommunications connectivity, analytics, payment processing, support, AI enablement, fraud prevention, and business operations.

9.2 We may disclose personal information to professional advisors, auditors, insurers, financing sources, potential acquirers, merger counterparties, and similar parties in connection with corporate transactions, due diligence, financing, reorganization, merger, sale, or transfer of assets.

9.3 We may disclose personal information where we believe doing so is necessary or appropriate to comply with law, respond to lawful requests, protect rights or safety, investigate suspected misconduct, enforce agreements, or address security incidents.

9.4 We may disclose de-identified or aggregated information that cannot reasonably be used to identify you, subject to applicable law.

9.5 Except as described in this Privacy Policy or at the point of collection, we do not disclose personal information to third parties for their own direct marketing purposes.

Notice Regarding Sales, Sharing, and Targeted Advertising

10.1 Depending on the technologies used on the Website and the laws that apply, certain analytics or advertising-related disclosures could be treated as a "sale," "sharing," or targeted advertising activity under some state privacy laws. We may provide opt-out mechanisms where required by applicable law.

10.2 We do not knowingly disclose mobile phone numbers or email addresses collected for Company-operated communications programs to third parties for their own marketing purposes.

10.3 If applicable law gives you the right to opt out of sale, sharing, or targeted advertising, you may submit a request using the contact information in Section 18 or through any privacy controls we make available on the Website.

Data Retention

11.1 We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, and protect our rights.

11.2 Retention periods depend on the nature of the information, the context in which it was collected, operational needs, legal requirements, contractual commitments, and whether the information is needed for fraud prevention, security, or litigation hold purposes.

11.3 SMS consent records and messaging-related compliance documentation are retained for at least four (4) years from the date of collection to support regulatory compliance, dispute resolution, and legal defense.

11.4 Information collected through incomplete form submissions — including data captured at the first step of a multi-step form when subsequent steps are not completed — is retained for up to ninety (90) days from the date of collection, after which it may be deleted, anonymized, or archived, subject to legal requirements and operational needs. Consent records and related compliance documentation associated with such submissions are retained for at least four (4) years, consistent with our retention practices for other communications consent records.

11.5 When retention is no longer reasonably necessary, we may delete, anonymize, aggregate, or otherwise de-identify information, subject to technical feasibility and legal requirements.

Security

12.1 We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

12.2 Despite these efforts, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12.3 You are responsible for protecting your credentials, devices, and access methods. If you believe your information has been compromised, please contact us promptly at [email protected].

Your Privacy Rights

13.1 Depending on where you live and the laws that apply, you may have rights to request access to, correction of, deletion of, or portability of your personal information, or to request information about how it has been collected, used, disclosed, sold, or shared.

13.2 You may also have the right to opt out of certain processing activities, including sale, sharing, targeted advertising, profiling, or certain uses of sensitive personal information, where applicable.

13.3 To submit a privacy request, you may contact us at [email protected] or through any privacy-request mechanism we make available. We may take reasonable steps to verify your identity and authority before responding.

13.4 If permitted by applicable law, you may designate an authorized agent to make a request on your behalf, subject to verification requirements.

13.5 If applicable state law provides an appeal right and we deny your request in whole or in part, you may follow the appeal instructions, if any, included in our response.

California and Other U.S. State Privacy Disclosures

14.1 If you are a resident of California or another state with an applicable privacy law, this Privacy Policy is intended to operate as our notice at collection and general privacy notice to the extent required by law.

14.2 We collect the categories of personal information described in Section 2, from the sources described in Section 3, for the purposes described in Section 4, and may disclose them to the categories of recipients described in Section 9.

14.3 We retain personal information as described in Section 11. Some information may be retained for longer where reasonably necessary for legal compliance, fraud prevention, dispute resolution, or security.

14.4 California residents may have rights under the California Consumer Privacy Act and related regulations, including the right to know, delete, correct, and receive information about our data practices, and the right to opt out of sale or sharing if applicable. We will not discriminate against you for exercising applicable privacy rights, except as permitted by law.

14.5 Where required, we will provide additional disclosures or mechanisms, including links, preference centers, or notices at collection, tailored to specific jurisdictions or data uses.

International Data Transfers

15.1 The Website and our services are operated in the United States and may be accessed from other countries. Personal information may be transferred to, stored in, or processed in the United States or other jurisdictions where privacy laws may differ from those in your jurisdiction.

15.2 By using the Website or providing information to us, you acknowledge such transfers, subject to applicable legal requirements.

15.3 Where legally required, we will implement appropriate safeguards for cross-border transfers.

Children's Privacy

16.1 The Website and services are not directed to children under eighteen (18), and we do not knowingly collect personal information directly from children under eighteen through the Website.

16.2 If you believe a child has provided personal information through the Website, please contact us at [email protected] so that we can take appropriate steps.

Changes to this Privacy Policy

17.1 We may update this Privacy Policy from time to time. If we make changes, we will revise the effective date and post the updated Privacy Policy on the Website.

17.2 Your continued use of the Website after the updated Privacy Policy becomes effective constitutes acknowledgment of the revised Privacy Policy to the extent permitted by law.

Contact Information

18.1 If you have questions about this Privacy Policy, wish to submit a privacy request, or need to report a data concern, please contact us at:

Peako Enterprises, LLC

Email: [email protected] Privacy Requests: [email protected]

Mailing Address:

10 Vreeland Dr, Suite 106 Skillman, NJ 08558

18.2 If you are a business customer and your inquiry relates to personal information processed through the Lexi AI platform on behalf of your organization, please also contact your organization directly where appropriate, because it may act as the business or controller for that data.

Lexi Meter Marketplace Application

19.1 Scope of this Section. This Section 19 supplements the foregoing provisions of this Privacy Policy and specifically addresses personal information and operational data processed in connection with the Lexi Meter application ("Lexi Meter" or the "Meter App"), a usage-metering and billing application developed and operated by Company and distributed through the HighLevel marketplace ("HighLevel" or the "Marketplace Platform"). In the event of a conflict between the general provisions of this Privacy Policy and this Section 19 with respect to Lexi Meter, this Section 19 controls.

19.2 Description of the Meter App. Lexi Meter is a software application that, when installed by an agency or sub-account within HighLevel, tracks usage of the Lexi AI platform — including call durations, message counts, and related conversational events — and posts corresponding billing charges to the HighLevel wallet system at rates configured by the installing agency. The Meter App is offered through the HighLevel marketplace and operates pursuant to HighLevel's developer and marketplace terms.

19.3 Information Collected by the Meter App. When the Meter App is installed in a HighLevel agency or sub-account, Company collects and processes:

(a) HighLevel installation identifiers, including but not limited to the HighLevel locationId (sub-account identifier), companyId (agency identifier), and userId of the installing user;

(b) OAuth 2.0 credentials issued by HighLevel, including access tokens, refresh tokens, scope grants, and token expiration metadata, used solely to authenticate API requests to the Marketplace Platform on behalf of the installation;

(c) Usage metadata generated by the Lexi AI platform within the installed HighLevel account, including call start times, call end times, call duration in seconds, inbound and outbound message counts, AI-generated response counts, and aggregate daily, weekly, and monthly usage totals tied to the installation;

(d) Billing configuration data set by the installing agency, including per-unit rates, agency markup percentages, daily and monthly usage caps, alert thresholds, and reseller pricing assignments; and

(e) Wallet charge records, including charge amounts, charge timestamps, settlement status, and corresponding usage event identifiers.

19.4 Information Not Collected by the Meter App. The Meter App does not collect, store, or process: (a) the content of any conversation, call recording, transcript, or message handled by the Lexi AI platform; (b) the names, telephone numbers, email addresses, or other personally identifiable information of contacts, callers, or message recipients within the installed HighLevel account; (c) sub-account customer relationship data, contact records, opportunity data, or pipeline information; or (d) any content of marketing campaigns, automations, or workflows operated within the installed HighLevel account. Lexi Meter processes only aggregate usage metadata sufficient to perform metering and billing functions.

19.5 Purposes of Processing. Company processes the information described in Section 19.3 to: (a) calculate and post usage-based billing charges to the HighLevel wallet on behalf of the installing agency; (b) display real-time and historical usage dashboards to authorized agency administrators and sub-account administrators; (c) enforce daily and monthly usage caps configured by the installing agency; (d) generate aggregate usage and revenue reports; (e) troubleshoot technical issues affecting the Meter App; (f) maintain and improve the Meter App and its underlying infrastructure; and (g) comply with HighLevel developer obligations and applicable law.

19.6 Disclosure to HighLevel. Because Lexi Meter operates through the Marketplace Platform, certain data is necessarily transmitted to and processed by HighLevel, including (a) wallet charge events posted via HighLevel's billing APIs, (b) authentication events posted via HighLevel's OAuth endpoints, and (c) installation lifecycle events such as install, uninstall, and update notifications. HighLevel's own privacy practices govern HighLevel's processing of this information. Company encourages installing agencies and sub-accounts to review HighLevel's then-current privacy policy at https://www.gohighlevel.com/privacy-policy.

19.7 Service Providers Specific to the Meter App. In addition to the categories of service providers described in Section 9, Company engages the following categories of providers in connection with the Meter App: (a) cloud infrastructure providers used to host the Meter App's backend services; (b) error monitoring and observability providers used to identify and resolve technical issues; (c) database providers used to persist installation, usage, and billing records; and (d) developer tooling providers used to manage OAuth credentials, webhook deliveries, and API rate limiting. Each such provider is bound by contractual confidentiality and security obligations and processes information only as needed to support the Meter App.

19.8 Retention Specific to the Meter App.

(a) Usage event records are retained for twenty-four (24) months from the date of the underlying usage event to support billing reconciliation, dispute resolution, and reporting.

(b) Wallet charge records and corresponding billing data are retained for seven (7) years to comply with tax, accounting, and audit obligations.

(c) OAuth access and refresh tokens are retained only for the duration of an active installation. Upon uninstallation of the Meter App, associated tokens are revoked and deleted from active systems within thirty (30) days, subject to backup retention cycles.

(d) Installation metadata (including locationId, companyId, and installation timestamps) is retained for ninety (90) days following uninstallation, after which it is deleted, anonymized, or aggregated, except where retention is required for legal, fraud-prevention, or dispute-resolution purposes.

19.9 Role of the Installing Agency. When an agency installs the Meter App and configures pricing, markup, or usage caps applicable to its own sub-accounts, the installing agency acts as the business or controller with respect to the sub-account-facing pricing decisions and customer relationships, and Company acts as a service provider or processor for the limited purpose of operating the Meter App and posting wallet charges in accordance with the agency's configuration. Installing agencies are responsible for ensuring that their own customer agreements, terms of service, and privacy disclosures adequately describe the use of usage-based metering and reselling.

19.10 Uninstallation and Data Deletion Requests. An agency or sub-account may uninstall the Meter App at any time through the HighLevel marketplace. Uninstallation triggers the token revocation and retention practices described in Section 19.8. To request deletion of installation or billing records beyond the standard retention periods, contact Company at the addresses provided in Section 18, subject to Company's legal, accounting, and dispute-resolution retention obligations.

19.11 Security Specific to the Meter App. In addition to the security measures described in Section 12, Company implements the following measures specific to the Meter App: (a) OAuth tokens are stored encrypted at rest using industry-standard encryption; (b) all API communications with HighLevel are conducted over TLS 1.2 or higher; (c) access to production Meter App systems is restricted to authorized engineering personnel, logged, and reviewed; and (d) Company conducts security reviews of Meter App dependencies, infrastructure, and access controls on a recurring basis.

19.12 Contact for Meter App Privacy Matters. Questions or requests specifically relating to the Meter App, including data subject requests, security inquiries, or uninstallation matters, may be directed to the contact addresses provided in Section 18, with the subject line referencing "Lexi Meter."