Scope of This Privacy Policy

This Privacy Policy applies to:

• Visitors to our Site;

• Individuals who create or use accounts on the Services;

• Representatives and employees of our customers and business partners;

• Individuals who interact with our sales, marketing, or support teams (e.g., via email, phone, SMS, or in-person); and

• Individuals whose personal data we process in connection with our Services in our capacity as a controller (as described below).

This Privacy Policy does not apply to personal data that our customers upload into the Services or otherwise provide to us for processing on their behalf ("Customer Data") where we act as a processor or service provider. In those cases, our customers (or their own clients) are responsible for their own privacy notices, and our processing of Customer Data is governed by our agreements and any applicable Data Processing Addendum ("DPA") between LeadForce Solutions and the customer, not this Privacy Policy.

Who We Are and How to Contact Us

Controller

For purposes of most data protection laws, LeadForce Solutions is the controller of personal data that we collect and process about you in connection with:

• Your use of our Site;

• Your interactions with our sales, marketing, and support functions; and

• Your LeadForce Solutions account as a user of the Services (to the extent we determine the purposes and means of processing).

Contact Details

If you have questions or concerns about this Privacy Policy or our privacy practices, you can contact us at:

Email: contact@leadforce.solutions

Mail: LeadForce Solutions LLC, 8 The Green, Suite B, Dover, DE 19901, USA

Phone: 781-475-4380

If required by law, LeadForce Solutions may designate a data protection officer or representative; contact details can be provided upon request.

Roles: LeadForce Solutions as Controller and Processor

LeadForce Solutions as a Data Controller

We act as a data controller when we determine the purposes and means of processing personal data, including when we:

• Operate and secure the Site and Services;

• Manage LeadForce Solutions accounts and billing;

• Conduct sales and marketing activities;

• Provide customer support; and

• Analyze usage of the Services for product improvement, security, and compliance.

LeadForce Solutions as a Data Processor/Service Provider

We act as a processor or service provider when our customers use the Services to upload, store, or process personal data about their own leads, contacts, or customers (for example, names, email addresses, phone numbers, notes, call recordings, campaign performance data, etc.) ("Customer Data"). In those cases:

• The customer is the controller (or business) for Customer Data.

• We process Customer Data only on the customer's instructions as set out in our agreement and any applicable DPA.

• Requests from individuals about Customer Data (e.g., access, deletion) should generally be directed to the relevant LeadForce Solutions customer.

Personal Data We Collect

The categories of personal data we collect depend on how you interact with us and the Services.

Information You Provide Directly

We may collect personal data that you provide directly to us, including:

Account and Profile Data

• Name, job title, company name, industry

• Business email address, phone number, address

• Login credentials (username, hashed password)

Billing and Payment Data

• Billing contact information (name, email, address)

• Limited payment card details (e.g., last four digits, expiration date) as relayed by our payment processor; we do not store full card numbers

Communications and Support

• Messages, emails, tickets, call recordings, and other communications with our sales, support, or customer success teams

• Feedback, surveys, and responses to forms

Contractual and Business Relationship Data

• Copies of contracts or order forms signed with LeadForce Solutions

• Information relating to renewals, upgrades, or service changes

SMS and Phone Communications

• Phone numbers you provide or verify for use with the Services

• Opt-in and opt-out records for SMS or call-based notifications

• Content of text or voice messages where applicable

Information Collected Automatically

When you access or use the Site or Services, we automatically collect certain information, including:

Device and Usage Data

• IP address, browser type and version, device identifiers, operating system

• Dates and times of access, pages viewed, referring/exit pages

• Feature usage, clicks, and other interaction data within the Services

Log and Security Data

• System logs, authentication logs, error logs

• Information related to suspected security incidents or abnormal behavior

We use this information to operate, secure, and improve the Services and to generate aggregate analytics.

Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar technologies to:

• Remember your preferences and settings;

• Authenticate users and maintain sessions;

• Understand how the Site and Services are used; and

• Provide certain features (e.g., time zone handling, language preferences, or A/B testing).

Visitor Identification and Email Marketing

When you visit our website, cookies and similar technologies may be used by our online data partners or vendors to associate your browsing activities with other personal information they or others have about you, including by association with your email address. We (or service providers on our behalf) may then send communications and marketing to that email address.

You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

You can control cookies through your browser settings and, where required by law, through cookie consent tools. Some features of the Services may not function properly if you disable certain cookies.

Information from Third Parties

We may receive personal data about you from third parties, such as:

• Our customers, partners, resellers, or contractors;

• Publicly available sources (e.g., professional networking or business contact data);

• Identity verification or anti-fraud providers; and

• Marketing and lead-generation partners, where permitted by law.

We treat this information in accordance with this Privacy Policy and any additional restrictions imposed by the source.

How We Use Personal Data

We use personal data for the following purposes (and, where required by law, on the legal bases indicated):

To provide and operate the Services

Creating and managing accounts, providing access to features, enabling integrations, and providing customer support.

Legal bases (where applicable): performance of a contract, legitimate interests, or your consent.

To process transactions and manage billing

Handling payments, renewals, subscriptions, refunds, and accounting.

Legal bases: performance of a contract, legal obligations (e.g., tax), legitimate interests.

To communicate with you

Sending service-related notices, security alerts, support messages, and administrative communications. Providing updates about new features, products, or offers (where permitted).

Legal bases: performance of a contract, legitimate interests, your consent where required.

To support sales and marketing

Contacting prospects and customers about LeadForce Solutions products and related content; managing demos, webinars, events, and communications.

Legal bases: legitimate interests, consent (e.g., email/SMS marketing where required).

To personalize the Services and improve user experience

Tailoring content and experiences, including recommendations and interface adjustments.

Legal bases: legitimate interests, consent (for certain cookies/trackers).

To maintain security and prevent misuse

Detecting, investigating, and preventing fraud, abuse, security incidents, and other harmful activity; enforcing our Legal Terms.

Legal bases: legitimate interests, legal obligations.

To analyze and improve the Services

Conducting analytics, usage trends, quality assurance, and product development.

Legal bases: legitimate interests.

To comply with laws and legal processes

Responding to lawful requests, court orders, subpoenas; maintaining appropriate records.

Legal bases: legal obligations, legitimate interests.

We may aggregate or de-identify personal data so that it is no longer reasonably capable of identifying an individual. We may use and disclose such aggregated or de-identified data for any lawful purpose.

How We Share Personal Data

We do not sell personal data for money.

We share personal data only as described below:

Within LeadForce Solutions

With our employees, contractors, and affiliates who need access to the information to perform their roles, subject to confidentiality obligations.

With Service Providers and Vendors

With third-party providers that perform services for us, such as hosting, data storage, analytics, billing and payment processing, email and SMS delivery, identity verification, and customer support tools. These providers are contractually required to use personal data only as necessary to provide the services to us and to maintain appropriate security.

With Our Customers (for Customer Data)

When we act as a processor, we may access or disclose Customer Data in accordance with our agreement with the customer (for example, to provide support, investigate issues, or as instructed by the customer).

Business Transfers

In connection with a merger, sale of assets, financing, acquisition, reorganization, or similar transaction involving LeadForce Solutions, personal data may be disclosed or transferred as part of that transaction, subject to appropriate protections.

Legal and Safety Obligations

When required by law, regulation, or legal process (e.g., subpoena, court order, or government request); when we believe in good faith that disclosure is necessary to:

• Protect the rights, property, or safety of LeadForce Solutions, our customers, or others;

• Detect, prevent, or respond to fraud, security incidents, or illegal activity;

• Enforce our agreements or policies.

With Your Consent

In any other circumstance where you have consented to such sharing.

International Data Transfers

LeadForce Solutions is based in the United States, and personal data we collect may be stored and processed in the United States or other jurisdictions where we or our service providers operate.

If you are located outside the United States, your personal data may be transferred to a country that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we will implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect your personal data and ensure that it is processed in accordance with applicable data protection laws.

Data Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include:

• Access controls and authentication requirements;

• Encryption of data in transit (and, where appropriate, at rest);

• Network and application-level security controls;

• Logging and monitoring; and

• Policies, training, and contractual confidentiality obligations for personnel and service providers.

However, no security measure is perfect, and we cannot guarantee absolute security of information transmitted or stored using the Services.

You are responsible for:

• Maintaining the confidentiality of your account credentials; and

• Promptly notifying us of any unauthorized access or suspected breach involving your account.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by:

• Applicable law (e.g., tax, accounting, or regulatory requirements);

• Our contractual obligations with customers; and

• Our legitimate business needs (e.g., record-keeping, dispute resolution, and security).

When personal data is no longer required, we will delete, anonymize, or otherwise handle it in accordance with our data retention and deletion policies.

Your Privacy Rights and Choices

Your rights may vary depending on your jurisdiction, but typically include some or all of the rights below.

General Rights

Subject to applicable law, you may have the right to:

• Access your personal data we hold;

• Correct inaccurate or incomplete personal data;

• Delete or request deletion of personal data, in certain circumstances;

• Restrict or object to certain processing;

• Port your personal data in a structured, commonly used, and machine-readable format; and

• Withdraw consent where processing is based on your consent.

To exercise these rights, please contact us at contact@leadforce.solutions. We may need to verify your identity before processing your request and may deny or limit requests where allowed or required by law (for example, when we must retain data for legal or contractual obligations).

If your data has been submitted to LeadForce Solutions by one of our customers and we process it as a processor, we may redirect your request to that customer.

Marketing Communications

You may opt out of receiving marketing emails by using the "unsubscribe" link in those emails or by contacting us directly. Even after you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., account notices, security alerts).

Where applicable, you may also control SMS or phone-based marketing by replying with designated opt-out keywords or following applicable instructions.

Cookies and Tracking Technologies

You can manage cookies through your browser settings and, where available, through cookie preference tools on our Site. Please note that certain cookies are essential to the functioning of the Services, and disabling them may limit functionality.

Rights of EEA/UK/Swiss and Other Jurisdictions

If you are located in the European Economic Area (EEA), the United Kingdom, Switzerland, Brazil, or other jurisdictions with comprehensive data protection laws, additional rights may apply, including the right to lodge a complaint with a supervisory or data protection authority in your country of residence, place of work, or where an alleged violation has occurred.

We encourage you to contact us first so we can try to resolve your concerns.

California Privacy Rights

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including:

• The right to know what categories of personal information we collect, the purposes for which we use them, and the categories of third parties to whom we disclose them;

• The right to request access to and deletion of your personal information (subject to certain limitations);

• The right to correct inaccurate personal information;

• The right to limit use and disclosure of certain sensitive personal information (if applicable); and

• The right to be free from discrimination for exercising your privacy rights.

No "Sale" or "Sharing" for Cross-Context Behavioral Advertising.

We do not "sell" your personal information for monetary consideration, nor do we "share" your personal information for cross-context behavioral advertising as those terms are defined by California law, based on our current data practices.

You or your authorized agent may submit requests under California law by contacting us at contact@leadforce.solutions. We may need to verify your identity and residency before fulfilling your request.

Third-Party Links and Integrations

The Site and Services may contain links to, or integrations with, third-party websites, services, or applications (for example, CRM integrations, telephony/SMS vendors, analytics tools, or payment processors).

We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use in connection with our Services.

Children's Privacy

The Services are intended for business use and are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16.

If we learn that we have collected personal data from a child under 16 without appropriate consent, we will take reasonable steps to delete that information and terminate the associated account.

If you believe a child has provided personal data to us, please contact us at contact@leadforce.solutions.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this page; and

• Where appropriate, provide additional notice (such as via email or in-product notification), especially if the changes are material.

Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the changes, you must stop using the Services.

Data Processing Addendum (DPA)

Last Updated: January 26, 2026

This Data Processing Addendum ("DPA") forms part of the Agreement by and between Customer ("Customer"), and LeadForce Solutions LLC, a Delaware limited liability company ("LeadForce Solutions," "Processor," "Service Provider," or "we"). This DPA applies to LeadForce Solutions’ processing of Customer Personal Data in connection with the Services provided to Customer under the Agreement.

Definitions

Unless otherwise defined herein, capitalized terms have the meaning set forth in the Agreement.

• "Agreement" means the main services agreement, subscription agreement, order form, master services agreement, SaaS agreement, or other contract between Customer and LeadForce Solutions governing Customer's use of the Services.

• "Customer Personal Data" means any Personal Data submitted to the Services by or on behalf of Customer, including data relating to Customer's own clients, leads, contacts, personnel, or other individuals.

• "Data Protection Laws" means all laws and regulations relating to privacy, data protection, or personal data, including where applicable: The EU General Data Protection Regulation ("GDPR"), The UK GDPR and UK Data Protection Act 2018, The Swiss Federal Act on Data Protection, The California Consumer Privacy Act as amended by the CPRA ("CCPA"), Brazilian LGPD, and any other applicable national or state law governing personal information.

• "Personal Data," "Personal Information," "Processing," etc. have the meanings given under the applicable Data Protection Laws.

• "Subprocessor" means any third party engaged by LeadForce Solutions to process Customer Personal Data on LeadForce Solutions’ behalf.

• "Controller," "Processor," "Business," "Service Provider" are interpreted according to the relevant law (GDPR or CCPA).

Role of the Parties

Customer as Controller/Business: For Customer Personal Data, Customer is the Controller (under GDPR) or Business (under CCPA).

LeadForce Solutions as Processor/Service Provider: For Customer Personal Data, LeadForce Solutions is the Processor (under GDPR) or Service Provider (under CCPA).

Instructions: LeadForce Solutions will process Customer Personal Data only: as needed to provide the Services; in accordance with Customer's documented instructions; or as otherwise required by law. LeadForce Solutions shall promptly notify Customer if, in its opinion, an instruction violates Data Protection Laws.

Customer Responsibilities

Customer is responsible for:

• Ensuring it has the necessary legal basis to process Customer Personal Data;

• Ensuring its instructions to LeadForce Solutions comply with Data Protection Laws;

• Providing all necessary notices to, and obtaining any required consents from, data subjects;

• The accuracy, quality, and legality of Customer Personal Data.

LeadForce Solutions has no obligation to evaluate the accuracy or legality of Customer Personal Data.

LeadForce Solutions Processing Obligations

LeadForce Solutions will:

• Process Only As Instructed: Process Customer Personal Data only for providing, supporting, securing, or improving the Services.

• Confidentiality: Ensure all personnel with access to Customer Personal Data are bound by confidentiality obligations.

• Security Measures: Implement and maintain industry-standard technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

• Assistance: Assist Customer in responding to data subject requests, conducting data protection impact assessments, demonstrating compliance, and responding to regulatory inquiries.

• Data Breach Notification: If LeadForce Solutions becomes aware of a confirmed Personal Data Breach affecting Customer Personal Data, LeadForce Solutions will notify Customer without undue delay and provide information reasonably necessary for Customer to comply with its legal obligations.

Subprocessors

Authorization: Customer authorizes LeadForce Solutions to engage Subprocessors to support delivery of the Services.

Requirements: LeadForce Solutions will enter into written agreements with Subprocessors requiring comparable data protection obligations and remain responsible for the Subprocessor's performance.

List of Subprocessors: LeadForce Solutions will maintain a list of current Subprocessors upon request.

Changes: LeadForce Solutions will notify Customer of new Subprocessors and provide an opportunity to object on reasonable grounds relating to data protection.

International Transfers

To the extent Customer Personal Data is transferred outside of its jurisdiction, LeadForce Solutions will ensure that such transfers comply with Data Protection Laws through Standard Contractual Clauses (SCCs), UK Addendum or UK International Data Transfer Agreement, Swiss-specific transfer provisions, adequacy decisions, or other lawful transfer mechanisms.

Data Subject Requests

If LeadForce Solutions receives a request directly from a data subject regarding Customer Personal Data, LeadForce Solutions will promptly forward the request to Customer and not respond directly unless instructed or legally required. Customer is responsible for responding to data subject requests.

CCPA Provisions

Where the CCPA applies, LeadForce Solutions shall:

• Process Personal Information solely for the business purpose of providing the Services;

• Not "sell" or "share" Personal Information;

• Not combine Customer Personal Information with information received from other sources except as permitted by law;

• Not retain, use, or disclose Personal Information outside the direct business relationship.

Return or Deletion of Data

Upon termination or expiration of the Agreement, LeadForce Solutions will return Customer Personal Data upon request or delete or anonymize Customer Personal Data within a reasonable period unless retention is required by law. Customer is responsible for exporting its data prior to termination if desired.

Audits

Third-Party Reports: Upon request, LeadForce Solutions may make available third-party audit reports or certifications (e.g., SOC 2, penetration test summaries) if available.

Customer Audits: Customer may request an audit of LeadForce Solutions‘ data protection controls. Audits must be limited to the processing of Customer Personal Data, must not unreasonably interfere with LeadForce Solutions‘ business, must be conducted during business hours, and may occur no more than once annually unless required by law. Customer will bear all audit costs.

Liability, Term, and Amendments

The Parties' liability under this DPA is governed by the liability limitations in the Agreement. This DPA becomes effective on the Effective Date of the Agreement and continues until LeadForce Solutions no longer processes Customer Personal Data.

LeadForce Solutions may update this DPA to reflect changes in Data Protection Laws or Services. Material changes will be communicated to Customer. Continued use of the Services after an updated DPA becomes effective constitutes acceptance.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

LeadForce Solutions LLC

8 The Green, Suite B

Dover, DE 19901

United States

Phone: 781-475-4380

Email: contact@leadforce.solutions