Privacy Policy

a) Information You Provide Directly

• Name, email address, phone number, and business information when you complete a contact or demo booking form
• Communications you send us via email, contact forms, or direct messages
• Billing and payment information when you purchase services

b) Information Collected Automatically

• IP address, browser type, device identifiers, and operating system
• Pages visited, time spent on pages, and clickstream data via cookies and analytics tools
• Call recordings and transcripts generated through our AI voice and phone services (subject to the call recording disclosures in Section 5)

c) Information from Third Parties

• Data synced from GoHighLevel (GHL), Google, and other CRM or marketing platforms that you or your clients connect to our services — governed by the GHL Data section below
• Publicly available business information used for prospecting or outreach research

We use the information we collect to:

• Deliver, operate, and improve our services, including AI employee tools and automation workflows
• Respond to inquiries and schedule discovery or demo calls
• Send transactional communications, service updates, and appointment reminders
• Send marketing communications, including SMS and email (you may opt out at any time — see Section 10)
• Analyze usage and performance to improve our platform
• Comply with legal obligations, including TCPA, CCPA, and applicable state laws
• Detect and prevent fraud or misuse of our services

Leadlock Digital operates AI-powered calling and texting tools. Our use of these tools — and our clients' use of them through our platform — is subject to the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, and applicable FCC regulations.

Express Written Consent

We do not initiate, and our platform is not designed to initiate, autodialed or prerecorded calls or text messages to any individual without prior express written consent as required by the TCPA. Clients who use our Caller AI, Texting AI, or Follow-Up AI services are solely responsible for:

• Obtaining prior express written consent from their leads and customers before initiating any automated calls or SMS messages through our platform
• Maintaining records of that consent, including the method and date it was obtained
• Ensuring that consent was given specifically for the type of communication being sent (marketing vs. transactional)

Leadlock Digital does not independently collect or verify end-user consent on behalf of our clients. Clients who misuse our platform to send non-compliant communications are in violation of our Terms of Service and may be subject to account termination.

Opt-Out Handling

• SMS opt-outs: Any contact who replies STOP, UNSUBSCRIBE, CANCEL, END, or QUIT will be automatically removed from future automated text communications. Confirmation of opt-out will be sent to the number.
• Call opt-outs: Individuals who request to be removed from calling campaigns will be logged and suppressed from future automated calls within our system.

Opt-outs are processed within one business day and are permanent unless the contact re-consents.

Do-Not-Call Compliance

Clients using our calling tools are responsible for scrubbing contact lists against the National Do Not Call Registry prior to upload. Leadlock Digital is not liable for calls placed by clients to numbers on the DNC Registry.

Message Frequency and Costs

Message frequency varies by campaign. Standard message and data rates may apply. Clients are responsible for disclosing message frequency and applicable fees to their end users at the point of opt-in.

This section applies to California residents and supplements the rest of this Privacy Policy. It is provided pursuant to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California residents:

• Identifiers: name, email address, phone number, IP address, device identifiers
• Commercial information: records of services purchased or considered
• Internet or other electronic network activity: browsing behavior on our website, interaction with our platform
• Audio/electronic data: call recordings and transcripts processed through AI voice services
• Professional or employment-related information: business name, role, and industry

We do not collect sensitive personal information as defined by the CPRA (e.g., Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, health data).

Your California Rights

How to Submit a Request

California residents may submit a rights request by emailing [email protected] with the subject line "California Privacy Request." We will verify your identity before processing the request and will respond within 45 days, with one possible 45-day extension if reasonably necessary.

Leadlock Digital's Caller AI and Receptionist AI services have the technical capability to record and transcribe telephone calls.

Federal Law

Under federal law (18 U.S.C. § 2511), at least one party to a call must consent to recording (one-party consent). Our AI systems are a party to any call they handle, which satisfies the federal one-party consent requirement.

State Law — Two-Party Consent States

Several states, including California, Maryland, Florida, Illinois, Pennsylvania, Connecticut, and Washington, require all parties to a call to consent before recording may occur. If you or your clients operate in any of these states:

• Clients are solely responsible for ensuring that all parties to a call are notified and have consented to recording before the call begins
• This notification may be delivered via a verbal disclosure at the start of the call or via prior written disclosure at the point of opt-in
• Leadlock Digital provides configurable call greeting scripts that can include a recording disclosure. Clients are responsible for enabling this feature where legally required

Storage and Use of Recordings

Call recordings and transcripts are stored on Leadlock Digital's platform infrastructure for up to 90 days by default, after which they are permanently deleted unless a client has configured a longer retention period. Recordings are accessible only by the client account that generated them and by Leadlock Digital for platform support, debugging, and service improvement. Recordings are never sold or shared with third parties for marketing purposes.

Leadlock Digital's services are built on the GoHighLevel (GHL) platform. When you use Leadlock Digital's services, the following data is stored within your dedicated GHL sub-account:

• Contact records: names, phone numbers, email addresses, and tags for leads and customers in your pipeline
• Conversation logs: SMS, email, and call history processed through GHL's messaging infrastructure
• Automation and workflow data: details of triggered campaigns, follow-up sequences, and AI response logs
• Appointment and calendar data: bookings made through GHL-connected calendars
• Form and funnel submissions: data entered by leads through GHL-hosted landing pages or funnels

Data Ownership

You (the client) own the contact and customer data within your GHL sub-account. Leadlock Digital does not claim ownership of your CRM data. If you terminate your services with Leadlock Digital, we will provide a data export within 14 business days of your written request and transfer administrative access to your GHL sub-account upon written request.

GoHighLevel acts as a data processor for the personal data stored in your sub-account. You can review GHL's privacy policy at: gohighlevel.com/privacy-policy

We do not sell your personal information. We may share your information with:

• Service providers and vendors who help us operate our platform, including GoHighLevel (CRM and automation), cloud hosting providers, and payment processors. All vendors are subject to confidentiality agreements and are prohibited from using your data for their own purposes.
• Business partners, only with your explicit consent
• Law enforcement or government authorities when required by applicable law, court order, or to protect our legal rights
• Successor entities in the event of a merger, acquisition, or sale of assets — you will be notified before your data becomes subject to a different privacy policy

We use cookies, pixels, and similar technologies to enhance your experience and analyze site performance. You can manage cookie preferences through your browser settings. Disabling cookies may affect certain functionality on our website. We do not use tracking technologies for cross-site behavioral advertising.

We retain personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy, or as required by law. Specific retention periods:

• Account and contact data: retained for the duration of your active account, plus 2 years following termination
• Call recordings and transcripts: 90 days by default (see Section 5)
• Billing and payment records: 7 years, as required for tax and accounting compliance
• Marketing opt-out records: retained indefinitely to ensure ongoing compliance

When data is no longer needed, we securely delete or anonymize it.

Regardless of your location, you may request to:

• Access, correct, or delete the personal information we hold about you
• Object to or restrict certain processing of your data
• Withdraw consent where processing is based on consent
• Opt out of marketing emails by clicking "Unsubscribe" in any marketing email
• Opt out of marketing SMS by replying STOP to any text message from our platform

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or 45 days for California residents).

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, loss, or disclosure, including encrypted data transmission (TLS), access controls, and periodic security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

Our website or services may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page and, for material changes, provide notice via email or a prominent notice on our website. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

Governing Law

This Privacy Policy and any disputes arising from it are governed by the laws of the State of Maryland, without regard to its conflict of law provisions.

Informal Resolution

Before initiating any formal legal proceeding, you agree to first contact Leadlock Digital at [email protected] and provide a written description of the dispute. We will attempt to resolve the dispute informally within 30 days of receiving your written notice.

Binding Arbitration

If a dispute cannot be resolved informally, you and Leadlock Digital agree to resolve it through binding individual arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules, rather than in a court of law. The arbitration will be conducted in Baltimore, Maryland, or remotely by mutual agreement.

Class Action Waiver

Opt-Out Right

You have the right to opt out of the arbitration agreement by sending written notice to [email protected] within 30 days of first using our services.