Privacy Statement

California Notice of Collection

To learn more about your California privacy rights, please scroll down to The California Consumer Privacy Act section below.

Who We Are

BSI is an acquisition and investment firm specializing in business acquisitions, real estate investing, private lending, and investor education. For residents from the GDPR Jurisdictions, as defined below, and some US state privacy laws, BSI is the data controller responsible for your personal data. For residents of California, BSI is a "Business."

Who We Collect Personal Information From

We may collect personal information from the following groups: visitors to and users of our online and mobile resources; our customers; current members of our workforce and those who apply for posted jobs; and third-party vendors and business partners.

Personal information generally means information that can be used to identify you or that can be easily linked to you (for example, your name, address, telephone number, email address, social security number, and date of birth). If laws such as the CCPA or GDPR apply to us, our use of "personal information" includes the unique elements required by such laws.

The categories of information we collect from each group, and how we use it, differ. It is possible the same person could fall into more than one group. Most of this statement addresses our processing and sharing of personal information collected from visitors to and users of our online and mobile resources and our customers.

What We Collect

There are two types of information we obtain and store: (i) non-personal information collected automatically from each visitor, such as your device operating system; and (ii) personal information you voluntarily provide or that is collected automatically.

By using our online and mobile resources or purchasing our products or services, you signify that you agree with this section and that we may use and disclose your information as described.

Voluntarily Submitted Information

If you participate in certain activities via our online and mobile resources, you may be asked to provide personal information including identifiers (name, email address, physical address, phone number), professional information (such as your business), and financial account information (such as credit card details). We do not sell, rent, or trade voluntarily submitted personal information with third parties.

If you don't want us to collect this type of information, please don't provide it. Not participating may limit your ability to take full advantage of our online and mobile resources, but it will not affect your ability to access certain information available to the general public.

Emails and Online Forms

When you send us an email or fill out an online form, your email address and any other personal information in the content of your message are retained and used to respond to you and process your request. Depending on the information provided, communications from us may be in the form of emails, telephone calls, and/or text messages. We may also send you information about products or services we think may interest you.

Registering for an Account

When you register for an account, you submit personal information such as your name and email address, which we retain to create and manage your account and, in some cases, establish a password and profile to communicate with you.

Registering for Events

When you register for services, webinars, events, conferences, or programs we host (rather than outsourced to a third-party event manager), you will submit the identifiers described above. If the event requires a fee, we may also ask for credit card or other financial information. We use this information to register you for the event and send relevant communications.

Becoming a Subscriber

We use any information provided from our customers to perform our contractual obligations, provide the products and services purchased, manage accounts, and communicate with them.

Social Media and Community Features

Some of our online and mobile resources may offer social media-like community features letting users post messages, comments, and/or upload images or files. Information you post in these features, including your screen name and any personal information, will be in the public domain and not covered by this statement.

Automatically Collected Information

When you visit our online and mobile resources, basic information is passively collected through your web browser via tracking technologies such as a "cookie" — a small text file downloaded onto your computer or mobile device that allows us to recognize your device and store some information about your preferences or past actions.

We allow third-party vendors to use cookies or similar technologies to collect information about your browsing activities over time. For example, we use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help us analyze how you use our online and mobile resources. For more information on how Google uses this data, visit www.google.com/policies/privacy/partners/. To opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.

The internet activity information collected through cookies includes: the domain name and IP address from which you accessed our resources; the type of browser and operating system you use; the date, time, and length of your visit; the specific pages visited and documents downloaded; links to other sites you accessed from our resources; and links from other sites you used to access our resources.

If you access our resources from a mobile device, the mobile services provider may transmit uniquely identifiable mobile device information to us, which we may associate with mobile phone numbers. Some mobile vendors also operate systems that pinpoint physical locations, and we may receive this information if location services are enabled on your device. To prevent collection of geolocation data, disable location services in your device settings.

We use both automatically collected and mobile device information to compile generic reports about popular pages on our resources and to understand how our customers and followers are accessing them. We use that data to administer and improve our resources, make your activities more efficient, and enhance functionality such as by remembering certain information to save you time.

We use and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described above. Usage Data is generally retained for a shorter period, except when used to strengthen security or improve functionality, or when we are legally obligated to retain it longer.

External Sites, Apps, Links and Social Media

We maintain a presence on external social media platforms such as Twitter, Facebook, Instagram, YouTube, and LinkedIn. Our online and mobile resources may also contain links to websites or apps controlled by third parties. We are not responsible for the content on, or the privacy practices of, social media platforms or any third-party sites or apps to which we link. If you have questions about how those platforms collect and use personal information, please read their privacy policies and contact them directly.

How We Use Your Information

BSI may use information we collect for a variety of business purposes, including to provide the services, improve customer experience, and develop the services. We will process your data only in accordance with applicable data protection law and this Privacy Statement.

We will have a lawful basis for processing your data if:

• We need to process your information to provide the products or service you requested, or to enter into a contract;
• You have consented to such processing;
• We have a legitimate interest for processing your data (e.g., fraud prevention; direct marketing; network and information systems security; data analytics; enhancing or improving our services; identifying usage trends; determining the effectiveness of promotional campaigns; and advertising personalization); and/or
• We are legally obliged to process it.

We may use information we collect for the following customer service and transaction purposes:

• To provide the requested services to you and manage your account
• To personalize your experience and respond to your individual needs
• To improve our website based on information and feedback we receive
• To diagnose problems with our servers or services
• To process transactions such as purchases and subscriptions
• To use and disclose payment card information only to process payments and prevent fraud
• To administer a contest, promotion, survey, or other site feature
• To develop new products and services and enhance current offerings
• To send periodic emails about service updates, orders, or subscriptions
• To protect the security or integrity of our services and business

We may also use your information for commercial purposes, including to send you marketing and promotional emails, and to target prospective customers with our services (only with your permission where required by law). We may also use information for other purposes as disclosed at the time you provide it or otherwise with your consent.

When and With Whom We Share Personal Information

We use voluntarily provided personal information to respond to your inquiries and provide you with the services you have requested. We do not sell or rent your personal information to third-party data vendors or marketing companies. We disclose your information when required by law.

Twilio, our telephony partner, maintains that consent can't be sold, shared, or transferred, not even to affiliates. The allowed scenarios for sharing personal data are:

• With service providers that help fulfill the order (for example, a shipping company)
• In the case of business mergers and acquisitions
• Law enforcement
• With the user's consent

Affiliates

We may share your information, including personal information, within our family of companies. Those companies will use such information in generally the same manner as we do under this privacy statement.

Legally Compelled Disclosures

We may disclose your information to government authorities and other third parties when compelled by such government authorities, or as required or permitted by law, including responding to court orders and subpoenas.

To Prevent Harm

We may disclose your information when we have reason to believe that someone is causing injury to or interference with our rights or property, other users, or anyone else that could be harmed by such activities.

Business Transfer

If we or any of our affiliates, or substantially all assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, or liquidation, personal information may be one of the transferred assets.

Vendors and Business Partners

We may share your information with our vendors and other third parties with whom we have a contractual relationship. We attempt to bind such vendors and business partners to privacy standards via written contracts and to restrict what they can do with the personal information we provide. Please note we cannot guarantee that all vendors will agree to these contractual requirements or always fully comply.

Email Communications, Newsletters, and Marketing

We may use your personal data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any or all of these communications by following the unsubscribe link or instructions provided in any email we send, or by contacting us directly.

Payments

We may provide paid products and/or services within the service. In that case, we may use third-party services for payment processing. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to PCI-DSS standards as managed by the PCI Security Standards Council, a joint effort of brands like Visa, Mastercard, American Express, and Discover.

Your Rights and Options

You may have to provide personal information to enjoy most features of our online and mobile resources. You can opt out of certain activities like newsletters and announcements. Residents of California and EU data subjects have certain additional rights described below.

When you access your account, you have the option to change certain information about yourself, such as your billing or shipping address and telephone number.

Emails

If you consented to receive direct marketing from BSI, you may opt out of our marketing communications or change your preferences by following a link in the footer of any non-transactional email or by emailing us at [email protected]. Some communications are considered transactional or service communications (for example, account notifications and billing information) and you do not have the option to unsubscribe from these messages.

If you would like to remove your name from our distribution lists, contact us using the information below. Due to processing latency, you may still receive materials for a period after you opt out. You also have the ability to access, amend, and delete your personal information by contacting us.

Some browsers have a "do not track" feature that lets you tell websites you do not want your online activities tracked. Currently, we do not specifically respond to browser "do not track" signals.

GDPR Jurisdictions

GDPR Jurisdictions means the countries composed of the European Economic Area (including Iceland, Liechtenstein, and Norway) and all EU member states. Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and Japan have received an "adequacy decision" from the European Commission and adhere to the material terms of the GDPR.

GDPR no longer has jurisdiction over the United Kingdom. The United Kingdom General Data Protection Regulation ("UK-GDPR") governs the processing of personal data in the UK domestically.

Children's Privacy

Federal law imposes special restrictions and obligations on commercial website operators who direct their operations toward, and collect information from, children under the age of 13. We do not intend for our online and mobile resources to be used by children under the age of 18. If we become aware that anyone under the age of 18 has submitted personal information to our online and mobile resources, we will delete that information and will not use it for any purpose. If you believe that someone under the age of 18 has submitted personal information, please contact us at [email protected]. We encourage parents and legal guardians to talk with their children about the potential risks of providing personal information over the internet.

How We Protect Collected Personal Information

We will take all reasonable security precautions to protect your personal information. We have adopted a security program that includes technical, organizational, administrative, and other security measures designed to protect against anticipated or actual threats to the security of personal information (the "Security Program").

We cannot guarantee that your information will be free from unauthorized access or that loss, misuse, destruction, or alteration will not occur. Except for our duty to maintain the Security Program under applicable law, we disclaim any other liability for any such theft or loss of, unauthorized access or damage to, or interception of any data or communications. We periodically review and update our Security Program, including as required by applicable law.

As part of our Security Program, we have specific incident response and management procedures that are activated whenever we become aware that your personal information was likely to have been compromised. We also require our vendors and business partners to notify us immediately if they have any reason to believe that an incident adversely affecting personal information we provided to them has occurred.

The California Consumer Privacy Act (CCPA)

When we collect personal information from California residents, we become subject to, and those residents have rights under, the CCPA. For purposes of this section, "you" and "your" mean only California residents.

What We Collect from California Residents

We collect the following categories of personal information: identifiers such as name, address, and IP address; personal information under California customer records statute (name, address, telephone number, credit card number); commercial information such as products or services purchased; internet/electronic activity such as browsing history; geolocation data; and audio, video, electronic, or other similar information. We may disclose this information for business purposes permitted by the CCPA. We do not sell, and within the last 12 months have not sold, personal information to third parties.

Rights of California Residents

• Access: Up to two times per year, you may request that we disclose the categories and specific pieces of personal information we have collected from you, the sources, the business or commercial purpose, the categories disclosed for a commercial purpose, and the categories of third parties with whom we have shared your personal information.
• Deletion: You may request that we delete any personal information we have collected from or about you. There may be instances where we will not be able to fully comply, such as if we need the personal information to complete a transaction, detect and protect against fraud, exercise our rights, for internal purposes, or to comply with a legal obligation.

If you exercise these rights, we will not discriminate against you. To exercise your rights under California law, contact us at [email protected]. We may ask you to fill out a request form and verify your identity.

Virginia Residents

If you are a Virginia resident, you may take advantage of certain privacy rights pursuant to Virginia Code 59.1-577. You may request to access, correct, or delete your personal information. You may also exercise your right to opt out of "selling" personal information or "targeted advertising" as defined in Virginia law, and you have the right to appeal a denial of your privacy rights.

To take advantage of your rights under Virginia law, or to submit an appeal, contact us at [email protected]. We may ask you to verify your identity. If you make a verifiable request, we will confirm receipt and respond within the time frames prescribed by Virginia law.

The EU General Data Protection Regulation (GDPR)

We do collect or otherwise obtain personal information from data subjects located in GDPR Jurisdictions. We fulfill our GDPR obligations through a series of separate notices, contracts, or other terms provided to customers, vendors, and business partners at the time and in the manner GDPR and local law requires.

What We Collect in GDPR Jurisdictions

We collect the categories of personal information already described. The lawful basis for such collection, use, and disclosure is what the GDPR refers to as legitimate interest. We do not sell any of your personal information to third parties nor do we use it for automated decision making.

Cross-border Data Transfers

If we transfer personal information from GDPR Jurisdictions to a location that has not been deemed by the European Commission to have adequate privacy protections, we do so in the manner the GDPR permits.

Rights of Data Subjects in GDPR Jurisdictions

Under the GDPR we have a legal obligation to allow you to exercise control over your personal information. You have these rights: transparency, access, correction and deletion, portability, who/what/why/where, and restriction/objection. For more information, visit gdpr-info.eu/chapter-3/.

To exercise any of these rights, contact [email protected]. Your ability to exercise these rights is subject to certain conditions and exemptions under Articles 12 through 23 of the GDPR. If you are not satisfied with how we use your personal information, you have the right to complain to your data protection regulator. Contact information for EU data protection regulators can be found at ec.europa.eu/newsroom/article29/items/612080.

Agent Authorization

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents need to demonstrate that you have authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. BSI retains the right to request confirmation directly from you confirming that the agent is authorized, or to request additional information to confirm the agent's identity. An authorized agent is prohibited from using a consumer's personal information for any purpose other than to fulfill the consumer's requests, for verification, or for fraud prevention.

Rights of Data Subjects in Other Jurisdictions

In other jurisdictions with similar data privacy regulations, we collect and manage data in compliance with applicable local laws. We do not sell any of your personal information to third parties nor do we use it for automated decision making.

Changes to This Privacy Statement

This privacy statement was last updated on April 28, 2026, and is effective as of this date. The English language version of this privacy statement is the controlling version regardless of any translation you may attempt. We reserve the right to change or update this statement from time to time. Please check our online and mobile resources periodically for such changes since all information collected is subject to the statement in place at that time.

Disclaimer

We utilize Meta Pixel and Google Analytics and Tag Manager to gain insights into the performance of our website, services, and products, as well as to understand your usage patterns. Additionally, these tools help us display advertisements on third-party websites and social media platforms. These pixels can collect certain types of information, including your IP address, browser and device type, and the specific pages you visit on our site. The collected data is stored and processed by Meta and Google, depending on the pixel in use.

For details on how Meta handles this data, please refer to their Privacy Policy at facebook.com/privacy/policy/. To learn how Google processes this information, please visit google.com/policies/privacy/.

Contacting Us

If you have questions about our privacy statement or privacy practices, please reach out:

Copyright © 2026 BSI — All Rights Reserved