Privacy Policy

1. Introduction

Shorecrest Capital ("we," "us," or "our") is a multi-family office domiciled in the Cayman Islands and registered as a Registered Person under the Securities Investment Business Act (SIBA), regulated by the Cayman Islands Monetary Authority (CIMA). We are committed to protecting the privacy and security of personal information entrusted to us by our clients, prospective clients, and visitors to our website.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you visit our website at www.shorecrest.capital, use our Client Portal, or engage with our services. It applies to all information collected through these channels.

2. Information We Collect

We may collect the following categories of personal information depending on the nature of your interaction with us:

Information you provide directly:

• Contact information — name, email address, phone number, and mailing address submitted through our contact form or client onboarding process
• Account credentials — email address and password when you register for our Client Portal
• Identity verification documents — passport, government-issued identification, proof of address, and related documentation required for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance
• Financial information — net worth declarations, source of funds and wealth documentation, investment objectives, risk tolerance, and related financial data collected during client onboarding
• Tax information — tax identification numbers, tax residency declarations, and related information required for CRS and FATCA compliance
• Communications — correspondence and messages exchanged with us via email, the contact form, or the Client Portal

Information collected automatically:

• Device and browser information — IP address, browser type and version, operating system, and device type
• Usage data — pages visited, time spent on pages, referring URL, and navigation patterns
• Session data — login timestamps, session duration, and authentication events within the Client Portal

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and administering our investment management, deal participation, and family office services
• Processing and responding to inquiries submitted through the contact form
• Operating and securing the Client Portal, including account creation, authentication, session management, and access control
• Complying with our regulatory obligations under SIBA, CIMA regulations, and applicable anti-money laundering legislation
• Fulfilling our reporting obligations under the Common Reporting Standard (CRS) and the Foreign Account Tax Compliance Act (FATCA)
• Conducting client due diligence and ongoing monitoring as required by Cayman Islands regulatory frameworks
• Communicating with you regarding your account, services, or matters related to our business relationship
• Maintaining the security and integrity of our systems, detecting fraud, and preventing unauthorized access
• Improving the functionality and user experience of our website and Client Portal

4. Legal Basis for Processing

We process personal data on the following legal grounds:

• Contractual necessity — to provide the services you have engaged us to perform under our investment management, deal participation, or family office service agreements
• Legal and regulatory obligations — to comply with SIBA, CIMA regulations, AML legislation, CRS, FATCA, and other applicable laws and regulatory requirements
• Legitimate interests — to operate, secure, and improve our business, website, and Client Portal, provided such interests are not overridden by your rights
• Consent — where you have expressly consented to a specific use of your personal data, such as receiving communications from us

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data in the following limited circumstances:

• Regulatory authorities — to CIMA, the Department for International Tax Cooperation (DITC), the Cayman Islands Financial Reporting Authority, or other regulatory bodies as required by law
• Service providers — with carefully selected third-party vendors who assist us in operating our business, such as custodians, fund administrators, auditors, legal counsel, and technology providers, subject to appropriate confidentiality and data protection obligations
• Tax authorities — to relevant tax authorities under CRS and FATCA automatic exchange of information agreements
• Legal proceedings — where required by a court order, subpoena, or other legal process

All third-party recipients are subject to contractual obligations to protect the confidentiality and security of your data and to use it only for the purposes for which it was disclosed.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS (Transport Layer Security) protocols
• Secure authentication mechanisms including password strength requirements and session management controls within the Client Portal
• Access controls limiting personal data access to authorized personnel on a need-to-know basis
• Regular review and assessment of our security practices and infrastructure

While we take all reasonable precautions, no system of data transmission or storage can be guaranteed to be 100% secure. We encourage you to protect your Client Portal credentials and notify us immediately if you suspect any unauthorized access to your account.

7. Data Retention

We retain personal data for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, and reporting obligations. Specific retention periods are determined by the nature of the data and applicable regulatory requirements, including CIMA record-keeping requirements under SIBA and AML regulations.

When personal data is no longer required, it is securely deleted or anonymized in accordance with our data retention policies and applicable law.

8. Cookies and Tracking Technologies

Our website uses minimal cookies and similar technologies strictly for functional purposes, including maintaining your session in the Client Portal and remembering your preferences. We do not use advertising cookies or third-party tracking technologies for behavioral advertising purposes.

You may configure your browser to refuse cookies, though doing so may affect the functionality of certain features, including the Client Portal.

9. International Data Transfers

As a Cayman Islands–domiciled entity serving international clients, your personal data may be transferred to, stored, or processed in jurisdictions outside of your country of residence. Where such transfers occur, we take appropriate measures to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws, including the Cayman Islands Data Protection Act, 2017 (as amended).

10. Your Rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete personal data
• Request deletion of your personal data, where it is no longer necessary for the purposes for which it was collected (subject to regulatory retention requirements)
• Object to or restrict certain processing of your personal data
• Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us using the details below. We may require verification of your identity before processing your request. Certain rights may be limited where we are required to retain data for regulatory compliance purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any material changes will be communicated by posting the revised policy on this page with an updated effective date. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns regarding our handling of your personal information, please contact us: