Privacy Policy

1. Controller & Contact Information

Data Controller: Sea Point Capital Partners, LP

Website: https://seapoint.capital

Address: [STREET_ADDRESS], [CITY_STATE_ZIP], [COUNTRY]

General Contact / Privacy & Compliance: [ADMIN_EMAIL]

Data Protection Officer / Privacy Contact (if different): [DPO_EMAIL]

2. What personal information we collect

We collect personal information you provide directly, information collected automatically via the Site, and personal information obtained from third parties (for example, verification services or service providers).

Personal information you provide directly

• Contact & identity: Full name, email address, phone number, job title, company name, mailing address, country of residence.
• Investor information: Accredited investor attestations, subscription entity type, investor questionnaires, investor classification and jurisdiction, beneficial owner information, tax identification numbers, investor signatures and subscription documents (PDFs).
• Verification & KYC/AML documents: Tax returns, brokerage statements, W-2s, CPA or attorney letters, government ID (where required for AML), entity formation documents, and similar documents submitted during investor verification.
• Uploads & messages: Files and attachments you upload when requesting investor materials, contacting us, or using investor intake flows (e.g., PDFs).
• Payment details: Bank wiring instructions or similar payment metadata (we do not store full bank credentials on the Site; payment processing is handled via secure providers).
• User credentials: Where applicable, account username, hashed passwords, and authentication metadata (for investor portal accounts).

Information collected automatically

• Technical data: IP address, device type, browser, operating system, pages viewed, timestamps, referring URLs.
• Cookies & tracking: Cookies, device identifiers and similar tracking that enable analytics, performance monitoring, fraud detection, and personalization. See our Cookie & Tracking section below.

Information from third parties

• Verification providers: Confirmation of accredited investor status from third-party verification services, background checks, AML screening results.
• Professional references: Where investor accreditation is confirmed by a CPA, attorney, broker-dealer or registered investment adviser, we may receive confirming statements.
• Public sources: Publicly available data about entities or individuals (for compliance and anti-fraud).

3. Legal bases for processing (EU / EEA GDPR)

To the extent the GDPR applies, our legal bases include:

• Contract necessity: Processing necessary to perform pre-contractual and contractual obligations (e.g., subscription, subscription onboarding, servicing investor accounts).
• Legal compliance: Processing required to comply with AML/KYC laws, tax reporting obligations, securities laws (e.g., Reg D verification) and recordkeeping.
• Legitimate interests: For business communications, fraud detection, site security, analytics, product improvement, and the verification of accredited investor status (balanced against individual rights). We will document legitimate interest assessments.
• Consent: For non-essential cookies and direct marketing (where required). You may withdraw consent for cookies at any time (see Cookie & Tracking section).

Under other laws (e.g., CCPA), we rely on similar bases such as contract necessity, legitimate interests, and compliance with legal obligations.

4. How we use your personal information

We use personal information for the following purposes, consistent with the legal bases above:

• Investor onboarding & verification: To process investor attestations, perform KYC/AML screening, verify accredited investor status (including via third-party vendors), and manage subscription workflows.
• To provide services: To administer investor accounts, manage subscriptions, calculate and report NAV and performance, and deliver investor reports and communications.
• To respond to requests & communications: To respond to inquiries submitted via the Site, handle support requests, and process Data Subject Requests (access, rectification, erasure, portability, objection).
• Compliance & legal obligations: To comply with securities laws (including Rule 506(c)), tax reporting, AML/KYC obligations, and lawful requests from regulators or courts.
• Security & fraud prevention: To detect, prevent and remediate fraud, abuse, security incidents, or other malicious activity.
• Analytics & product improvement: To analyze use of the Site and improve our offerings (subject to cookie consent where required).
• Marketing & communications: With your consent (or where permitted by law), to send marketing materials, newsletters and event invitations. You can opt out at any time.
• Record retention & audit: To maintain records for regulatory, auditing and legal defense purposes.

We do not use verification or KYC data for unrelated purposes.

5. Disclosure & sharing of personal information

We may share personal information with the following categories of recipients:

• Fund Administrator, custodians, valuation agent, auditor and other service providers who perform operational, accounting, valuation, legal, custody or audit services on our behalf. These providers process data under contract and only for specified purposes.
• Third-party verification providers (for accredited investor verification, AML/KYC screening and background checks).
• Professional advisers and counsel, including our legal and tax advisers.
• Regulators, law enforcement or courts, where required by law or to defend legal rights.
• Acquirers or affiliates: In the event of a merger, sale, reorganization, or similar corporate transaction, personal data may be transferred in connection with the transaction subject to confidentiality and data safeguards.
• Analytics & marketing vendors, only with consent where required by law.

When we share personal data we require vendors to provide contractually binding commitments to protect the data, process only as instructed, and implement appropriate security measures.

6. International transfers & data location

Personal data we collect is primarily stored and processed in the United States. We may transfer personal data to jurisdictions outside your country of residence where our service providers operate, including the United States and Cayman Islands (for feeder administration), and other jurisdictions. Where required by law, we put in place appropriate safeguards for transfers (standard contractual clauses, data processing agreements, and/or binding corporate rules). For inquiries about the safeguards we use, contact [ADMIN_EMAIL].

7. Data retention & deletion

We retain personal data only as long as necessary to fulfill the purposes described in this Policy, to satisfy legal, tax and regulatory obligations, and to resolve disputes. Our standard retention periods include:

• Verification & investor onboarding records: retained for a minimum of [RETENTION_YEARS] years from last activity (or longer if required by law).
• Transaction & accounting records (including NAV and performance): retained in accordance with applicable financial recordkeeping laws.
• Marketing and cookie consent records: retained while consent is active; consent records are retained for evidence of consent.
• Audit logs & system logs: retained per internal policy and applicable law.

If you request deletion of your personal information, we will follow the deletion workflow described in our Data Subject Request procedures, subject to legal, contractual and regulatory exceptions (e.g., we may need to retain certain records for compliance or tax purposes). Deletion requests may be limited where retention is required by law.

8. Cookies, tracking & targeted advertising

We use cookies, pixels and similar technologies for site functionality, analytics, security and advertising. We categorize cookies as follows:

• Strictly necessary: Required to operate the Site (session management, security). These do not require consent.
• Performance & analytics: For measuring site usage and improving performance (e.g., GA4). Consent is requested where required.
• Functional: For optional features and preferences.
• Advertising & targeting: For marketing and remarketing. We only deploy these with consent.

We display a cookie consent banner for EU/EEA visitors and applicable visitors under local law. You can manage cookie preferences through the banner or the cookie management tool linked in the Site footer. To opt out of certain analytics or ad cookies, follow the instructions in the cookie tool or contact [ADMIN_EMAIL].

Third-party trackers: We use third-party analytics and marketing services. These providers collect data under their own privacy policies. Where required, we only enable these services after receiving your consent.

9. Your rights (EU/EEA, UK, and certain other jurisdictions)

Subject to applicable law, you may have the following rights over your personal data:

• Access: Request a copy of personal data we hold.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure ("right to be forgotten"): Request deletion of personal data where there is no overriding legal basis to retain it.
• Restriction: Request limitation of processing under certain conditions.
• Portability: Request a machine-readable copy of data you provided.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Withdraw consent where processing relies on consent.
• Complain to a supervisory authority: If you are in the EU/EEA/UK, you may lodge a complaint with your local data protection authority.

To exercise any right, contact us at [DPO_EMAIL] or [ADMIN_EMAIL]. For security, we will take reasonable steps to verify your identity before fulfilling requests. We will respond in accordance with applicable law.

10. Data subject request and deletion workflow (summary for investors)

• Submit request: Use the data subject request form on the Site or email [DPO_EMAIL].
• Verification: We will verify your identity to prevent unauthorized disclosures.
• Response & timing: We aim to respond within statutory timeframes (e.g., 30 days where applicable) but may extend as allowed by law.
• Exceptions: Requests may be limited where retention is required by law, for compliance, tax, or litigation reasons. We will explain any refusal.

11. Security

We maintain reasonable administrative, technical and physical safeguards to protect personal data. Measures include encryption of data at rest and in transit (AES-256 / TLS), access controls and role-based access, logging and monitoring, regular security testing, and incident response policies. Verification documents and investor KYC materials are encrypted at rest and stored in our secure S3 environment in the United States ([S3_BUCKET_NAME]), with access limited to authorized compliance and Fund Administrator personnel. We require vendors to implement commensurate safeguards.

No system is perfectly secure. If we learn of a security incident involving personal data that creates a risk to your rights, we will notify affected individuals and regulators as required by law.

12. Children & Minors

The Site is not directed to children and we do not knowingly collect personal data from individuals under the age of 18. If you believe we have collected information from a minor, contact us at [ADMIN_EMAIL] and we will promptly investigate and, where required, delete the information.

13. Changes to this Policy

We may update this Privacy Policy to reflect legal, business or operational changes. The "Last updated" date above will be revised for material changes. For significant changes we will provide notice (for example, via the Site or direct email to registered users). Continued use of the Site after notice constitutes acceptance.

14. Third-party links & embedded content

The Site may contain links to third-party websites. Sea Point is not responsible for the privacy practices of those sites. Please review their privacy notices before providing personal data.

15. Contact & complaints

For privacy inquiries or to submit a Data Subject Request, contact:

Privacy & Compliance: [ADMIN_EMAIL]

DPO / Privacy Contact: [DPO_EMAIL]

If you believe we have not addressed your privacy concern, you may have the right to lodge a complaint with the competent data protection authority in your jurisdiction.