Privacy policy

1. About This Policy

Sher & Co Global LLC ("SCG," "we," "us," or "our") is a boutique investment banking and strategic advisory practice headquartered in Los Angeles, California, operating at www.sher.global. We serve pre-seed through pre-Series A founders in deep-tech, aerospace, defense, and dual-use sectors, and work bilaterally with institutional and individual funders sourcing deal flow.

This Privacy Policy explains how SCG collects, uses, stores, discloses, and protects personal information obtained through our website, engagement process, and ongoing advisory relationships. It applies to founders, funders, prospective clients, strategic partners, and all other individuals whose information we process in connection with our business.

By visiting www.sher.global or engaging SCG in any capacity, you acknowledge this Policy. If you do not agree, please discontinue use of our website and services.

2. Who We Are and How to Reach Us

SCG operates as a sole-member LLC organized under California law, providing boutique investment banking and strategic advisory services consistent with applicable regulatory requirements.

For all privacy-related inquiries, requests, or complaints:

• Email: ir@sher.global

• Mailing Address: Los Angeles, California -- available upon written request

We will respond to all verifiable requests within 30 days unless an extension is required, in which case we will notify you within that initial period.

3. Information We Collect

3.1 Information You Provide Directly

When you engage SCG, inquire about our services, or interact with our website or intake forms, we may collect:

• Identity and contact information: full name, email address, phone number, company name, title, and LinkedIn profile

• Business and financial information: company stage, funding history, cap table structure, revenue and ARR figures, pitch materials, financial projections, business plans, and investor documentation

• Engagement-specific information: information shared during onboarding calls, strategy sessions, diligence processes, and capital raise coordination

• Counterparty and deal information: names, contact details, and firmographic data about founders, co-investors, and potential strategic partners introduced through SCG

• Payment and billing information: invoicing details, wire instructions, and engagement fee records (processed through third-party platforms where applicable)

• Communications: emails, meeting notes, recorded calls (where consent is obtained), and correspondence maintained in connection with engagements

3.2 Information Collected Automatically

When you visit www.sher.global, our website infrastructure and analytics tools may collect:

• Device and browser data: IP address, browser type, operating system, and device identifiers

• Usage data: pages visited, time spent, referral source, click paths, and session data

• Cookie data: as described in Section 8 below

3.3 Information from Third Parties

We may receive information about you from publicly available sources (LinkedIn, Crunchbase, SEC EDGAR, patent databases), referral partners, co-investors, or platforms we use for deal sourcing and outreach, including our CRM and email platforms.

4. How We Use Your Information

SCG processes personal information for the following purposes:

• Evaluating and onboarding potential clients and funders

• Executing capital raise mandates, GTM advisory engagements, and strategic introductions

• Maintaining deal pipeline records and engagement histories in our CRM

• Conducting due diligence and counterparty background review

• Communicating updates, deal flow, and market intelligence to qualified funders and partners

• Fulfilling billing, invoicing, and contractual obligations under engagement agreements

• Complying with applicable securities laws, financial services recordkeeping requirements, and regulatory obligations

• Improving our services, website, and internal workflows

• Protecting SCG and our clients against fraud, legal liability, and regulatory risk

We do not sell, rent, or broker personal information for advertising or marketing purposes unrelated to SCG's advisory services.

5. Legal Basis for Processing (GDPR Applicability)

Where the General Data Protection Regulation applies (e.g., data subjects located in the European Economic Area or United Kingdom), SCG processes personal information on the following legal bases:

• Contract performance: processing necessary to enter into or perform an engagement agreement

• Legitimate interests: pipeline management, deal sourcing, counterparty communication, and business development, where those interests are not overridden by your rights

• Legal obligation: compliance with applicable financial services regulations, recordkeeping laws, and court or regulatory orders

• Consent: for marketing communications and non-essential cookies, where separately obtained

You may request clarification of the specific legal basis applied to any processing activity by contacting ir@sher.global.

6. Disclosure and Sharing of Information

6.1 Authorized Sharing Within Engagements

In the course of executing a capital raise or advisory engagement, SCG may share your business information (including pitch materials, financials, and contact details) with pre-qualified investors, family offices, strategic partners, or co-advisors as directed by your engagement agreement. Such sharing is subject to customary confidentiality obligations or applicable NDAs.

6.2 Third-Party Service Providers

We work with a limited set of third-party platforms to operate our business. These include:

• Customer relationship management platform: for pipeline and relationship management

• Email and outreach platforms: for communication and engagement tracking

• Calendar and scheduling tools: for meeting coordination

• Document and file management platforms: for engagement file storage and internal documentation

• Website hosting and content platforms: for www.sher.global

• Payment and invoicing tools: for billing and engagement fee processing

All third-party processors are engaged under contractual terms requiring appropriate data protection standards. We do not authorize these vendors to use your data for their own purposes.

6.3 Legal and Regulatory Disclosure

We may disclose personal information where required by law, regulation, court order, or government request, including disclosures required by applicable financial services regulators or state authorities. We will notify affected individuals of such requests to the extent permitted by law.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of SCG's business assets, personal information held by SCG may be transferred to a successor entity, subject to equivalent privacy protections.

7. Data Retention

SCG retains personal information for as long as necessary to fulfill the purposes described in this Policy, including compliance with legal, regulatory, and contractual obligations. General retention guidelines:

• Active engagement records: retained for the duration of the engagement plus a minimum of 5 years, consistent with applicable financial services recordkeeping standards

• Prospective client and funder records: retained for up to 3 years following last contact, unless a relationship or engagement is established

• Website visitor data and analytics: retained for up to 24 months

• Email correspondence: retained for a minimum of 3 years in connection with advisory activities

• Financial and billing records: retained for 7 years in accordance with standard accounting and tax obligations

Upon expiration of the applicable retention period, we will delete or anonymize personal information in a secure manner. You may request earlier deletion subject to the conditions in Section 9.

8. Cookies and Tracking Technologies

Our website www.sher.global uses cookies and similar tracking technologies to support site functionality and understand visitor behavior. We use four categories of cookies:

• Essential cookies: required for core site functionality including security and authentication. These operate without your consent and cannot be disabled without impairing the site.

• Performance and analytics cookies: collect aggregate, anonymized data on how visitors interact with the site to help us improve content and structure.

• Functional cookies: remember your preferences and settings to personalize your experience.

• Targeting cookies: used in connection with any outreach or retargeting campaigns. These are only activated with your explicit consent.

Upon your first visit, you will be presented with a consent banner where you may accept all cookies, reject non-essential cookies, or customize your preferences. You may update your preferences at any time via our cookie settings link in the website footer.

We do not use cookies to build individual advertising profiles or sell behavioral data to third parties.

9. Your Rights

9.1 Rights Under GDPR (EEA and UK Residents)

If you are located in the EEA or UK, you have the following rights under applicable data protection law:

• Right of access (Art. 15): request a copy of the personal information we hold about you

• Right to rectification (Art. 16): request correction of inaccurate or incomplete information

• Right to erasure (Art. 17): request deletion of your personal information, subject to legal and regulatory retention obligations

• Right to restriction (Art. 18): request that we limit processing in certain circumstances

• Right to data portability (Art. 20): receive your data in a structured, machine-readable format

• Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing

• Right to withdraw consent (Art. 7(3)): withdraw any consent you have previously given at any time

• Right to lodge a complaint (Art. 77): file a complaint with your local supervisory authority

9.2 Rights Under California Law (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and any third parties with whom we have shared it

• Right to Delete: request deletion of personal information we have collected, subject to legal retention obligations

• Right to Correct: request correction of inaccurate personal information

• Right to Limit Use of Sensitive Data: restrict our use of sensitive personal information to the purposes for which it was collected

• Right to Opt-Out of Sale or Sharing: SCG does not sell or share personal information for cross-context behavioral advertising. This right is preserved but is not currently applicable to our operations.

• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights

9.3 How to Submit a Request

To exercise any of the rights described above, contact us at ir@sher.global. We will verify your identity before processing any request. We respond within 30 days; complex requests may require an additional 30-day extension with notice. To appeal a decision, contact us within 60 days of our response with your original request and an explanation of your grounds for appeal.

10. International Data Transfers

SCG is based in the United States and processes data on servers located in the U.S. Where we receive personal information from individuals located in the EEA, UK, Canada, UAE, or Singapore (markets in which SCG maintains relationships), we ensure that transfers comply with applicable requirements, including Standard Contractual Clauses where required under GDPR.

If you are located outside the United States and choose to provide information to SCG, you acknowledge that your information will be transferred to, processed, and stored in the United States in accordance with this Policy.

11. Data Security

SCG implements technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Access controls restricting personal information to authorized personnel with a legitimate business need

• Encryption of data in transit and at rest where supported by our service providers

• Regular review of permissions and third-party vendor security standards

• Use of reputable, enterprise-grade platforms with their own security certifications and audit programs

No transmission over the internet or method of electronic storage is completely secure. While we take our obligations seriously, we cannot guarantee absolute security. In the event of a data breach that creates a risk to your rights or freedoms, we will notify you and applicable regulators as required by law.

12. Confidentiality of Deal-Related Information

SCG regularly receives sensitive business information from founders and funders in the course of our advisory work, including financial projections, cap tables, technology descriptions, investor lists, and strategic plans. We treat all such information as confidential and do not disclose it outside the scope of an active engagement or without the explicit direction of the disclosing party.

Confidentiality obligations applicable to deal-related information are governed primarily by the engagement agreement and any applicable NDA between SCG and the relevant party. This Privacy Policy governs the handling of personal information within that relationship but does not replace or limit any separate confidentiality obligations.

13. No Services to Minors

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently received such information, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements, or data practices. Material changes will be posted to www.sher.global with an updated effective date. Where required by applicable law, we will provide direct notice of material changes to individuals whose data we process.

Continued use of our website or services following the posting of an updated Policy constitutes your acceptance of the revised terms.

15. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or SCG's data practices, please contact:

Sher & Co Global LLC

• Email: ir@sher.global

• Website: www.sher.global

We are committed to addressing your concerns promptly and working with you to resolve any issues regarding your personal information.