Bespoke Marine & Island Experiences
Legal & Compliance

Privacy &
Data Protection
Policy

At CEREBRY, discretion is foundational to everything we do. This policy explains how we collect, protect, and use your personal information when you engage our bespoke charter and travel services.

Effective Date 30 March 2026
Last Reviewed April 2026
Governing Law Singapore PDPA & US Federal
Entity Cerebry Inc (Wyoming)
01

Who We Are

CEREBRY is the trading brand of Cerebry Inc, a Wyoming C-Corporation (EIN: 41-5121015) registered at 312 W 2nd St, Casper, Wyoming 82601, United States of America. We operate the website cerebryluxury.com and act as a luxury travel intermediary, curating bespoke marine and island experiences for high-net-worth individual and corporate clients worldwide.

For clients engaging our services in Singapore and the Asia-Pacific region, CEREBRY acts as the data controller when arranging yacht charter, island, and marine experiences on your behalf.

02

Information We Collect

We collect only the data necessary to deliver the experiences you request. This includes:

Category Examples Source
Identity Full legal name, date of birth, nationality Provided by you
Identity Documents Passport, national ID (for vessel boarding compliance) Provided by you
Contact Details Email address, phone number, mailing address Provided by you
Travel Preferences Dietary requirements, accessibility needs, itinerary preferences Provided by you
Financial Billing address, payment reference (no card numbers stored) Provided by you / payment processor
Usage Data IP address, browser type, pages visited, inquiry history Automatically collected
Communications Emails, messages, feedback exchanged with our team Provided by you
Special Categories

We may collect health or dietary information where relevant to the safe delivery of your charter experience (e.g. medical conditions relevant to offshore activities). Such data is treated with heightened protection and used solely for your safety.

03

How We Use Your Data

We use your personal information for the following purposes, in each case supported by a lawful basis under applicable data protection law:

Purpose Legal Basis
Booking and executing your charter or travel experience Performance of contract
Compliance with MPA passenger vessel requirements (Singapore) Legal obligation
Processing payments and managing invoices Performance of contract
Sending confirmations, updates, and itinerary details Performance of contract
Safety briefings and emergency protocols Legitimate interest / Legal obligation
Personalising future experiences and recommendations Legitimate interest (opt-out available)
Sending curated updates and offers (with your consent) Consent
Fraud prevention and internal security Legitimate interest
04

Sharing with Third Parties

CEREBRY operates as an intermediary. To fulfil your experience, we necessarily share relevant personal data with the operators and suppliers who deliver the services you book. We do not sell your data.

Recipients may include:

  • Vessel Operators — such as licensed Singapore charter companies, for the purpose of executing your booking (name, identification, guest count, contact details)
  • Payment Processors — for secure payment handling (billing details only)
  • Accommodation & Island Partners — only where relevant to a confirmed booking
  • Regulatory Authorities — where required by law (e.g. MPA, port authorities, immigration)
  • Professional Advisers — lawyers, accountants, insurers bound by confidentiality
Our Commitment

We share the minimum data necessary. All third-party operators we work with are contractually required to handle your personal data solely for the purpose of delivering your booked experience, and to maintain appropriate security standards.

05

International Data Transfers

As a US-incorporated company serving clients globally, including through Singapore-based operators, your data may be transferred across borders. Specifically:

When arranging experiences in Singapore, your data is shared with Singapore-based operators who are subject to Singapore's Personal Data Protection Act 2012 (PDPA). We ensure contractual safeguards are in place for all such transfers, consistent with PDPA requirements.

Data may also be processed in the United States where Cerebry Inc is headquartered. We take appropriate measures to ensure your data receives equivalent protection wherever it is processed.

06

Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or reporting requirements.

Data Type Retention Period
Booking and transaction records 7 years (accounting / tax compliance)
Identity documents Duration of charter + 1 year
Marketing preferences Until consent withdrawn
General correspondence 3 years
Website usage data 13 months

When data is no longer required, it is securely deleted or anonymised.

07

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission, access controls, and regular security assessments.

No method of internet transmission is entirely secure. While we strive to protect your data, we cannot guarantee absolute security. We will notify you of any breach that poses a risk to your rights and freedoms as required by applicable law.

08

Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

I
Right to Access
Request a copy of the personal data we hold about you.
II
Right to Rectification
Request correction of inaccurate or incomplete data.
III
Right to Erasure
Request deletion of your data, subject to legal retention requirements.
IV
Right to Restrict
Request that we limit how we process your data in certain circumstances.
V
Right to Object
Object to processing based on legitimate interests, including marketing.
VI
Right to Portability
Receive your data in a structured, machine-readable format.
VII
Withdraw Consent
Withdraw consent at any time where processing is consent-based.
VIII
Opt-Out of Marketing
Unsubscribe from communications at any time via the link in any email.

To exercise any of these rights, contact us at privacy@cerebryluxury.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority.

09

Cookies & Website

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse how visitors interact with our content. These include:

  • Essential cookies — required for the website to function correctly
  • Analytics cookies — help us understand how visitors use the site (anonymised)
  • Preference cookies — remember your settings and preferences

You may control cookies through your browser settings. Disabling certain cookies may affect website functionality. We do not use cookies for advertising or cross-site tracking.

10

Contact Us

For any questions, requests, or concerns regarding your personal data and this policy, please reach our privacy team:

Entity Cerebry Inc
Email privacy@cerebryluxury.com
General hello@cerebryluxury.com
Address 312 W 2nd St, Casper, Wyoming 82601, USA
Website cerebryluxury.com

This Privacy Policy may be updated periodically to reflect changes in our practices or applicable law. The current version will always be available at cerebryluxury.com/privacy-policy. Material changes will be communicated to existing clients by email.