March 22, 2026
Methodology About Contact
TOKENIZATION COMPLIANCE
The Vanderbilt Terminal for Digital Asset Compliance
INDEPENDENT GLOBAL INTELLIGENCE FOR COMPLIANCE & REGULATION
MiCA Licensed CASPs: 12 ▲ Deadline Jul 2026 | AML Fines (2026): $2.1B ▲ Global Crypto | KYC Verifications: 890M ▲ 2025 Global | Travel Rule: 72% ▲ VASP Compliance | SEC No-Action: 4 Letters ▲ Tokenized Securities | Compliance Software: $1.8B ▲ Market Size | VASP Registrations: 3,400+ ▲ Global | 1099-DA Deadline: Jan 2027 ▼ First Filing | MiCA Licensed CASPs: 12 ▲ Deadline Jul 2026 | AML Fines (2026): $2.1B ▲ Global Crypto | KYC Verifications: 890M ▲ 2025 Global | Travel Rule: 72% ▲ VASP Compliance | SEC No-Action: 4 Letters ▲ Tokenized Securities | Compliance Software: $1.8B ▲ Market Size | VASP Registrations: 3,400+ ▲ Global | 1099-DA Deadline: Jan 2027 ▼ First Filing |

Privacy Policy

Privacy Policy

Effective Date: March 17, 2026 Last Updated: March 17, 2026 Data Controller: The Vanderbilt Portfolio AG, Zurich, Switzerland

This Privacy Policy explains how Tokenization Compliance (“we,” “us,” or “our”), operated by The Vanderbilt Portfolio AG, collects, uses, stores, shares, and protects your personal data when you access or use our website at tokenizationcompliance.com (the “Site”). This policy applies to all visitors, subscribers, and users of our compliance intelligence platform.

We are committed to protecting your privacy and processing your personal data in compliance with the Swiss Federal Act on Data Protection (FADP), the European Union General Data Protection Regulation (GDPR), and other applicable data protection legislation.

1. Data Controller Information

The Vanderbilt Portfolio AG Zurich, Switzerland Email: info@tokenizationcompliance.com

For data protection inquiries, contact our data protection function at info@tokenizationcompliance.com.

2. Personal Data We Collect

2.1 Data You Provide Directly

When you interact with our Site, you may voluntarily provide us with personal data, including:

  • Contact Information: Name, email address, organization name, job title, and phone number when you submit inquiries, subscribe to newsletters, or request compliance intelligence.
  • Account Information: Email address and password if you create an account on our platform.
  • Communication Data: The content of emails, messages, or form submissions you send to us.
  • Professional Information: Your role, organization, jurisdiction of operation, and compliance interests when you complete surveys or request tailored analysis.

2.2 Data Collected Automatically

When you visit our Site, we automatically collect certain technical data through cookies and similar technologies:

  • Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data: Pages visited, time spent on pages, click patterns, referral URLs, entry and exit pages, and navigation paths through the Site.
  • Location Data: Approximate geographic location derived from your IP address (country and city level only).
  • Cookie Data: Information stored and retrieved by cookies and similar tracking technologies as described in our Cookie Policy.

2.3 Data from Third Parties

We may receive personal data from third-party sources, including:

  • Analytics providers (such as Google Analytics)
  • Advertising networks
  • Social media platforms when you interact with our content
  • Business data providers for institutional subscriber verification

We process your personal data on the following legal bases under GDPR Article 6:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as receiving newsletters or marketing communications.
  • Contractual Necessity (Article 6(1)(b)): Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, such as providing subscription services.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights. Our legitimate interests include operating and improving our Site, analyzing usage patterns, preventing fraud, and ensuring network security.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation, such as tax record-keeping or responding to regulatory authorities.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Delivery: To provide you with access to our compliance intelligence content, process subscriptions, and deliver requested analysis.
  • Communication: To respond to your inquiries, send service-related notifications, and deliver newsletters and regulatory alerts you have subscribed to.
  • Site Improvement: To analyze usage patterns, diagnose technical issues, optimize content and navigation, and develop new features.
  • Security: To detect and prevent fraud, unauthorized access, and other security threats to our Site and users.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Marketing: With your consent, to send you information about our services, events, and publications that may be relevant to your compliance responsibilities.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party companies that provide services on our behalf, including hosting providers, email service providers, analytics providers, and payment processors. These providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures.
  • Affiliated Entities: Other entities within The Vanderbilt Portfolio network for internal administrative purposes and to provide integrated services.
  • Legal Requirements: When required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Switzerland and the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission
  • Other legally recognized transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law:

  • Account Data: Retained for the duration of your account and for 12 months after account closure.
  • Communication Data: Retained for 24 months after the last communication.
  • Analytics Data: Aggregated and anonymized within 26 months of collection.
  • Legal and Tax Records: Retained for the period required by applicable law (typically 7-10 years).

8. Your Rights

Under the GDPR and Swiss data protection law, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Swiss FDPIC or your local supervisory authority.

To exercise any of these rights, contact us at info@tokenizationcompliance.com. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and penetration testing
  • Secure data storage with reputable cloud infrastructure providers
  • Employee training on data protection and security practices

10. Children’s Privacy

Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised “Last Updated” date. We encourage you to review this policy periodically.

For material changes that significantly affect how we process your personal data, we will provide prominent notice on our Site or contact you directly where required by law.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected personal information, the business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.

Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt Out of Sale/Sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes. If our practices change, we will update this policy and provide an opt-out mechanism.

Right to Limit Use of Sensitive Personal Information. If we collect sensitive personal information as defined under the CCPA/CPRA, you have the right to limit our use and disclosure of that information.

Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email address, IP address), internet or electronic network activity information (browsing history, search history, interaction with our Site), geolocation data (approximate location from IP address), and professional or employment-related information (job title, organization).

Retention. We retain each category of personal information for the periods described in Section 7 above.

To exercise your California privacy rights, contact us at info@tokenizationcompliance.com or submit a request through our contact page. We will verify your identity before processing your request and respond within 45 days.

Authorized Agents. You may designate an authorized agent to make a request on your behalf. We may require proof of the agent’s authorization and verification of your identity before processing the request.

13. Swiss Federal Act on Data Protection (FADP)

For users located in Switzerland, we process your personal data in accordance with the revised Swiss Federal Act on Data Protection (FADP) effective September 1, 2023. Under the FADP:

  • We provide transparent information about data processing activities in this Privacy Policy.
  • We implement appropriate technical and organizational measures to ensure data security.
  • We conduct data protection impact assessments where required for high-risk processing activities.
  • We maintain a register of processing activities as required by the FADP.
  • Cross-border data transfers are subject to appropriate safeguards, including reliance on adequacy decisions by the Swiss Federal Council or standard contractual clauses.

The Swiss Federal Data Protection and Information Commissioner (FDPIC) is the competent supervisory authority for data protection matters in Switzerland. You may contact the FDPIC at www.edoeb.admin.ch.

14. Contact Us

If you have questions about this Privacy Policy or our data protection practices, please contact:

The Vanderbilt Portfolio AG Data Protection Zurich, Switzerland Email: info@tokenizationcompliance.com

Institutional Access

Coming Soon