Privacy Policy

Last updated: February 16, 2026

Data Controller

SEC Tokenization ("the Platform"), operated from Vevey, Canton of Vaud, Switzerland, is the data controller for personal information collected through this website. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable data protection legislation including the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), and applicable US state privacy laws including the Virginia Consumer Data Protection Act, Colorado Privacy Act, and Connecticut Data Privacy Act.

Information We Collect

We collect information through automated technologies when you visit the Platform: IP addresses, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and interaction patterns. This data is collected through cookies and similar tracking technologies deployed by Google Analytics and Google AdSense. We also collect information you voluntarily provide through our contact form: name, email address, subject, and message content.

How We Use Your Information

Automated data is used for website analytics (understanding traffic patterns and content performance), ad personalization through Google AdSense (displaying relevant advertisements), and security monitoring. Contact form data is used solely to respond to your inquiry. We do not sell personal information to third parties. We do not use personal data for purposes beyond those described in this policy.

Google and Partner Technologies

This Platform uses Google Analytics for traffic analysis and Google AdSense for advertising. Google and its advertising partners use cookies to serve ads based on your prior visits to this and other websites. You may opt out of personalized advertising by visiting Google Ads Settings. For more information about how Google uses data from partner sites, visit Google Privacy & Terms.

Your Rights Under CCPA

If you are a California resident, you have the right to: know what personal information is collected, disclosed, or sold; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and non-discrimination for exercising your privacy rights. California residents may submit requests by contacting info@sectokenization.com.

Your Rights Under GDPR

If you are located in the European Economic Area, you have the right to: access your personal data and obtain a copy, rectify inaccurate or incomplete data, request erasure ("right to be forgotten"), restrict processing, data portability, object to processing based on legitimate interests, and withdraw consent at any time.

US State Privacy Law Compliance

We comply with applicable state privacy laws including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA). Residents of these states have rights to access, correct, delete, and opt out of certain processing activities. We process these requests through the same channel as CCPA inquiries.

Cookie Management, Security, and Data Retention

The Platform deploys a cookie consent mechanism on first visit. You may accept or decline non-essential cookies. Essential cookies required for basic website functionality are deployed regardless of consent. Analytics data is retained for 26 months. Contact form submissions are retained for 12 months after resolution. We implement HTTPS encryption, access controls, and regular security reviews. Data may be processed by Google in jurisdictions outside your country of residence.

Children's Privacy and Contact

The Platform is not directed at individuals under 16. We do not knowingly collect information from children. For all data protection inquiries, contact info@sectokenization.com. We acknowledge inquiries within 48 hours and provide substantive responses within 30 days.

Third-Party Services

The Platform uses the following third-party services that may process personal data: Google Analytics (website traffic analysis, operated by Google LLC), Google AdSense (advertising, operated by Google LLC), and Google Fonts (typography delivery, operated by Google LLC). Each third-party service operates under its own privacy policy and data processing terms. We have implemented data processing agreements with third-party service providers where required by applicable data protection legislation.

International Data Transfers

Data may be processed by Google and advertising partners in jurisdictions outside your country of residence, including the United States. These transfers are governed by Standard Contractual Clauses and other appropriate safeguards as required by applicable data protection law. We ensure all international data transfers comply with applicable requirements and that adequate protections are in place for personal data transferred outside the European Economic Area or Switzerland.

Do Not Track and Policy Updates

The Platform currently does not respond to browser Do Not Track signals. We recognize that industry standards for Do Not Track remain in development and will adjust our practices as consensus standards emerge. We may update this Privacy Policy periodically to reflect changes in data processing practices, applicable legislation, or regulatory guidance. Material changes will be communicated through a prominent notice on the Platform. The current version with last-updated date is always available at this URL. We encourage regular review.

Security Measures and Retention

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include HTTPS encryption for all data transmission, access controls limiting data access to authorized personnel, regular security reviews, and prompt incident response procedures. No method of electronic transmission is completely secure and we cannot guarantee absolute security. We retain analytics data for 26 months and contact submissions for 12 months after resolution. Data is processed in accordance with applicable retention requirements under US and European data protection law.

Compliance Program

We maintain a comprehensive privacy compliance program that includes regular review of data processing activities against applicable legislation, staff training on data protection obligations, vendor due diligence for third-party services that process personal data, and incident response procedures aligned with regulatory notification timelines. Our compliance program reflects the standards expected of institutional intelligence platforms serving financial services professionals who operate under their own stringent data protection and information security obligations.