March 22, 2026
Methodology About Contact
TOKENIZATION GOVERNANCE
The Vanderbilt Terminal for Digital Asset Governance
INDEPENDENT GLOBAL INTELLIGENCE FOR INSTITUTIONAL GOVERNANCE
DAO Treasury AUM: $24.6B ▲ +18% YoY | Governance Proposals: 4,200/mo ▲ Cross-protocol | Protocol Votes Cast: 1.8M ▲ Mar 2026 | Institutional Funds: 147 ▲ Tokenized | Basel III Exposure: 2% Cap ▼ Group 2 Assets | PoR Adopters: 34 Exchanges ▲ +12 in 2025 | Smart Contract Audits: 2,800 ▲ 2026 YTD | Gov Token Mkt Cap: $18.3B ▲ +22% YoY | DAO Treasury AUM: $24.6B ▲ +18% YoY | Governance Proposals: 4,200/mo ▲ Cross-protocol | Protocol Votes Cast: 1.8M ▲ Mar 2026 | Institutional Funds: 147 ▲ Tokenized | Basel III Exposure: 2% Cap ▼ Group 2 Assets | PoR Adopters: 34 Exchanges ▲ +12 in 2025 | Smart Contract Audits: 2,800 ▲ 2026 YTD | Gov Token Mkt Cap: $18.3B ▲ +22% YoY |

Privacy Policy

Privacy Policy

Effective Date: March 17, 2026 Last Updated: March 17, 2026

Tokenization Governance (“we,” “us,” or “our”) operates the website tokenizationgovernance.com (the “Site”). Please also review our Cookie Policy and Terms of Service for additional information. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit or interact with our Site. This policy is designed to comply with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Swiss Federal Act on Data Protection (FADP/nDSG), and other applicable data protection laws.

By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Site.

1. Data Controller Information

The data controller responsible for the processing of personal data collected through this Site is:

Tokenization Governance A publication of The Vanderbilt Portfolio Email: info@tokenizationgovernance.com

For EU/EEA data subjects, you may contact us regarding any data protection inquiry at the email address above. For Swiss data subjects, the same contact serves as the point of contact for data protection matters under the FADP.

2. Information We Collect

2.1 Information Collected Automatically

When you visit our Site, we automatically collect certain technical information, including:

  • IP address and approximate geographic location
  • Browser type, version, and language preferences
  • Operating system and device type
  • Pages visited, time spent on pages, and navigation paths
  • Referring URL and exit pages
  • Date and time of each visit

This information is collected through server logs, cookies, and similar tracking technologies as described in Section 9 of this policy.

2.2 Information You Provide Voluntarily

We may collect information that you voluntarily provide, including:

  • Name and email address when you subscribe to newsletters or contact us
  • Professional title and organization when provided in correspondence
  • Content of messages sent through contact forms or email
  • Any other information you choose to share with us

2.3 Information from Third Parties

We may receive information about you from third-party analytics services, advertising partners, and social media platforms, consistent with their respective privacy policies and your privacy settings on those platforms.

We process personal data for the following purposes and on the following legal bases:

PurposeLegal Basis (GDPR Art. 6)FADP Basis
Site operation and improvementLegitimate interest (Art. 6(1)(f))Legitimate interest (Art. 31(1))
Analytics and usage statisticsConsent (Art. 6(1)(a)) or Legitimate interestConsent or Legitimate interest
Newsletter deliveryConsent (Art. 6(1)(a))Consent (Art. 31(1))
Responding to inquiriesContract performance (Art. 6(1)(b))Performance of contract
Advertising and measurementConsent (Art. 6(1)(a))Consent
Security and fraud preventionLegitimate interest (Art. 6(1)(f))Overriding interest
Legal complianceLegal obligation (Art. 6(1)(c))Legal obligation (Art. 31(1))

Where we rely on legitimate interest as a legal basis, we have conducted a balancing test to ensure that our processing does not override your fundamental rights and freedoms. You may request details of these assessments by contacting us.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service Providers: Third-party vendors that perform services on our behalf, including hosting, analytics, email delivery, and advertising services. These providers are contractually obligated to protect your information and use it only for the services they provide to us. For EU/EEA and Swiss data subjects, we ensure appropriate data processing agreements are in place.
  • Advertising Partners: Third-party advertising networks that may use cookies and similar technologies to deliver targeted advertisements. See Section 9 for details and opt-out options.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify affected data subjects of any change in data controller.
  • Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction.

For EU/EEA Data Subjects: When we transfer personal data outside the EU/EEA, we ensure adequate protection through one or more of the following mechanisms:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Your explicit consent for specific transfers

For Swiss Data Subjects: When we transfer personal data outside Switzerland, we ensure protection in accordance with the FADP through:

  • Swiss Federal Council adequacy decisions
  • Standard Contractual Clauses recognized under the FADP
  • Other appropriate safeguards as specified in Art. 16 FADP
  • Your explicit consent for specific transfers

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Analytics data: Retained according to the retention settings of the respective analytics platform, generally not exceeding 26 months
  • Newsletter subscriber data: Retained until you unsubscribe or request deletion
  • Contact form submissions: Retained for 24 months from the date of last correspondence
  • Server logs: Retained for 90 days for security and diagnostic purposes

7. Your Rights

7.1 Rights Under GDPR (EU/EEA Data Subjects)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements
  • Right to Restriction (Art. 18): Request restriction of processing of your personal data
  • Right to Data Portability (Art. 20): Request transfer of your personal data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
  • Right Not to be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal or significant effects

To exercise these rights, contact us at info@tokenizationgovernance.com. We will respond within 30 days as required by the GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share personal information
  • Right to Delete: Request deletion of personal information we have collected from you
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information. We do not sell personal information. To opt out of sharing for cross-context behavioral advertising, use our cookie preference controls
  • Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information to purposes necessary to provide our services
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To exercise these rights, contact us at info@tokenizationgovernance.com or submit a verifiable consumer request. We will respond within 45 days as required by the CCPA. We may request verification of your identity before processing your request.

Categories of Personal Information Collected (CCPA Disclosure):

  • Identifiers (name, email address, IP address)
  • Internet or network activity (browsing history, interactions with our Site)
  • Geolocation data (approximate location derived from IP address)
  • Professional information (job title, organization, when voluntarily provided)

7.3 Rights Under Swiss FADP (Swiss Data Subjects)

If you are located in Switzerland, you have the following rights under the Federal Act on Data Protection (FADP/nDSG), effective September 1, 2023:

  • Right of Access (Art. 25): Request information about whether and what personal data we process about you, the purpose of processing, the retention period, the sources of data, and any recipients of data transfers
  • Right to Rectification (Art. 32(1)): Request correction of inaccurate personal data
  • Right to Erasure or Destruction (Art. 32(2)(c)): Request deletion or destruction of your personal data
  • Right to Data Portability (Art. 28): Request your personal data in a commonly used electronic format or request transfer to another controller
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise these rights, contact us at info@tokenizationgovernance.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

Cross-Border Data Transfer Disclosure (Swiss): We may transfer your personal data to countries that do not provide an adequate level of data protection as determined by the Swiss Federal Council. In such cases, we ensure appropriate safeguards as described in Section 5 of this policy.

8. Data Security

We implement reasonable technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL)
  • Access controls and authentication requirements
  • Regular security assessments and vulnerability testing
  • Secure development practices for our web infrastructure
  • Employee and contractor confidentiality obligations

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify affected data subjects and relevant supervisory authorities as required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect usage data and improve our services. For full details, see our Cookie Policy. Categories include:

  • Strictly Necessary Cookies: Essential for Site functionality. No consent required.
  • Analytics Cookies: Help us understand how visitors interact with our Site. Set with your consent.
  • Advertising Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. Set with your consent.
  • Functional Cookies: Enable enhanced functionality and personalization. Set with your consent.

You can manage cookie preferences through your browser settings or our cookie consent management tool. For EU/EEA and Swiss visitors, non-essential cookies are only placed with your prior consent in accordance with the ePrivacy Directive and applicable local law.

10. Children’s Privacy

Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us.

Our Site may contain links to third-party websites, services, or resources. For information about how we produce our content, see our Methodology. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Do Not Track Signals

Our Site does not currently respond to Do Not Track (DNT) browser signals. However, you can manage tracking through cookie preferences and browser-level privacy controls as described in Section 9.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised “Last Updated” date. For material changes affecting EU/EEA or Swiss data subjects, we will provide notice through our Site or by email where possible. Your continued use of the Site after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us and Supervisory Authorities

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: info@tokenizationgovernance.com

Tokenization Governance A Vanderbilt Portfolio Publication

EU/EEA Data Subjects: If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Swiss Data Subjects: You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch/.

California Residents: You may also contact the California Attorney General’s office at https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.

Institutional Access

Coming Soon