Privacy Policy

Last updated: February 2026

Vyzor (“Vyzor”, “we”, “us”) is an independent tokenization advisory firm registered in the Netherlands. We take your privacy seriously. This policy explains what personal data we collect through our website (vyzor.capital), why we collect it, how we use it, and what rights you have.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).

1. Controller

The data controller for this website is:

Vyzor
The Netherlands
Email: info@vyzor.capital

If you have questions about how we handle your data, contact us at the email address above.

2. What data we collect and why

2.1 Contact form and email

When you contact us through our website or by email, we collect your name, organisation, email address, and whatever information you include in your message. We process this data to respond to your enquiry and, where applicable, to explore a potential advisory engagement.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — it is in our mutual interest to respond to your enquiry. Where your message leads to a contractual relationship, the legal basis becomes performance of a contract (Article 6(1)(b) GDPR).

2.2 Website analytics

We use privacy-friendly analytics to understand how visitors use our website — for example, which pages are visited most and which countries our visitors come from. We do not use Google Analytics. Our analytics solution does not place tracking cookies, does not collect personal data, and does not track individual visitors across sessions or websites.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — understanding aggregate visitor behaviour helps us improve our website.

2.3 Hosting and server logs

Our website is hosted on Vercel. When you visit our site, Vercel may temporarily process your IP address and basic request data (browser type, page requested, timestamp) as part of normal server operations. This data is not used to identify individual visitors and is not retained beyond what is technically necessary.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — ensuring the website operates securely and reliably.

2.4 Cookies

We use only strictly necessary cookies required for the website to function (for example, remembering cookie consent preferences). We do not use advertising cookies, tracking cookies, or social media cookies. Strictly necessary cookies do not require consent under the Dutch Telecommunications Act (Telecommunicatiewet).

If we introduce any non-essential cookies in the future, we will update this policy and ask for your consent before placing them.

2.5 AI Readiness Assessment

Our website offers a free AI readiness assessment. When you use this feature, we collect the information you provide in the intake form (name, company, role) and the conversation you have with our AI advisor. This data is processed for two purposes:

• To provide the assessment: Your responses are sent to Anthropic (Claude) via their API for analysis. Anthropic processes this data as a sub-processor on our behalf and does not use it to train their models. See Anthropic's privacy policy.
• To follow up with a recommendation: If you submit the lead form after your assessment, your name, company, role, email address, optional notes, assessment result, and conversation transcript are emailed to Vyzor via Resend (our email delivery provider) so we can follow up with a tailored recommendation.

Your assessment results are stored locally in your browser (localStorage) for up to 7 days so you can return to your results without repeating the assessment. This data never leaves your device unless you explicitly submit the lead form.

Legal basis: Consent (Article 6(1)(a) GDPR) — you choose to start the assessment and are informed before doing so that your responses will be processed by our AI advisor and shared with Vyzor.

3. Who we share data with

We do not sell, rent, or trade your personal data.

We may share your data with the following categories of recipients, only to the extent necessary:

• Hosting provider (Vercel Inc., USA) — for website delivery and server operations.
• Email provider (Resend Inc., USA) — for processing email communications and assessment lead notifications.
• AI provider (Anthropic PBC, USA) — for processing AI readiness assessment conversations. Data is processed via their API and is not used for model training.
• Professional advisors — legal counsel or accountants, where required by law or in connection with an engagement.

Where data is transferred outside the European Economic Area (EEA) — for example, to Vercel in the United States — we ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

4. How long we keep data

• Contact form submissions and correspondence: Retained for the duration of our professional relationship plus 7 years, in line with Dutch statutory retention obligations.
• Server logs: Retained by our hosting provider for the minimum period necessary for operational purposes (typically 30 days or less).
• Analytics data: Aggregated and anonymised — no personal data is retained.
• AI assessment data (browser): Stored in your browser's localStorage for 7 days, then automatically deleted. You can clear it at any time via your browser settings or by clicking “Retake assessment”.
• AI assessment leads: If you submit the lead form, your data is retained in the same manner as contact form submissions (see above).

5. Your rights

Under the GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data (subject to legal retention obligations).
• Restriction — ask us to limit how we use your data.
• Data portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@vyzor.capital. We will respond within 30 days.

6. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS), access controls, and secure hosting infrastructure.

7. Supervisory authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
PO Box 93374, 2509 AJ The Hague
www.autoriteitpersoonsgegevens.nl

8. Changes to this policy

We may update this privacy policy from time to time. The latest version will always be available at vyzor.capital/privacy. We will not materially reduce your rights under this policy without notifying you.

Vyzor · Amsterdam, The Netherlands · info@vyzor.capital