Privacy Policy
Last updated: May 14, 2026
This English version is provided for convenience only. In the event of any discrepancy, the French version prevails.
Preamble
This privacy policy (the "Policy") describes how Nyance Inc. ("Nyance", "we") collects, uses, shares, and protects the personal data of visitors to and waitlist registrants of the website www.nyance.io (the "Site").
This Policy complies with Regulation (EU) 2016/679 of 27 April 2016 ("GDPR"), which applies whenever we offer our services to individuals located in the European Union, pursuant to Article 3(2)(a) thereof.
1. Data Controller
The data controller for the data collected via the Site is:
- Nyance Inc.
- Delaware C Corporation – File Number 10605400
- 555 East Loockerman Street, Suite 320, Dover, DE 19901, USA
- Contact: privacy@nyance.io
2. Representative in the European Union
Pursuant to Article 27 of the GDPR, since Nyance Inc. is established outside the European Union and targets EU residents, it will appoint a representative in the European Union. The contact details of this representative will be published as soon as they are appointed.
For any question relating to the protection of your data, you may write to us at privacy@nyance.io.
3. Data Collected
3.1 Data you provide directly
When you sign up for the waitlist or contact us, we may collect:
- email address;
- first and last name;
- incoming referral code (passed via the
?ref=parameter in the URL, where applicable), temporarily stored in your browser's sessionStorage under the keynyance_ref; - a referral code generated for you, assigned deterministically from your email address;
- any other information you freely choose to share with us (for example, the content of a message sent to hello@nyance.io or privacy@nyance.io).
3.2 Data collected automatically
While you browse the Site, we may collect:
- IP address (used for rate limiting and abuse prevention purposes);
- browser type and version, operating system, device type;
- pages viewed, time spent viewing, referring source (referrer);
- cookie and tracker identifiers, where you have given your consent (see section 8).
3.3 Categories of data we do NOT collect
As of the date hereof, we do not collect or process any KYC data (identity documents, proof of address) or any banking data (IBAN, payment card data). Such data may only be collected once the investment platform is actually launched, and will then be subject to a specific privacy policy.
4. Purposes and Legal Bases for Processing
| Purpose | Data concerned | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Managing the waitlist and providing launch information | Email, first name, last name, referral code | Consent (Art. 6(1)(a)) |
| Sending the welcome email and project-related communications | Email, first name, last name | Consent (Art. 6(1)(a)) |
| Responding to your contact requests | Email, message content | Pre-contractual measures or legitimate interest (Art. 6(1)(b) or 6(1)(f)) |
| Anonymous audience measurement (Vercel Analytics) | Aggregated technical data, cookieless | Legitimate interest (Art. 6(1)(f)) |
| Detailed audience measurement (Google Analytics 4) | Cookies, anonymized IP, browsing events | Consent (Art. 6(1)(a)) |
| Site security, rate limiting, abuse prevention | IP address, technical logs | Legitimate interest (Art. 6(1)(f)) |
| Compliance with our legal and regulatory obligations | As applicable | Legal obligation (Art. 6(1)(c)) |
5. Recipients and Processors
Your data may be disclosed to the following processors, acting on our behalf within the meaning of Article 28 of the GDPR:
| Processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Site hosting, Vercel Analytics and Speed Insights (cookieless) | USA + European Union + global CDN |
| Supabase Inc. | PostgreSQL database (storage of waitlist registrations) | European Union |
| Loops Email Inc. | Sending the welcome email and managing marketing contacts | USA |
| Google LLC | Google Analytics 4 — audience measurement (only after your consent) | USA + EU |
| Zoho Corporation | Professional mailboxes (functional roles on the nyance.io domain) | European Union |
Each of these processors is bound by a data processing agreement compliant with Article 28 of the GDPR. Your data is never sold to third parties.
6. Transfers Outside the European Union
Some of our processors (in particular Vercel, Loops, and Google) may process your data in the United States. Supabase and Zoho process your data within the European Union.
Transfers to the United States are governed by the appropriate safeguards provided for under Chapter V of the GDPR, in particular:
- the recipient's adherence to the EU-U.S. Data Privacy Framework (where applicable);
- the execution of Standard Contractual Clauses adopted by the European Commission (Decision (EU) 2021/914);
- the implementation, where necessary, of supplementary technical and organizational measures.
You may obtain a copy of these safeguards by writing to privacy@nyance.io.
7. Retention Period
Your data is retained for the following periods:
- Waitlist and prospecting data: until you unsubscribe or, failing that, 3 years from your last active contact with us.
- Contact data (emails sent to our addresses): 3 years from the last exchange.
- Audience measurement data and cookies: 14 months maximum (GA4 configuration; Vercel Analytics does not set any cookies).
- Cookie consent preference: 13 months maximum, in accordance with the CNIL's recommendation.
- Technical and security logs: 12 months maximum.
- Data whose retention is required by law: for the applicable statutory period.
At the end of these periods, the data is deleted or anonymized.
8. Cookies and Trackers
8.1 Strictly necessary storage (no consent required)
The Site stores the following technical items in your browser, which are essential to its operation and exempt from consent under Article 82 of the French Data Protection Act (Loi Informatique et Libertés):
localStorage["nyance-theme"]: your theme preference (light/dark).localStorage["nyance-cookie-consent"]: your choice regarding analytics cookies (granted / denied), retained for 13 months maximum.sessionStorage["nyance_ref"]: incoming referral code passed via the URL, retained only for the duration of the browsing session.
8.2 Cookieless audience measurement (no consent required)
We use Vercel Analytics and Vercel Speed Insights, which measure Site audience anonymously and on an aggregated basis, without setting any cookies or collecting directly identifying personal data. These tools fall under the legitimate interest regime and comply with the CNIL's guidelines on audience measurement tools exempt from consent.
8.3 Audience measurement cookies (subject to your consent)
We use Google Analytics 4 for more detailed audience measurement (conversion funnels, traffic sources, custom events). These cookies are only set after your explicit consent, given via the cookie banner that appears on your first visit.
In accordance with Google Consent Mode v2, all advertising and analytics consent is set to denied by default. No data is transmitted to Google until you have clicked "Accept." The IP address transmitted is anonymized (anonymize_ip).
You may change your choice at any time by clicking "Manage my cookies" in the Site's footer.
9. Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR: encryption of data in transit (TLS), strict access control to the database, logging, and hosting with compliant providers.
Caution: Nyance will never ask you for your login credentials, password, a 2FA code, or a payment by email or phone. If you have any doubt about a communication, write to us at privacy@nyance.io for verification.
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we undertake to notify you without undue delay, in accordance with Article 34 of the GDPR.
10. Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access: to obtain confirmation that your data is being processed and to receive a copy of it.
- Right to rectification: to have inaccurate or incomplete data corrected.
- Right to erasure (the "right to be forgotten"): to request the deletion of your data in the cases provided for by the GDPR.
- Right to restriction of processing.
- Right to data portability: to receive your data in a structured, commonly used, and machine-readable format.
- Right to object: to object to processing based on legitimate interest, and unconditionally to processing for direct marketing purposes.
- Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
- Right to define guidelines regarding the fate of your data after your death (for users residing in France, in accordance with Article 85 of the French Data Protection Act).
To exercise these rights, write to privacy@nyance.io. Proof of identity may be requested in the event of reasonable doubt. We will respond to your request within one month, which may be extended by two months for complex requests.
11. Right to Lodge a Complaint
If you believe that the processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
For example, in France: Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715, 75334 Paris Cedex 07, www.cnil.fr.
12. Minors
The Site is not intended for minors. We do not knowingly collect any data concerning persons under the age of 18. If you believe that a minor has provided us with their data, please notify us at privacy@nyance.io; we will proceed to delete it as soon as possible.
13. Changes to the Policy
This Policy may be updated from time to time. Any substantial change will be brought to your attention by any appropriate means (notice on the Site, email). The date of the last update appears at the top of this document.
14. Contact
For any question regarding this Policy or your personal data: privacy@nyance.io.