Skip to content
nyance
Back to home

Privacy Policy

Last updated: May 14, 2026

This English version is provided for convenience only. In the event of any discrepancy, the French version prevails.

Preamble

This privacy policy (the "Policy") describes how Nyance Inc. ("Nyance", "we") collects, uses, shares, and protects the personal data of visitors to and waitlist registrants of the website www.nyance.io (the "Site").

This Policy complies with Regulation (EU) 2016/679 of 27 April 2016 ("GDPR"), which applies whenever we offer our services to individuals located in the European Union, pursuant to Article 3(2)(a) thereof.

1. Data Controller

The data controller for the data collected via the Site is:

2. Representative in the European Union

Pursuant to Article 27 of the GDPR, since Nyance Inc. is established outside the European Union and targets EU residents, it will appoint a representative in the European Union. The contact details of this representative will be published as soon as they are appointed.

For any question relating to the protection of your data, you may write to us at privacy@nyance.io.

3. Data Collected

3.1 Data you provide directly

When you sign up for the waitlist or contact us, we may collect:

3.2 Data collected automatically

While you browse the Site, we may collect:

3.3 Categories of data we do NOT collect

As of the date hereof, we do not collect or process any KYC data (identity documents, proof of address) or any banking data (IBAN, payment card data). Such data may only be collected once the investment platform is actually launched, and will then be subject to a specific privacy policy.

4. Purposes and Legal Bases for Processing

PurposeData concernedLegal basis (Art. 6 GDPR)
Managing the waitlist and providing launch informationEmail, first name, last name, referral codeConsent (Art. 6(1)(a))
Sending the welcome email and project-related communicationsEmail, first name, last nameConsent (Art. 6(1)(a))
Responding to your contact requestsEmail, message contentPre-contractual measures or legitimate interest (Art. 6(1)(b) or 6(1)(f))
Anonymous audience measurement (Vercel Analytics)Aggregated technical data, cookielessLegitimate interest (Art. 6(1)(f))
Detailed audience measurement (Google Analytics 4)Cookies, anonymized IP, browsing eventsConsent (Art. 6(1)(a))
Site security, rate limiting, abuse preventionIP address, technical logsLegitimate interest (Art. 6(1)(f))
Compliance with our legal and regulatory obligationsAs applicableLegal obligation (Art. 6(1)(c))

5. Recipients and Processors

Your data may be disclosed to the following processors, acting on our behalf within the meaning of Article 28 of the GDPR:

ProcessorPurposeLocation
Vercel Inc.Site hosting, Vercel Analytics and Speed Insights (cookieless)USA + European Union + global CDN
Supabase Inc.PostgreSQL database (storage of waitlist registrations)European Union
Loops Email Inc.Sending the welcome email and managing marketing contactsUSA
Google LLCGoogle Analytics 4 — audience measurement (only after your consent)USA + EU
Zoho CorporationProfessional mailboxes (functional roles on the nyance.io domain)European Union

Each of these processors is bound by a data processing agreement compliant with Article 28 of the GDPR. Your data is never sold to third parties.

6. Transfers Outside the European Union

Some of our processors (in particular Vercel, Loops, and Google) may process your data in the United States. Supabase and Zoho process your data within the European Union.

Transfers to the United States are governed by the appropriate safeguards provided for under Chapter V of the GDPR, in particular:

You may obtain a copy of these safeguards by writing to privacy@nyance.io.

7. Retention Period

Your data is retained for the following periods:

At the end of these periods, the data is deleted or anonymized.

8. Cookies and Trackers

8.1 Strictly necessary storage (no consent required)

The Site stores the following technical items in your browser, which are essential to its operation and exempt from consent under Article 82 of the French Data Protection Act (Loi Informatique et Libertés):

8.2 Cookieless audience measurement (no consent required)

We use Vercel Analytics and Vercel Speed Insights, which measure Site audience anonymously and on an aggregated basis, without setting any cookies or collecting directly identifying personal data. These tools fall under the legitimate interest regime and comply with the CNIL's guidelines on audience measurement tools exempt from consent.

8.3 Audience measurement cookies (subject to your consent)

We use Google Analytics 4 for more detailed audience measurement (conversion funnels, traffic sources, custom events). These cookies are only set after your explicit consent, given via the cookie banner that appears on your first visit.

In accordance with Google Consent Mode v2, all advertising and analytics consent is set to denied by default. No data is transmitted to Google until you have clicked "Accept." The IP address transmitted is anonymized (anonymize_ip).

You may change your choice at any time by clicking "Manage my cookies" in the Site's footer.

9. Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR: encryption of data in transit (TLS), strict access control to the database, logging, and hosting with compliant providers.

Caution: Nyance will never ask you for your login credentials, password, a 2FA code, or a payment by email or phone. If you have any doubt about a communication, write to us at privacy@nyance.io for verification.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we undertake to notify you without undue delay, in accordance with Article 34 of the GDPR.

10. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

To exercise these rights, write to privacy@nyance.io. Proof of identity may be requested in the event of reasonable doubt. We will respond to your request within one month, which may be extended by two months for complex requests.

11. Right to Lodge a Complaint

If you believe that the processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

For example, in France: Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715, 75334 Paris Cedex 07, www.cnil.fr.

12. Minors

The Site is not intended for minors. We do not knowingly collect any data concerning persons under the age of 18. If you believe that a minor has provided us with their data, please notify us at privacy@nyance.io; we will proceed to delete it as soon as possible.

13. Changes to the Policy

This Policy may be updated from time to time. Any substantial change will be brought to your attention by any appropriate means (notice on the Site, email). The date of the last update appears at the top of this document.

14. Contact

For any question regarding this Policy or your personal data: privacy@nyance.io.