TokenForce

Legal

Privacy Policy

How TokenForce ApS collects, uses, and protects your personal data.

Last updated: May 2026

1. Data controller

The data controller for personal data collected through this website is:

TokenForce ApS

Denmark

Email: privacy@tokenforce.finance

TokenForce ApS is incorporated in Denmark. This notice is issued in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and the Danish Data Protection Act (Databeskyttelsesloven).

2. What data we collect and why

We collect personal data where you voluntarily provide it through the waitlist registration form on this website. Providing personal data is voluntary; if you do not provide the required fields, we cannot add you to the waitlist. We also use a self-hosted, cookieless analytics tool to understand aggregate usage of the site (see section 8). We do not use tracking cookies, cross-site trackers, or behavioural advertising tools.

Waitlist registration

When you register for product updates, we collect the following categories of data:

  • Full name (required)
  • Email address (required)
  • Investor type — whether you are investing as an individual or on behalf of an organisation or institution (required)
  • Country of residence — asked of individual investors (required for them)
  • Firm or organisation name — if you are investing on behalf of an organisation or institution (optional)
  • Confirmation of eligibility and consent declarations (required, recorded with a timestamp)
  • Expected first ticket range and sector interests — asked in an optional follow-up step after registration; you can skip both

Purpose and legal basis

We process this data on the legal basis of your consent (Article 6(1)(a) GDPR), given at the time of form submission by ticking the combined confirmation checkbox — which covers receiving TokenForce product and company updates and your acceptance of the Waitlist Declarations (your eligibility and jurisdiction confirmations and the acknowledgment that no securities offer is made and no allocation is reserved) and of this Privacy Policy — and submitting the form. Your consent is recorded with a timestamp.

We use the data for the following purposes:

  • To register your interest in TokenForce products and contact you when products become available.
  • To send you TokenForce product and company updates, including launch notifications, in accordance with the consent you gave at registration.
  • To understand aggregate investor demand and plan our product roadmap, using anonymised and aggregated data where possible.
  • To maintain a record of eligibility confirmations and consent declarations for compliance purposes.
  • To maintain a minimal suppression record (email address, flag, date, and the declarations made) where we cannot lawfully send updates to or serve a registration, so that the address is not contacted again. This processing is based on our legitimate interest in complying with applicable restrictions (Article 6(1)(f) GDPR); other registration data is deleted.

3. How long we keep your data

We retain waitlist registration data for a maximum of 24 months from the date of submission, or until you withdraw your consent, whichever is earlier. After this period, your data is permanently deleted or anonymised.

Consent records (confirmation that you checked the declaration boxes and submitted the form) may be retained for a longer period to the extent required by applicable law or regulatory guidance, as evidence of valid consent.

4. Who we share your data with

Service providers (processors)

We share your personal data with third-party service providers who process data on our behalf: Google Workspace (Google Ireland Ltd., with data stored in the EU data region) for storing waitlist records, Amazon Web Services for hosting this website and its form endpoint, and a self-hosted analytics instance on EU infrastructure. These providers process data only on our instructions under GDPR Article 28 agreements. We do not sell your personal data to any third party.

Legal disclosures

We may disclose personal data if required to do so by applicable law, court order, or regulatory authority — including, where relevant, financial supervisory or data protection authorities.

No marketing to third parties

We do not share, sell, rent, or otherwise disclose your personal data to third parties for their own marketing purposes.

5. International transfers

We aim to process your personal data within the European Economic Area (“EEA”). Where a service provider processes data outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR — either an adequacy decision by the European Commission, or Standard Contractual Clauses approved by the European Commission. Details of the applicable safeguards are available on request at privacy@tokenforce.finance.

6. Your rights

Under the GDPR and the Danish Data Protection Act, you have the following rights in relation to your personal data:

Right of access (Article 15)

You have the right to obtain confirmation of whether we process personal data about you, and to receive a copy of that data, together with information about how it is processed.

Right to rectification (Article 16)

You have the right to have inaccurate personal data corrected, and incomplete personal data completed.

Right to erasure (Article 17)

You have the right to request deletion of your personal data where there is no longer a legal basis for processing it, or where you have withdrawn your consent.

Right to restriction (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while the accuracy of the data is being contested.

Right to object (Article 21)

You have the right to object at any time to the processing of your personal data where that processing is based on our legitimate interests. Where we process your personal data for direct marketing purposes, you have an unconditional right to object. To exercise this right, contact us at privacy@tokenforce.finance.

Right to data portability (Article 20)

Where processing is based on consent and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to withdraw consent (Article 7(3))

Where processing is based on your consent, you may withdraw that consent at any time by contacting us at privacy@tokenforce.finance. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to lodge a complaint

You have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet, www.datatilsynet.dk) if you believe that our processing of your personal data violates applicable data protection law.

To exercise any of the above rights (other than complaint to Datatilsynet), please contact us at privacy@tokenforce.finance. We will respond within one calendar month of receiving your request. In complex or high-volume cases, we may extend this period by a further two months, in which case we will notify you within the initial month.

7. Automated decision-making

We do not use your personal data for automated individual decision-making or profiling that produces legal effects or similarly significant effects concerning you, as described in Article 22 of the GDPR. Waitlist registrations are reviewed manually and no automated eligibility determinations are made on the basis of data submitted through this website.

8. Cookies and analytics

This website does not use tracking cookies or cross-site advertising trackers. To understand how the site is used, we run a self-hosted, privacy-first analytics tool (Umami) on our own infrastructure within the EU. It does not set cookies, does not track you across other websites, and records only aggregate, non-identifying usage signals (such as page views and which calls-to-action are clicked). We do not sell this data or use it for behavioural advertising. We process this aggregate analytics data on the legal basis of our legitimate interest (Article 6(1)(f) GDPR) in understanding how the site is used and improving it; you may object to this processing at any time (see section 6). If we introduce cookies in the future, we will update this notice and seek your consent where required by law. See also our Cookies Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures are reviewed and updated regularly. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify Datatilsynet without undue delay and, where feasible, within 72 hours — and, where required, notify you directly.

10. Changes to this notice

We may update this Privacy Policy from time to time. The date at the top of this page reflects the date of the most recent revision. We will notify registered waitlist participants of material changes by email where we hold a valid email address and where such notification is required by law. Where a change materially affects how we process your personal data, we will inform registered waitlist participants by email before the change takes effect.

11. Contact

All data protection queries, rights requests, and complaints should be directed to:

TokenForce ApS — Data Protection

Email: privacy@tokenforce.finance

The Danish Data Protection Authority (Datatilsynet) can be contacted at www.datatilsynet.dk or by post at Carl Jacobsens Vej 35, 2500 Valby, Denmark.