Privacy Policy

1. Introduction

BitTaxly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency tax reporting service.

By using BitTaxly, you agree to the collection and use of information in accordance with this policy. This Privacy Policy complies with the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name (optional), password (encrypted)
• Wallet Addresses: Public blockchain wallet addresses you choose to analyze
• OAuth Information: If you sign in with Google, we receive your name and email

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the service
• Device Information: Browser type, operating system, IP address (hashed for privacy)
• Cookies: Session cookies for authentication (essential cookies only)

2.3 Blockchain Data

We fetch publicly available blockchain data (token balances, transaction history) from public blockchain networks. This data is already public on the blockchain and does not constitute personal information.

3. How We Use Your Information

• To provide and maintain our service
• To authenticate your account and manage sessions
• To analyze wallet holdings and generate tax reports
• To save your analysis history (if you're logged in)
• To send verification emails and important service updates
• To improve our service and user experience
• To detect and prevent fraud or abuse
• To comply with legal obligations

4. Data Storage and Security

4.1 Security Measures

• Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Password Security: Passwords hashed with bcrypt (12 rounds, irreversible)
• Database Security: Row-level security ensures users only access their own data
• Access Control: Strict authentication and authorization on all API endpoints
• Rate Limiting: Protection against brute force and abuse attacks

4.2 Data Storage

Your data is stored on secure servers provided by Supabase (SOC 2 Type II and ISO 27001 certified). Data can be stored in EU regions for GDPR compliance upon request.

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We share data with trusted service providers who help us operate our service:

• Supabase: Database and authentication (SOC 2, ISO 27001, GDPR compliant)
• Vercel: Hosting and deployment (SOC 2, ISO 27001 certified)
• Blockchain RPC Providers: To fetch public blockchain data (Alchemy, QuickNode, Helius)
• Email Service: To send verification and notification emails

5.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

6. Your Rights (GDPR & FADP)

Under GDPR and Swiss data protection law, you have the following rights:

• Right to Access: Request a copy of all your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your account and all associated data
• Right to Data Portability: Export your data in machine-readable format (JSON)
• Right to Object: Object to processing of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise your rights: Email us at privacy@bittaxly.com or use the data export/deletion features in your account settings.

7. Data Retention

• Account Data: Retained until you delete your account
• Analysis History: Retained until you delete it or your account
• Logs: Security and access logs retained for 90 days
• After Account Deletion: All data permanently deleted within 30 days

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies required for the service to function:

• Authentication Cookies: To keep you logged in
• Session Cookies: To maintain your session state
• Preference Cookies: To remember your theme preference (light/dark mode)

8.2 Analytics (Optional)

We may use privacy-focused analytics to improve our service. You can opt-out of analytics in your account settings.

9. International Data Transfers

Your data may be transferred and stored in countries outside your residence. We ensure appropriate safeguards are in place for international transfers, including:

• EU Standard Contractual Clauses (SCCs)
• Data Processing Agreements with all service providers
• Option to store data in EU regions for EU/Swiss users

10. Children's Privacy

BitTaxly is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us: