Privacy Policy

Welcome to Cypher Pal Inc., your trusted partner for cryptocurrency tax calculation and reporting. We are committed to protecting your privacy and personal data with the utmost care and transparency.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website, software application, and related services (collectively, the "Services"). By accessing or using our Services, you signify that you have read, understood, and agree to the collection and use of your information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our Services.

a) Personal Data (Personal Information):

Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes (but is not limited to): name, email address, physical address, phone number, IP address, device ID, unique identifiers, financial transaction data (including cryptocurrency transaction data), wallet addresses, public blockchain data (when linked to an identifiable person), tax identifiers (e.g., Social Insurance Number (SIN), Social Security Number (SSN), Tax Identification Number (TIN)), and any other information that identifies or relates to you.

b) Sensitive Personal Data:

A subset of Personal Data that includes specific categories of data deemed sensitive by various laws (e.g., health data, racial or ethnic origin, religious beliefs, biometric data, precise geolocation).

For the purposes of Crypto Tax Buddy, this may include specific financial identifiers or biometric data if used for identity verification.

c) Processing:

Any operation performed on Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.

d) Services:

Our website, CypherPal software application, and any related features, tools, or support services provided by CypherPal Inc.

e) User/You:

The individual accessing or using our Services.

a) Information You Provide Directly to Us:

• Account Registration Data: When you create an account, we collect your full name, email address, password, country of residence, and potentially your phone number.
• Profile Information Any additional information you choose to provide in your user profile, such as preferred currency, time zone, or language settings.
• Tax-Related Identifiers (if applicable): For certain advanced features or direct filing services, you may choose to provide tax identification numbers (e.g., SSN, SIN, TIN) or other legally required identifiers. We will clearly indicate when such information is required and obtain your explicit consent
• Communications: Information you provide when you contact our customer support, send us feedback, participate in surveys, or interact with us via email or other communication channels.
• Marketing & Preferences: Your preferences for receiving marketing communications and information provided when you sign up for newsletters or promotional offers.

b) Information Collected Automatically (via Technology):

When you access and use our Services, we may automatically collect certain information about your device and usage.

• Usage Data: Information about how you interact with our Services, including IP address, browser type and version, operating system, device type, language settings, pages visited, features used, time spent on pages, referral URLs, and clicks.
• Log Data: Our servers automatically record information that your browser sends whenever you visit our website or use our application. This log data may include your IP address, browser type, and settings, the date and time of your use, and cookie data.
• Cookies & Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to track activity on our Services and hold certain information. These technologies are used for

c) Information from Third Parties:

• Public Blockchain Data: We collect publicly available transaction data from various blockchains when you link your wallet addresses to your Crypto Tax Buddy account. This data is inherent to the blockchain and not unique to our collection.
• Third-Party Exchanges/Wallets: Through your provided API keys or integrations, we access your transaction data from selected cryptocurrency exchanges and wallets. We explicitly limit this access to read-only permissions for tax calculation purposes.
• Analytics Providers: We may receive aggregated or pseudonymized data from third-party analytics providers (e.g., Google Analytics) about user behavior on our Services.
• Payment Processors: While we do not directly store your full payment card details, our payment processors provide us with transaction confirmation and limited billing information necessary for service delivery and accounting.

a) To Provide and Maintain Our Services (Legal Basis: Contractual Necessity):

• To set up and manage your user account.
• To enable you to import, aggregate, calculate, and generate cryptocurrency tax reports.
• To process your subscriptions and payments.
• To communicate with you regarding service-related updates, security alerts, and technical notices.

b) To Improve and Personalize Services (Legal Basis: Legitimate Interest / Consent where applicable):

• To understand how our Services are used, analyze usage trends, and develop new features and functionalities.
• To troubleshoot technical issues and enhance the performance and security of our platform.
• To personalize your experience and provide tailored content or recommendations.
• Where required by law (e.g., GDPR), we will obtain your explicit consent for certain analytics or personalization activities.

a) Service Providers:

We engage trusted third-party service providers to perform functions on our behalf and help us operate our Services. These include:

• Cloud hosting providers (e.g., AWS, Google Cloud, Azure).
• Payment processors (e.g., Stripe, PayPal).
• Customer support and communication platforms (e.g., Zendesk, Intercom).
• Email communication services (e.g., Mailchimp, SendGrid).
• Analytics and performance monitoring tools (e.g., Google Analytics, Mixpanel).
• Security and identity verification services.
• Professional advisors (e.g., accountants, auditors, legal counsel).
• These service providers are contractually obligated to protect your data, maintain confidentiality, and use it only for the purposes for which we disclose it to them.

b) Affiliates and Group Companies:

We may share your Personal Data with our current or future affiliates or group companies for internal business purposes, consistent with this Privacy Policy.

c) Business Transfers:

In the event of a merger, acquisition, asset sale, financing, reorganization, dissolution, or similar transaction involving all or a portion of our business, your Personal Data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your Personal Data.

d) Legal Requirements & Law Enforcement:

We may disclose your Personal Data if required to do so by law, subpoena, court order, or if we believe that such action is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of Crypto Tax Buddy Inc.
• Prevent or investigate possible wrongdoing in connection with the Services.
• Protect the personal safety of users of the Services or the public.
• Protect against legal liability.

e) With Your Consent:

We may share your Personal Data for any other purpose with your explicit consent.

f) Aggregated or Anonymized Data:

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you with third parties for various purposes, including research, analytics, marketing, and industry analysis.

We implement appropriate safeguards to ensure that your Personal Data remains protected when transferred internationally, in accordance with applicable data protection laws, including:

• Standard Contractual Clauses (SCCs): For transfers of Personal Data originating from the European Economic Area (EEA), the UK, or Switzerland, we utilize CIPO-approved Standard Contractual Clauses with our data processors.
• Intra-Group Data Transfer Agreements: If applicable, for transfers within our corporate group.
• Adequacy Decisions: Relying on countries or mechanisms deemed to provide an adequate level of data protection by relevant authorities (e.g., Canada being deemed adequate by the EU for certain purposes under PIPEDA).
• Your Explicit Consent: In limited circumstances, where other safeguards are not applicable.

By using our Services, you understand and acknowledge that your Personal Data may be transferred to, and processed in, countries outside your country of residence.

a) Encryption:

Data is encrypted in transit (e.g., using TLS/SSL) and at rest (e.g., AES-256 encryption for data stored in our databases and cloud storage).

b) Access Controls:

Strict access controls and "least privilege" principles are applied to ensure only authorized personnel have access to Personal Data on a "need-to-know" basis.

c)Multi-Factor Authentication (MFA):

MFA is required for internal access to our systems and recommended for user accounts.

d) Regular Security Audits & Vulnerability Assessments:

We regularly conduct security audits and penetration testing to identify and address potential vulnerabilities.

e)Employee Training:

Our employees receive regular training on data privacy and security best practices.

f) Physical Security:

Our data centers and physical infrastructure are protected by appropriate physical security measures.

While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security

For example, we generally retain:

• Account Data: For as long as your account is active and for a limited period thereafter to facilitate account recovery or comply with legal obligations.
• Financial Transaction Data: For longer periods as required by tax laws (e.g., 7 years in Canada, 3-7 years in the US depending on jurisdiction), AML/KYC regulations, or for audit purposes.
• Usage Data: For a shorter period, unless it is necessary for security, performance analysis, or to improve the functionality of our Service.

When your Personal Data is no longer necessary, we will securely delete or anonymize it.

Depending on your jurisdiction and applicable data protection laws (such as GDPR, PIPEDA, CCPA/CPRA), you may have the following rights regarding your Personal Data:

• Right to Access/Know: You have the right to request a copy of the Personal Data we hold about you and information about how we process it.
• Right to Rectification/Correction: You have the right to request that we correct any inaccurate or incomplete Personal Data we hold about you.
• Right to Erasure/Deletion ("Right to be Forgotten"): You have the right to request the deletion of your Personal Data, under certain conditions (e.g., when the data is no longer necessary for the purposes for which it was collected, or you withdraw consent, and no other legal basis applies).
• Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your Personal Data, under certain conditions (e.g., for direct marketing purposes, or processing based on legitimate interests).
• Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
• Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Non-Discrimination (CCPA/CPRA): We will not discriminate against you for exercising any of your privacy rights.
• Right to Opt-Out of Sale/Sharing (CCPA/CPRA): Crypto tax Buddy does not share or sell your data with any entity for targeted advertising, and would notify you if this ever changes. However, If Crypto Tax Buddy Inc. were ever to engage in "selling" or "sharing" your personal information as defined under CCPA/CPRA (e.g., for targeted advertising), you would have the right to opt-out

How to Exercise Your Rights:

To exercise any of these rights, please contact us at support@cryptotaxbuddy.io. We will respond to your request within the timeframe required by applicable law (e.g., 30 days under GDPR, 45 days under CCPA). We may need to verify your identity before fulfilling your request.

Complaints:

If you have concerns about our privacy practices, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction (e.g., the Office of the Privacy Commissioner of Canada (OPC) or a Data Protection Authority (DPA) in the EU/UK).

• By email: support@cryptotaxbuddy.io
• By mail: Crypto Tax Buddy Inc., 3207-100 Walgrove Court SE Calgary, AB, Canada, T2X 4N1