Privacy Policy

Last updated: April 4, 2026

This privacy policy describes how DYOR.tax ("we", "us", "our") collects, uses, and protects information when you use our crypto tax calculation service at dyor.tax.

1. Information we collect

CSV transaction data. When you upload a CSV file from Coinbase, Binance, or Kraken, the file contents are sent to our server for processing. This data includes your transaction history (dates, amounts, asset types, prices) as exported from your exchange.

Wallet addresses. If you choose to scan on-chain wallets, you provide public blockchain addresses (EVM, Solana, or Bitcoin). We use these addresses to query public blockchain data through third-party APIs.

Payment information. Payments are processed through Stripe. We do not store your credit card number, CVV, or other payment card details. Stripe handles all payment data in accordance with PCI DSS standards. We receive only a payment confirmation and session identifier from Stripe.

Email address. If you voluntarily provide your email through our opt-in form, we store it for product updates. Email is never required to use the service.

Technical data. Our hosting infrastructure (Cloudflare) may log standard request data such as IP addresses, browser user agents, and request timestamps for security and operational purposes.

2. How we use your information

• To parse and analyze your transaction data and generate tax reports
• To process payments through Stripe
• To deliver your generated PDF report
• To send product updates if you opted in to email communications
• To monitor and maintain service reliability and security

3. Data storage and retention

CSV files. Your uploaded CSV data is processed in memory and is not stored permanently on our servers. CSV content is used only for the duration of your analysis session.

Wallet scanning. Wallet scanning is read-only. We query only public blockchain data using your addresses. We do not request, store, or have access to private keys, seed phrases, or wallet signing capabilities.

Generated reports. PDF and CSV reports you purchase are stored encrypted on Cloudflare R2 (S3-compatible object storage). Reports are retained for 12 months from the date of generation, after which they are automatically deleted by our cleanup process.

Preview data. Free preview results are cached temporarily (up to 30 minutes) to enable a smooth checkout experience. This cached data is automatically purged after expiration.

4. Data sharing

We do not sell, rent, or trade your personal information or transaction data to third parties.

We share data only with the following service providers, strictly for the purpose of operating the service:

• Stripe - payment processing
• Cloudflare - CDN, DNS, and report storage
• Plausible Analytics - privacy-friendly, cookieless web analytics (data policy)
• Crisp - live chat support widget. Crisp may set session cookies to maintain your chat conversation. See Crisp's privacy policy for details.
• Third-party data providers - public blockchain and market data (read-only, no personal data shared)

5. Security

We take reasonable measures to protect your data:

• All data transmission uses HTTPS/TLS encryption
• Generated reports are stored encrypted at rest
• API authentication is required for all server requests
• Payment sessions are verified server-side with Stripe before report delivery
• Data integrity is verified using SHA-256 fingerprints during the checkout process

6. Cookies

Our site uses minimal cookies and browser storage. We use sessionStorage to maintain your calculator state during a session (selected exchange, country, tax year). We do not use tracking cookies or third-party analytics cookies.

Analytics. We use Plausible Analytics, a privacy-friendly service that does not use cookies or collect personal data. Plausible processes aggregate page view counts and referral sources without identifying individual visitors. No data is shared with advertisers. See Plausible's data policy for details.

Live chat. We use Crisp for live chat support. When you interact with the chat widget, Crisp may set session cookies to maintain your conversation state. These cookies are functional (not used for advertising or cross-site tracking). You can review Crisp's privacy policy for full details on how they handle data.

7. Your rights

Since we do not permanently store CSV data and do not require accounts, there is generally no persistent personal data to delete. If you provided your email for updates, you can request removal by contacting us at [email protected].

8. Children

DYOR.tax is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or your data, contact us at [email protected].