Get a Quote

Privacy Policy

Last updated: February 2026

1. Data Controller

HandyTax OÜ (registry number 17086023), Tornimäe tn 5, 10145 Tallinn, Estonia, is the data controller responsible for your personal data. Contact us at hello@handytax.io.

2. Information We Collect

2.1. Information you provide: Name, email address, country of residence, cryptocurrency exchange data (transaction histories, wallet addresses), tax year information, and any additional details shared via our quote form or email.

2.2. Automatically collected: When you visit our website, we may collect device information, browser type, IP address, and browsing behaviour through Google Analytics 4 (GA4) — only after you consent to cookies. No tracking occurs before consent.

2.3. Third-party data: Transaction data from cryptocurrency exchanges and wallets that you authorise us to access (read-only).

3. How We Use Your Data

We use your personal data to:

  • Provide cryptocurrency tax report preparation services
  • Communicate with you about your project and deliverables
  • Process payments and manage invoicing
  • Improve our website and services
  • Comply with legal obligations

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f)), and consent for analytics (Art. 6(1)(a)).

4. Third-Party Service Providers

We may share your data with the following trusted providers:

  • Koinly — Tax software for transaction reconciliation
  • ClickUp — Task management for project tracking
  • Google Analytics 4 — Website analytics (after consent)
  • Calendly — Scheduling consultations
  • Vercel — Website hosting
  • Cloudflare — DNS and security

All providers are selected for their GDPR compliance and data protection practices. We do not sell your data to third parties.

5. Data Retention

We retain your personal data for up to 5 years from the completion of services to comply with tax authority record-keeping requirements across jurisdictions (e.g., HMRC requires 5 years for Self Assessment records). After this period, data is securely deleted unless a longer retention is required by law.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Restriction — Request limited processing
  • Portability — Receive your data in a structured format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — For analytics cookies at any time

To exercise any of these rights, email us at hello@handytax.io.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted communications, access controls, and secure storage. We use read-only access to exchange and wallet data — we never request withdrawal permissions or private keys.

8. Cookies

Our website uses the following cookies:

  • Essential cookies: Cookie consent preference (stored locally, no tracking)
  • Analytics cookies (GA4): _ga, _ga_* — Used to distinguish users and measure site usage. Only loaded after you accept cookies via our consent banner.

You can withdraw cookie consent at any time by clearing your browser cookies and revisiting our site.

9. International Data Transfers

HandyTax OÜ is an Estonian company processing data for clients in the UK, US, Australia, Canada, and other countries. Where data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with the revised "Last updated" date.

11. Contact & Complaints

If you have questions or complaints about our data processing, contact us at hello@handytax.io. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.