Crypto Tax Assistant » Privacy policy

Privacy policy

Last updated: April 23, 2026

The protection of your personal data is a priority for WALTIO. This policy details how we process your data in compliance with the General Data Protection Regulation (GDPR).

1. Identity of the Data Controller

WALTIO SA, operating under the trade name Waltio, whose registered office is located at 22 Allée Alan Turing, 63000 Clermont-Ferrand, France, is responsible for processing the data collected on the application and the website waltio.com and its subdomains.

The person designated as responsible for the processing of personal data is: Chevallereau Benjamin. He can be contacted at the following address: [email protected]

Furthermore, the User is informed that the following person has been appointed as Data Protection Officer: Emilie Jurdic. She can be contacted at the following address: [email protected]

We may modify this Privacy Policy from time to time, in which case we will inform you of the update by any available means, including via a notification on the application.

2. Data Collection and Use

We limit collection to data strictly necessary (data minimization):

Account data: Your email address is required to create your account and secure access.

Tax residence data: where necessary, we only collect information relating to the territorial subdivision of residence (for example, the department in France or the autonomous community in Spain) in order to provide guidance on applicable reporting procedures and deadlines.

Financial data:

• API keys: We only request read-only API keys. Waltio does not technically have the ability to perform withdrawals or transactions on your exchange accounts.
• Transaction history: Files uploaded or retrieved via API to calculate your capital gains.

Billing data (via Stripe or PayPal): Your first name, last name, and payment details are processed directly by the secure payment provider selected when subscribing to the Services.

Support data (via Intercom): The content of your exchanges with our experts to help you use the platform.

Legal basis: These processing activities are necessary for the performance of the contract, in accordance with our Terms and Conditions (providing the tax calculation service).

You are never required to provide your personal data to Waltio. However, if you refuse to provide your data, access to the Services may be limited, suspended, or impossible.

3. Data Retention

The Company applies different retention periods depending on the nature of the data and the purposes of processing:

Active account data: All your financial data (transactions, API keys) and profile information are stored as long as your account is active. If your account is deleted, this data is immediately and permanently erased from our active databases.

Billing data: To comply with our legal and accounting obligations, your invoices and proof of payment are stored in a secure archive for a period of ten (10) years from the end of the relevant financial year.

Technical and connection logs: Data related to traceability and access security is retained for one (1) year.

Customer support data: Your exchanges with our technical support are stored for the entire lifetime of your account to ensure proper follow-up. If your account is deleted, this data is removed from our active databases.

Proof of acceptance of Terms & Conditions and security logs: retained for the duration of the account (ongoing business relationship). In case of account deletion (upon request) or purge due to inactivity, deletion/archiving is carried out in accordance with our retention policy.

4. Sharing and Subprocessing

Your data is never sold. It is shared only with trusted service providers for the operation of the service:

• Hosting: AWS (servers located in Ireland)
• Payments: Stripe (global leader in secure payments) and PayPal
• Customer support: Intercom (website chat tool)
• Authentication: Auth0 (to secure your login)

Waltio ensures that its providers offer sufficient guarantees for the performance of their tasks and comply with applicable laws and regulations.

5. Transfers Outside the European Union

Some of our tools (such as Intercom or Stripe) are based in the United States. These transfers are governed by the Data Privacy Framework (adequacy decision of the European Commission) or by Standard Contractual Clauses, ensuring a level of protection equivalent to that of Europe.

When the provider is certified under the EU-U.S. Data Privacy Framework, we rely on this mechanism; otherwise, we use Standard Contractual Clauses and additional safeguards where necessary.

6. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have rights of access, rectification, erasure, objection, restriction, and portability.

To exercise your rights, contact: [email protected] using the email address associated with your Waltio account.

Although you have rights, their exercise is not unlimited; each right provided under the GDPR may be subject to specific conditions.

We respond within one month from receipt of the request, as required by law. This period may be extended to three (3) months in the case of a complex request.

The exercise of GDPR rights is generally free of charge. However, where your requests involve significant costs, you may be required to bear part of these costs.

You may also lodge a complaint with the competent supervisory authority, in particular in your country of residence:

• CNIL (France)
• ICO (United Kingdom)
• PFPDT/EDÖB (Switzerland)
• or any other competent authority

7. Cookies and Tracking Policy

We use trackers to improve your experience. You can manage them via our Axeptio banner.

7.1. What are cookies used for on Waltio?

Cookies and other trackers are small files placed on your device (computer, mobile, tablet) when browsing. They allow the service to function, improve your experience, and, depending on your choices, measure audience or enable certain features.

We use the following categories of trackers:

(i) Strictly necessary cookies (mandatory)
These cookies are essential for the functioning of the Site and the platform (e.g., security, authentication, session management, technical preferences). They cannot be disabled via the banner.

(ii) Audience measurement / analytics cookies (subject to your consent)
They help us understand how the Site is used (pages viewed, performance, errors) in order to improve the service.

(iii) Support / chat cookies (subject to your consent where required)
They enable support functionalities (e.g., messaging/assistance) and improve the quality of support.

(iv) Marketing cookies (where applicable, subject to your consent)
They allow us to display or measure marketing campaigns.

7.2. What are cookies used for on Waltio?

Categories	Partners (Tools)	Purpose
Strictly necessary (cannot be disabled)	Axeptio Auth0 Stripe Sentry	– Store your cookie consent choices- Allow you to log in securely- Secure your payments and prevent fraud- Detect technical bugs to fix the application
Audience measurement (Analytics) (subject to your consent)	Hotjar Mixpanel	– Understand how you navigate our site (most viewed pages, clicks) to improve our product
Marketing and Advertising (subject to your consent)	Google (Ads/Analytics)Meta (Facebook)LinkedIn X (Twitter)BrevoPost Affiliate Pro	– These networks place a tracker on our site to measure the effectiveness of our advertising campaigns- This allows us to show you relevant Waltio ads when you browse Facebook, Twitter, Google, or LinkedIn afterward- Track referrals and our affiliate program

7.3. How to manage your choices?

During your first visit, an Axeptio consent banner allows you to accept, refuse, or customize the use of non-essential trackers.

You can modify your choice at any time via the “Cookie settings” button/link available on the Site.

7.4. List of cookies / trackers

The detailed list of cookies/trackers (name, purpose, retention period, issuer) is available at any time in the Axeptio module (“Cookie settings”), which is automatically updated.