Privacy policy

Preamble

This privacy policy applies to the site: Waltio.com.
The purpose of this privacy policy is to inform you in full transparency about how Waltio collects, processes, and protects your personal data when you use our site and tax assistance services. We attach the utmost importance to the confidentiality of your financial information and are committed to strictly complying with the General Data Protection Regulation (GDPR)

1. Personal Data Collected

We apply a strict principle of data minimization: we only collect the information essential for the execution of our service.

A. Data you provide to us

• Identification: Your email address (mandatory for account creation). Note: We do not collect your first and last name.
• Tax Details: Your country and region of tax residence (depending on the country, this information is necessary to apply local tax rules. 
• Financial Data: Your transaction history (imported files) and your public wallet addresses.
• Support: The content of your exchanges with our customer service team.

B. Data collected automatically

• Technical Data: IP address, connection logs, browser type (necessary for security and debugging).
• Navigation Data: Cookies and trackers (see dedicated section).

C. Data from third parties

• API Keys: Connection keys to your exchange platforms (Binance, Kraken, etc.). These keys are stored exclusively in “Read-only” mode.
• Payment: Validation status of your subscription (via Stripe, Apple, or Google).
• The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by the data controller or by a third party.

2. Purposes and Legal Basis for Processing

Your data is processed for determined, explicit, and legitimate purposes:

• Service Provision (Contract Execution): Account synchronization, capital gains calculation, and generation of tax reports.
• Billing (Legal Obligation): Subscription management and retention of accounting proofs.
• Security (Legitimate Interest): Fraud prevention, account security, and incident detection.
• Product Improvement (Legitimate Interest & Consent): Analysis of technical errors and anonymized usage statistics.

3. Data Recipients

Your personal data is confidential and is never sold. It is accessible only by authorized Waltio personnel and transmitted to our technical service providers (subcontractors) necessary for the proper functioning of the service:

• Hosting and Infrastructure: AWS and MongoDB (France).
• Secure Payment: Stripe, Coinbase Commerce, Apple Pay (Waltio does not store any complete banking data).
• Customer Support and CRM: Intercom (Chat), Brevo (Emails).
• Analytics and Monitoring: Mixpanel, Hotjar, Sentry.

4. Hosting and Security

Aware of the sensitivity of financial data, we have implemented robust security measures.

• Data Location: Our main infrastructures and databases are hosted in France (Paris Region) by Amazon Web Services (AWS) and MongoDB Atlas, guaranteeing the sovereignty of your data.
• API Key Encryption: The API keys you provide undergo specific secure processing. They are encrypted (via the AWS KMS protocol) before being stored and are never displayed in plain text.
• Transfers outside the EU: If certain third-party tools transfer technical data to the United States, we ensure that these transfers are framed by appropriate legal guarantees (Standard Contractual Clauses).

5. Data Retention

We retain your data only for the time necessary for the purposes pursued:

• Active Account: Duration of the contractual relationship to ensure multi-year tax tracking.
• Deletion: Immediate deletion upon request.
• Inactivity: After 3 years of inactivity, your personal data is erased.
• Accounting Obligations: Invoices are kept for 10 years in accordance with the law.
• Technical Backups: Rolling duration of 6 months

6. User Rights

In accordance with current regulations, you have the following rights regarding your data:

• Right of access and rectification.
• Right to erasure (right to be forgotten) and account deletion.
• Right to data portability.
• Right to object to and limit processing.

To exercise these rights, you can contact our Data Protection Officer (DPO) at the following address: [email protected].

7. Cookies

The management of your consent is handled by our partner Axeptio. You can accept or refuse non-essential cookies (statistics) at any time by clicking on the “Cookies” widget at the bottom of the page.

8. Communications and Email

• Transactional Emails: Necessary for the service (invoices, security alerts, available reports). They cannot be disabled.
• Marketing Emails: Optional (newsletter, offers). You can unsubscribe at any time via the unsubscribe link present in each email.

9. Mobile Payments

If you make a purchase via our mobile application, the transaction is processed directly by Apple (App Store) or Google (Play Store). These platforms are responsible for processing your banking data. Any refund request related to these purchases must be addressed directly to them.

Acceptance

By browsing the site, the user attests to having read and understood this privacy policy. The editor reserves the right to modify it to ensure its compliance with current law.The user is informed that the last update of this privacy policy occurred on: January 22, 2026