Privacy Notice
Last Updated: July 2024
In our Privacy Notice, Coin Stats, Inc. (CoinStats, we, us, our) has compiled all the essential information about our handling of your personal data and your corresponding rights.
Through our website (the " Site") and mobile application (the " App"), we track your cryptocurrency portfolio’s performance and help calculate related capital gains and losses (the " Service").
This Privacy Notice applies to your use of the Site, the App and the Service (collectively, the Services) provided by CoinStats or its affiliates (CoinStats and the companies CoinStats directly or indirectly controls are referred to as "CoinStats Affiliates").
We may change this Privacy Notice at any time by posting the revised Privacy Notice on the Site and indicating the effective date of the revised Privacy Notice. You will be notified of any material changes to this Privacy Notice via email or other support channels.
Before using the Service or submitting any personal information to CoinStats, please review this Privacy Notice carefully and contact us if you have any questions. By using the Services, you agree to the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not access the Site or otherwise use the Services. This Privacy Notice is incorporated into and forms part of our Terms of Use.
Which CoinStats Affiliate is responsible for the collection and processing of your personal data in connection with the provision of the Services depends on the region in which you reside. Your region of residence is determined based on your location:
USA: CoinStats dataprotection@coinstats.com
For all other countries: dataprotection@coinstats.com
We have appointed representatives for data protection in several countries to oversee the protection of your personal data. Furthermore, if you have any questions or complaints regarding this Privacy Notice, our global data protection or our handling of personal data, you can contact the CoinStats Privacy Controller who is responsible for the processing of your personal data at any time. This applies regardless of whether we have appointed a representative officer in your country.
We collect your personal data when you use our Services, provide us with information via a web form, add or update information in your CoinStats account or otherwise interact with us. We also collect personal data from other sources (such as other CoinStats Affiliates and data providers).
We collect the following personal data:
3.1 Personal data you provide when using our Services
Identification Information: we collect your email address and password.
Cryptocurrency Information: we collect the public wallet address for each cryptocurrency holding you connect to the Services and the associated transaction history including the dates and amounts of each transaction. Depending on how you configure your CoinStats account, we may pull the transaction history directly from the blockchain, collect it from the exchange that processed the transaction for you (if you give us read access to your account at the relevant exchange) or get it from materials or information you upload through the Service.
Financial Information: our payment processor(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. Please note, however, that we store only a tokenized version of such information and do not maintain payment card information on our servers.
Communication Information: we may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys, or requests for market research seeking your opinion and feedback.
Social network data you share with us: we allow you to use providers of single sign-on services (such as Google, Facebook, or Apple) with whom you already have an account to create a CoinStats account or to link your CoinStats account to such single sign-on services. You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
Other information: You may provide us with additional information through a web form or by updating or adding information to your CoinStats account, by participating in community discussions, member chats, surveys, inquiries, dispute resolution, notes, customer service calls recorded with your consent, or if you contact us for any other reason regarding our Services.
3.2 Personal Data we collect automatically when you use our Services
Social Media Information: when you interact with us on social media, we may receive personal information that you provide or make available to us based on your settings, such as your profile information.
Internet Activity Information: when you visit, use, and interact with the Services, the following information may be created and automatically logged in our systems:
Device Information: the manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Service. The information we collect may vary based on your device type and settings.
Usage Information: information about how you use our Services, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities. We use Google Analytics, AppsFlyer, Amplitude, Iterable, Intercom, Superwall and X.
Location Information: we may derive a rough estimate of your location from your IP address when you visit the Site.
Email Open/Click Information: we may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.
3.3 Personal data we collect in connection with the use of cookies and similar activities
Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
3.4 Personal Information from Third Parties:
Third-party login information: when you link, connect, or log in to the Service with a third-party service, such as Google, you direct such third parties to send us information associated with your account on that service, as controlled by that service or as authorized by you via your privacy settings at that service.
Personal Information We Create: we use your cryptocurrency information to create reports relating to your capital gains and losses and tax liability.
We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on the Site, to contact you about your CoinStats account and our Services, to provide customer service, to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties, including service providers acting on our behalf, for these purposes. In addition, we may share your personal data among CoinStats Affiliates.
4.1 We process your personal data to fulfill our contract with you and to provide you with our Services. This includes the following purposes:
Processing of data relating to you or your company for the purpose of entering a contract with you and executing it.
Provision of our Services
Track your cryptocurrency portfolio’s performance and help calculate related capital gains and losses;
Provide and secure the Services;
Create, maintain, and authenticate your account;
Providing general customer support including the solution of problems with your CoinStats account, arbitration of disputes, providing other services within the scope of customer service as well as enforcement of fee claims.
Give your tax advisors access to your account (with your consent); and
Process transactions through our third-party payment processors.
We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transfer your personal data to processors and the following recipients for one or more purposes described above:
CoinStats Affiliates
External service providers and event agencies
Government agencies or public authorities (including customs and tax authorities)
Payment service providers
External operators of websites, applications, services and tools
4.2 We process your personal data to comply with legal obligations to which we are subject. This includes the following purposes:
Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
Prevention, detection and mitigation (including compliance with reporting requirements) of illegal activities (e.g. fraud, money laundering, terrorist financing, child abuse and violations of sanctions legislation).
Complying with information requests from third parties based on any statutory information rights they have against us (e.g. in the event of an intellectual property infringement, product piracy, or other unlawful activity).
Complying with information collection, verification, disclosure, reporting and other requirements under consumer protection, anti-fraud, online platform and tax legislation.
Complying with data access requirements under payment services legislation (e.g. under the EU Payment Services Directive) as a provider of payment services.
Ensuring the security of our Services.
Retention and storage of your personal data to comply with specific legal retention requirements.
We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
Third-party service providers
Other third-party service providers you select to access your data under payment services legislation and as authorized in each case by you
Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us
CoinStats Affiliates
4.3 We process your personal data to protect your vital interests or the vital interests of another natural person. This includes the following purpose:
Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect.
We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
Third parties who are involved in judicial proceedings
CoinStats Affiliates
External service providers
4.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. On this basis, we process your data for the following purposes:
Participation in investigations and proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, in particular for the purpose of detecting, investigating and prosecuting illegal acts. In such cases, we will only disclose what we believe is necessary, and to the extent permitted by applicable laws.
Protection of the legitimate interests of third parties in connection with civil law disputes, including the investigation of such disputes. In such cases, we will only disclose what we believe is necessary, and to the extent permitted by applicable laws.
Prevention, detection, mitigation and investigation of fraud, financial crimes and harms, violation of international sanctions legislation, security incidents and other prohibited or unlawful activities.
Monitoring and improvement of the security of our Services, unless there is a statutory obligation to this effect.
Analysis and improvement of the Services, e.g. by reviewing site usage data or information from users about blocked or crashed pages to identify and solve problems and to provide you with an improved user experience, including as part of product development.
We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
CoinStats Affiliates
External service providers
Law enforcement agencies, courts, government agencies or public authorities
Third parties who are involved in judicial proceedings
Payment service providers
Third-party partners in furtherance of offering commercial financing opportunities
Other companies in the context of a company acquisition
4.5 With your consent, we process your personal data for the following purposes:
For users within the European Economic Area (EEA), Switzerland and the United Kingdom: advertising and content personalization, measurement and analytics, on and off our Site.
Communications with you via electronic mail (such as email or text message) or telephone, including communications by CoinSTats Affiliates or by third parties, to offer you special offers and for marketing purposes in general, unless these communications are permitted without your consent under applicable law. We may engage third parties to send marketing communications on our behalf.
Processing of your precise location data to provide location-based services. Please note that most mobile devices allow you to manage or disable the use of precise location services for all applications in the settings menu.
For users within the European Economic Area (EEA): storing your financial information (e.g. credit card and account numbers) for future transactions.
Provision of a single sign-on service allowing you to register or log in to third-party services using your CoinStats sign-in credentials.
Processing of your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you.
We do not sell, rent, license, or lease your personal information to third parties. However, where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
CoinStats Affiliates
External service providers
Third parties using our single sign-on service (as authorized by you in each single case)
Other third parties with whom we partner to offer you specific services (as described at the collection of the respective user consent)
Third-party advertising partners such as Google, Meta, Microsoft, Pinterest, and TikTok.
Regarding direct marketing, note that you have the right to object at any time to the processing of your personal data for direct marketing purposes. This right is absolute, which means we will stop processing your personal data for direct marketing as soon as we receive your objection. You can exercise this right by:
Clicking the "unsubscribe" link in any marketing email we send you
Logging into your account settings and adjusting your communication preferences
Contacting us directly at our help center with your request to opt-out of direct marketing
Upon receiving your objection, we will promptly cease using your personal data for direct marketing purposes. However, please note that you may still receive transactional or service-related communications from us that are necessary for the operation of your account or fulfillment of our services.
We and our service providers will store your personal data in compliance with applicable data protection laws. We will retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice. Our retention practices are as follows:
Retention Period: We will keep your personal data for the duration required to provide our Services and comply with legal obligations. If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent.
Deletion or Anonymization: Once the retention period expires, we will either:
Delete your personal data, or
Anonymize it in a manner that prevents re-identification
Extended Retention: In some cases, we may be legally required or permitted to retain your data for longer periods, such as:
Compliance with tax, accounting, or auditing requirements
Fraud detection and prevention
Other legal obligations
Legal Basis: Any extended retention will be based on a valid legal ground.
Data Minimization: We will ensure that we only retain data that is necessary and relevant for the specified purposes.
Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
Transparency: Upon request, we will provide you with information about the retention periods for different categories of personal data.
We are committed to protecting your privacy rights and handling your personal data responsibly throughout its lifecycle in our systems.
As a CoinStats user, you have several rights under data protection law, subject to any limitations imposed by national legislation:
Right of Access: You can request to see what personal data we hold about you.
Right to Rectification: If you believe any of your data is inaccurate or incomplete, you can ask us to correct or update it.
Right to Erasure: Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances.
Right to Restrict Processing: You can ask us to limit how we use your data in specific situations.
Right to Data Portability: You can request a copy of your data in a machine-readable format and ask us to transfer it to another organization.
Right to Withdraw Consent: If you've given us consent to process your data, you can revoke this permission at any time.
Right to Object: You can oppose our processing of your data when we're relying on legitimate interests as our legal basis.
Regarding the withdrawal of your consent, please note that you have the right to withdraw your consent for the processing of your personal data at any time, where we rely on consent as the legal basis for processing.
Withdrawing your consent is as simple and straightforward as giving it.
You can withdraw your consent by:
Logging into your account settings and updating your preferences
Clicking the "unsubscribe" link in our marketing emails
Please note that withdrawing your consent:
Does not affect the lawfulness of any processing we conducted prior to your withdrawal
Will not affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent
May impact our ability to provide certain services that require your consent
We will process your request to withdraw consent promptly, and in any case within one month of receiving it. After processing your withdrawal request, we will cease processing the relevant personal data unless we have another lawful basis for doing so.
If you're dissatisfied with how we've handled your data, you have the right to file a complaint with a data protection supervisory authority.
To exercise any of these rights or if you have questions, please contact us using the information provided in our Privacy Notice.
We may share your personal information with recipients located in countries other than your own. These countries may have different data protection laws than those in your jurisdiction. When we transfer your data internationally, we implement appropriate safeguards to ensure its protection.
More Details on International Data Transfers:
Transfers within CoinStats Affiliates: We transfer data between CoinStats affiliated companies based on our global data protection principles. These are internally binding regulations that commit all CoinStats Affiliates to protect your data and comply with data protection obligations.
In particular, CoinStats complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the U.S.
Other International Transfers: We may transfer your data to recipients worldwide. When transferring data from the European Economic Area (EEA), UK, or Switzerland to countries outside the EEA, we ensure appropriate safeguards are in place or that the transfer is otherwise permitted by law.
Some countries are recognized by the European Commission as providing adequate data protection. These currently include Andorra, Argentina, Canada (for certain organizations), Switzerland (for transfers from the EEA), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South Korea, UK, USA (under the Data Privacy Framework), and Uruguay.
For other countries, we implement necessary safeguards, such as using standard contractual clauses (2021/914/EU) adopted by the European Commission, or other legally approved measures.
We continually reassess these measures to ensure compliance with new regulations and legal precedents.
We take the security of your personal information seriously and have implemented a range of technical and organizational safeguards to protect it. Our goal is to minimize risks such as data loss, misuse, unauthorized access, disclosure, and alteration. Here's how we protect your data:
Network Security: We use advanced network security services to guard against external threats and unauthorized access attempts.
Data Encryption: Your data is encrypted, making it unreadable to anyone who doesn't have the decryption key.
Physical Security: Our data centers have strict physical access restrictions, ensuring that only authorized personnel can access the facilities where your data is stored.
Logical Access Controls: We implement robust access controls for our systems and data. This means that even within our organization, only those who need access to perform their job functions can view or handle your data.
Regular Updates: We continually review and update our security measures to address new and emerging threats.
Employee Training: Our staff receives regular training on data protection and security best practices.
Incident Response: We have procedures in place to quickly detect and respond to any potential security incidents.
While no system is completely impenetrable, these measures significantly enhance the protection of your personal information. We remain vigilant and committed to safeguarding your data throughout its lifecycle within our systems. You use the Services at your own risk.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and no later than 72 hours after becoming aware of the breach. This notification will include:
A description of the nature of the personal data breach
The name and contact details of our data protection officer or other contact point where more information can be obtained
The likely consequences of the personal data breach
The measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects
We will provide this notification directly to you via email, unless doing so would involve disproportionate effort. In such cases, we will make a public communication or use a similar measure to ensure you are informed in an equally effective manner. If the breach is unlikely to result in a risk to your rights and freedoms, we may not notify you directly, but we will document the breach internally and inform the relevant supervisory authority as required by law. We maintain and regularly update our data breach response plan to ensure swift and effective action in case of any security incidents involving your personal data.
If you have any questions about our Privacy Notice or information practices, please feel free to contact us.