The US tax extension deadline is here — file your taxes by Oct 15. Start now

Privacy policy

Your privacy is important to us.

Nino Finance, Inc. (“CoinTracker,” “ we,” “us,” or “our ”) has prepared this Privacy Policy to explain what personal information we collect, how we use and share that information and your choices concerning our information practices. Through our website (the “Site”) and mobile application (the “ App”), we track your cryptocurrency portfolio’s performance and help calculate related capital gains and losses (the “ Service”).

Before using the Service or submitting any personal information to CoinTracker, please review this Privacy Policy carefully and contact us if you have any questions. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service. This Privacy Policy is incorporated into and forms part of our Terms of Service.

  • Europe: If you are located in the European Economic Area ("EEA") that includes the European Union ("EU"), or the United Kingdom ("UK”), please see Section 12 for additional European-specific privacy information, including on international transfers of your personal information, and your rights in respect of your personal information under EEA and UK privacy law.

1. PERSONAL INFORMATION COLLECTION

Personal Information You Provide: we collect the following categories of personal information from you:

  • Identification Information:

    We collect your email address and password.

  • Cryptocurrency Information:

    We collect the public wallet address for each cryptocurrency holding you connect to the Service and the associated transaction history including the dates and amounts of each transaction. Depending on how you configure your CoinTracker account, we may pull the transaction history directly from the blockchain, collect it from the exchange that processed the transaction for you (if you give us read access to your account at the relevant exchange) or get it from materials or information you upload through the Service.

  • Financial Information:

    Our payment processor(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. Please note, however, that we store only a tokenized version of such information and do not maintain payment card information on our servers.

  • Communication Information:

    We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys, or requests for market research seeking your opinion and feedback.

  • Social Media Information:

    We maintain a social media presence on platforms like Twitter and YouTube. When you interact with us on social media, we may receive personal information that you provide or make available to us based on your settings, such as your profile information.

Internet Activity Information:

When you visit, use, and interact with the Service, the following information may be created and automatically logged in our systems:

  • Device Information:

    The manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Service. The information we collect may vary based on your device type and settings.

  • Usage Information:

    information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities. We use Google Analytics, and Mixpanel to help collect and analyze usage information. Here are more details about how Google and Mixpanel use this information. In addition, we use FullStory to optimize this service. FullStory allows us to analyze time spent on pages and user journeys. All text and account data is masked and never visible to FullStory.

  • Location Information:

    We may derive a rough estimate of your location from your IP address when you visit the Site.

  • Email Open/Click Information:

    We may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.

The following technologies may be used to collect Internet Activity Information:

  • Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.

  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Personal Information Collected from Third Parties:

  • Tax Information: if you share your CoinTracker account with third party tax advisors, and those tax advisors cannot identify you based on the Identification Information we collect when you create your account, we may collect additional information about you from your advisors, such as the last four digits of your social security number, to permit those advisors to identify your account. Please note, however, that we do not collect or store your full social security number.

  • Third-party login information: when you link, connect, or log in to the Service with a third-party service, such as Google, you direct such third parties to send us information associated with your account on that service, as controlled by that service or as authorized by you via your privacy settings at that service.

Personal Information We Create: we use your cryptocurrency information to create reports relating to your capital gains and losses and tax liability.

Personal Information We Process on Behalf of Our Partners : we occasionally integrate with certain third-party partners (such as tax preparation software providers) and provide the Service to their users. If we do and the third party partner owns the user relationship, we will process the users’ personal information as a data processor pursuant to our agreements with our partners rather than this Privacy Policy. If you are such a user and have questions about the processing of your information or want to exercise one of your privacy rights, please contact the partner that you interact with directly.

2. PERSONAL INFORMATION USE

Your personal information is used for the following purposes:

Service Deliver, including to:

  • Track your cryptocurrency portfolio’s performance and help calculate related capital gains and losses;

  • Provide and secure the Service;

  • Create, maintain, and authenticate your account;

  • Give your tax advisors access to your account (with your consent); and

  • Process transactions through our third-party payment processors.

These activities are necessary to perform our contract with you. Otherwise, the legal basis for our processing is the compliance with a legal obligation if we process your data to comply with a legal obligation based on EEA or UK law and, if not, the legal basis is our legitimate interest to perform our contract management and obtain relevant documentations in relation thereto.

Communicating with You: to send you updates about administrative matters such as changes to our terms or policies, provide user support, and respond to your requests, questions, and feedback. These activities are necessary for our legitimate interests of providing user support and keeping you informed of administrative changes.

Service Improvement, including to

  • improve the Service and create new features;

  • personalize your experience; and

  • create and derive insights from de-identified and aggregated information.

These activities are necessary for our legitimate interest in analyzing how the Service is used, enhancing and personalizing users’ experience, improving the Service, and developing new features and services.

Marketing and Advertising: we and our advertising partners may use your personal information for marketing and advertising purposes, including:

  • Direct Marketing: to send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers, and events via email.

  • Interest-Based Advertising: we engage advertising partners, including third-party advertising companies and social media companies, to display ads on the Service and other online services. These companies may use cookies and similar technologies to collect information about your interaction over time across the Service, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to our or similar users (known as a “lookalike audience”) on other online platforms.

Where necessary we obtain your consent for marketing.

Compliance and Protection, including to:

  • Comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas or requests from government authorities;

  • Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);

  • Audit our compliance with legal and contractual requirements and internal policies; and

  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

These activities are necessary to comply with our legal obligations and for our legitimate interest in exercising or protecting rights and maintaining safety and security. If you are located in EEA or UK, the legal basis for our processing is the compliance with a legal obligation if we process your personal information to comply with a legal obligation based on EEA or UK law. Otherwise, the legal basis is our legitimate interest to comply with a legal obligation or to disclose the data for one of the other aforementioned purposes.

3. PERSONAL INFORMATION SHARING

We do not sell, rent, license, or lease your personal information to third parties. However, in certain circumstances we may share the categories of personal information described above without further notice to you, unless required by the law, with the following categories of third parties:

  • Service Providers: to assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with service providers, including hosting services, cloud services, and other information technology services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal information in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.

  • Professional Advisors: we may share personal information with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us. If you share your CoinTracker account with one of your tax or other advisors we will share your personal information with those advisors.

  • Business Transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of or following that Transaction along with other assets. If you are located in EEA or UK, the legal basis for such processing will generally be our legitimate interest of preparing, taking part, and/or completing such transaction.

  • Legal Requirements: we do not volunteer your personal information to government authorities or regulators, but we may disclose your personal information where required to do so for the Compliance and Protection purposes described above. If you are located in EEA or UK, the legal basis for our processing is the compliance with a legal obligation if we process your personal information to comply with a legal obligation based on EEA or UK law. Otherwise, the legal basis is our legitimate interest to comply with a legal obligation or to disclose the data for one of the other aforementioned purposes.

4. PERSONAL INFORMATION RETENTION

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), or if you are located in the EEA or UK, until you successfully exercise your right to object as stipulated under Section 12, in each case to the extent that the exceptions set out in next paragraph do not apply, whichever is longer.

To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

5. YOUR RIGHTS AND CHOICES

As a CoinTracker user you have the following rights:

  • Knowledge. You can request information about the categories of personal information that CoinTracker has collected about you, the business purpose for collecting your personal information, the categories of sources from which the personal information was collected, whether CoinTracker has disclosed your personal information for business purposes, the categories of personal information so disclosed, and the categories of third parties to whom we have disclosed your personal information (we provide this information in the Personal Information Collection, Use, and Sharing sections above);

  • Access and Data Portability. You can request a copy of the personal information that we maintain about you in a structured, commonly used, and machine-readable format. Any requests to do so, can be submitted by sending a request via email at: privacy@cointracker.com

  • Deletion and Correction. You can ask us to delete or correct the personal information that we hold about you. Any requests to do so, can be submitted by sending a request via email at: privacy@cointracker.com

  • Objection. You may have the right to object to how we use your personal information.

  • Restrict Processing. You may ask us to suspend our processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.

  • Opt-Out. You can opt-out of marketing communications by following the opt-out or unsubscribe instructions contained in any marketing communication we send you. You can also control the communications you receive through your settings page.

  • Withdraw Consent: where we rely on your consent to process personal information about you, you have the right to later withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy.

If you are using our Services from the EEA or the UK, your specific data subject rights are set out under Section 12. These specific data subject rights set out there prevail over the data subject rights set out under this Section 5 in case of any deviations.

Please contact us to exercise your rights. Your authorized agent may submit requests in the same way. After receiving your request we may request additional information to verify your identity. You can also submit a complaint to the data protection regulator in your jurisdiction . We will not treat you differently for exercising your rights.

Do Not Track. We honor “Do Not Track” signals and do not track, plant cookies, or use advertising when we receive a “Do Not Track” signal.

6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

CoinTracker is headquartered in the US. The US may have data protection laws less stringent than or otherwise different from the laws in the EU. Transfers of your personal information to CoinTracker in the US are necessary to perform the agreement we have entered into, or are about to enter into, with you.

Before July 16, 2020, we relied on our EU-U.S. Privacy Shield certification to transfer personal information from the EU to the U.S. On July 16, 2020, the European Court of Justice ruled that the EU-U.S. Privacy Shield is no longer available for these transfers. Before September 8, 2020, we relied on our Swiss-U.S. Privacy Shield certification to transfer personal information from Switzerland to the US but on September 8, 2020 the Swiss Federal Data Protection and Information Commissioner determined that the Swiss-U.S. Privacy Shield is no longer available for these transfers. We continue to comply with the Privacy Shield Principles described in the Privacy Shield section below as required by the US Department of Commerce.

Privacy Shield

CoinTracker complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the U.S.

CoinTracker is subject to oversight by the US Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance — free of charge to you. Should you have any complaints, please contact us. If you are not satisfied with our response, please contact JAMS. In the event your concern still is not addressed by JAMS, you may be entitled to binding arbitration under Privacy Shield and its principles.

Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, CoinTracker will provide individuals access to personal information about them. CoinTracker will also take reasonable steps to enable individuals to correct, amend, or delete personal information that is demonstrated to be inaccurate.

CoinTracker is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. CoinTracker complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.

7. CHILDREN

Our Service is not directed to children who are under the age of 18. CoinTracker does not knowingly collect personal information from children under the age of 18. If you believe that a child under the age of 18 provided personal information to CoinTracker please contact us and we will delete that information.

8. LINKS TO OTHER WEBSITES

The Service may contain links to other websites not operated or controlled by CoinTracker, including social media services (“ Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

9. SECURITY

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. However, no security measures are 100% failsafe and we cannot guarantee the security of your personal information. You use the Service at your own risk.

10. CHANGES TO THE PRIVACY POLICY

The Service and our business may change from time to time. As a result, we may change this Privacy Policy at any time. When we do we will post an updated version on this page unless another type of notice is required by applicable law. By continuing to use our Service or providing us with personal information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and the practices described in it.

11. CONTACT US

If you have any questions about our Privacy Policy or information practices, please feel free to contact us.

12. Additional Notice for the European Economic Area and the United Kingdom

If you are using our Services from the EEA or the UK, the following disclosures (also) apply to our processing of personal data. When we use the term "personal data" in this section, we mean information relating to an identified or identifiable natural person.

Unless otherwise informed in a specific privacy statement, if you are based in the EEA or the UK, the data controller for the Services is Nino Finance, Inc.

a. International Transfers of Your Personal Data

The personal data we process from you may be transferred to and stored in countries outside the EEA and UK where we and our external recipients, including our service providers, have operations, including in the United States of America.

In the event of an international transfer, we ensure that the personal data is transferred

  • (a) to a country, territory, or sector ensuring an adequate level of protection in relation to the processing of personal data as determined by the European Commission, which can be reviewed here;

  • (b) to an entity that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of data subjects as determined by the European Commission, such as to U.S. entities certified under the EU U.S. Data Privacy Framework; or

  • (c) pursuant to appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021, whose clauses can be reviewed under the Annex of the aforementioned Implementing Decision.

If you wish to enquire further about international transfers and the safeguards we rely on, including the specific contracts entered into, please contact us using the details set out under Section 11.

b. Your Right in Respect to Your Personal Data

In accordance with applicable privacy law, you may have the following rights in respect of your personal data that we hold:

  • Right of access. You have the right to obtain certain information about our processing of your personal data which includes:

    • confirmation of whether, and where, we are processing your personal data;

    • information about the categories of personal data that we are processing, the purposes for which we process your personal data, and information as to the envisaged storage period or the criteria used to determine it

    • where the personal data are not collected from you, information as to their source;

    • information about the recipients or categories of recipients with whom we may share your personal data and, in case of transfers to countries outside of the EEA, information about the appropriate safeguards;

    • The existence of automated decision-making, including profiling, and relevant information in relation thereto; and

    • a copy of the personal data we hold about you.

  • Right of portability. You have the right, under certain conditions, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports its re-use in relation to another controller, or, where technically feasible, to request the transfer of your personal data to another controller.

  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.

  • Right to erasure. You have the right, under certain conditions, to require us to erase your personal data without undue delay, if the continued processing of that personal data is not justified. This may particularly be the case if the processing of your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed. However, we may particularly refrain from erasing your personal data to the extent that its continued processing is necessary for compliance with a legal obligation (including statutory retention obligations, such as under tax law) or for the establishment, exercise or defense of legal claims.

  • Right to restriction. You have the right to require us to restrict the processing of your personal data if our continued processing of the personal data in this way is not justified, under certain conditions, such as where (i) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data, or (ii) the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.

  • Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent at any time with future effect. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.

  • RIGHT TO OBJECT. YOU HAVE A RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA

    • BASED ON THE LEGITIMATE INTERESTS BY US OR A THIRD PARTY ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION WHILE WE WILL NO LONGER PROCESS THE PERSONAL DATA UNLESS (I) WE ARE ABLE TO DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR (II) FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS; OR

    • FOR DIRECT MARKETING PURPOSES.

13. GDPR EU AND UK REPRESENTATIVE INFORMATION

Our appointed EU Representative is:
Instant EU GDPR Representative Ltd
Adam Brogden
contact@gdprlocal.com
Tel + 353 15 549 700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

Our appointed UK Representative is:
GDPR Local Ltd
Adam Brogden
contact@gdprlocal.com
Tel + 441 772 217 800
GDPR Local Ltd
1st Floor Front Suite 27-29 North Street, Brighton
BN1 1EB
England