1. Introduction and Data Controller
This Privacy Policy describes how the Crypto Analyzer app ("we," "our," or "the App") collects, uses, and protects your information. We are committed to protecting your privacy and ensuring the security of your financial data.
Data Controller: Crypto Analyzer is developed and operated by Shanglong Ning, who is the data controller for personal data processed through the App. Contact hi@cryptoanalyzer.app or use the Help & Support page.
Legal Basis: We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
Information Processed on Your Device:
- Transaction Data: CSV files you import containing your cryptocurrency transaction history, including dates, amounts, prices, fees, and transaction types
- Portfolio Information: Calculated values including asset quantities, average costs, profit/loss calculations, and fee analyses derived from your transaction data
- App Preferences: Settings such as default chart timeframes, appearance preferences, price refresh frequency levels, and onboarding completion status
Limited Data Sent for App Functionality:
- Market-Data Requests: Token symbols or trading pairs, dates where required, optional provider API keys, and normal connection metadata are sent to the services listed below. Providers may retain limited request, device, account, or usage information under their own policies
- Diagnostics: Technical diagnostics and device/app version details stay on the device unless you explicitly export and share a diagnostic file. The App does not upload crash or usage telemetry automatically
Lawful Basis for Processing:
- Legitimate Interests: Processing necessary for app functionality and improvement
- Contract: Processing necessary to provide the service you requested
- Consent: Where you have provided explicit consent for specific processing activities
3. How We Use Your Information
We use your information solely to provide the App's functionality:
- Portfolio Analysis: Calculate fees, profit/loss, and performance metrics based on your transaction history
- Data Visualisation: Generate charts and graphs showing your portfolio performance over time
- Price Updates: Fetch current market prices to provide real-time portfolio valuations
- Export Functionality: Allow you to export your analysed data in various formats (CSV, PDF, Markdown, Text)
- App Improvements: Store preferences to enhance your user experience
- Technical Support: Diagnose issues using a redacted diagnostic export only when you explicitly choose to share one
- Compliance: Meet legal obligations where applicable
Crypto Analyzer does not use your financial records for:
- Marketing or advertising purposes
- Profiling or automated decision-making
- Sharing with third parties for commercial purposes
- Creating user profiles for external services
4. Data Storage and Security
Local Storage:
- Device-Only Storage: Transaction, portfolio, filing, and tax records are stored in the App's protected local files and databases; provider keys and selected taxpayer fields use the iOS Keychain
- No Cloud Storage: We do not store your financial data on our servers or in the cloud
- Local File Protection: Local stores use iOS Data Protection and app sandboxing
- Secure File Handling: A selected CSV or ZIP is parsed locally; the original remains under the control of the Files provider you selected
- Optional Reminders Item: If you tap “Add deadline reminder,” the App writes the displayed tax-year reminder and a short filing-receipt reference to Reminders.app. Apple may sync that item through your iCloud settings; it remains under your control in Reminders and is not sent to Crypto Analyzer
Security Measures:
- Device Security: Your data is protected by iOS device encryption, Data Protection, and the passcode or biometrics configured on your device
- Access Controls: Sensitive filing, import, and shortcut actions use Face ID or the device passcode where the App presents an authentication gate
- Regular Updates: Security patches are delivered through app updates
- Secure Communication: All API communications use HTTPS encryption
Data Retention:
- User Control: Data is retained until you choose to delete it
- No Financial-Record Retention: Our managed price server does not retain request logs. External providers never receive transaction history, quantities, balances, tax records, filing identity, or wallet addresses, but may retain the limited symbol, date, provider-account, and connection metadata described below under their own policies
- Portfolio Reset: "Clear Saved Data" removes imported portfolios, analysis, filing records, manual prices, local filing notifications, and any app-created Reminders items the App is still permitted to access. It keeps preferences and saved API keys
- Complete In-App Erasure: Revoke consent and choose to delete data to remove the App's local stores, preferences, diagnostics, and Keychain entries. If Reminders access was revoked first, remove any Crypto Analyzer filing reminder directly in Reminders.app
- Files Outside the App: CSV, PDF, ZIP, database, or diagnostic files you exported remain where you saved or shared them and must be deleted there separately
5. Third-Party Services and Data Sharing
External APIs:
The App uses external cryptocurrency price and logo APIs to fetch market data:
- Crypto Analyzer API: Preferred historical USD source when available. It serves static data derived from Coin Metrics Community Data, licensed CC BY-NC 4.0. Changes are canonical ticker mapping, UTC close-date normalisation, and merging with gap-only Binance/USDT rows. Every row retains its source. If the API is unavailable or stale, the App continues through the providers below
- CryptoCompare API: Primary source for historical cryptocurrency prices
- Binance API: Fallback source for price data
- Coinbase and Coinbase Exchange APIs: Fallback sources for price data, including current spot prices, a live-price WebSocket stream, and historical candles
- Kraken API: Fallback source for recent prices
- CoinGecko API: Fallback source for price data in batch requests and token logo lookups
- DeFiLlama API: Fallback source for price data in batch requests
- Messari, MEXC, KuCoin, Gate.io, OKX, and Bitfinex APIs: Long-tail price fallbacks
- Trust Wallet Assets CDN and CoinGecko image CDNs: Token logo images
- Frankfurter API: USD to GBP exchange rates used in HMRC tax calculations; application fields are the currency pair and calendar date, and normal connection metadata still applies
Data Transmitted to APIs:
- Managed API: The managed API receives one canonical ticker in the static-file path. No amount, balance, transaction, wallet address, account identifier, or advertising ID is transmitted; its access logging is disabled
- Timestamps: For historical price data requests
- Batch requests: Some providers (CoinGecko, DeFiLlama, Binance, and Coinbase, including Coinbase's live-price WebSocket) can receive the list of token symbols you hold in a single request. Logo lookups reveal individual held symbols to logo services. The App sends these fields only to request price or logo functionality; providers process them under their own policies
- Provider accounts and connection data: If you save an optional provider API key, requests to that provider are linked to your account there. Every destination receives normal connection metadata such as source IP, and third-party providers may retain limited request, device, account, or usage information under their own policies
- Request minimisation: Production network sessions reject provider cookies, shared credentials, and URL caching. This prevents persistent provider identifiers in later App requests but does not hide the source IP or optional API key
- No transaction details: Your transaction history, quantities, balances, wallet addresses, filing identity, and tax records never leave your device
Data Sharing Policy:
- No Financial-Record Sharing: We do not sell, trade, or share your transaction history, quantities, balances, tax data, filing identity, or wallet addresses with third parties
- No Marketing Purpose: We do not send market-data request fields for marketing or advertising and do not sell them. Providers process the limited fields under their own policies
- Legal Compliance: We may disclose data if required by law, but given our local storage model, we typically have no data to disclose
Service Providers:
- No Financial-Record Processing: Neither our managed price server nor external providers receive or process your transaction history, quantities, balances, tax data, filing identity, or wallet addresses
- API Rate Limiting: We implement measures to minimise API usage and protect your privacy
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Access Rights:
- Right to Access: View all your stored data through the app's interface
- Data Portability: Export your data in multiple formats (CSV, PDF, Markdown, Text)
- Transparency: Clear information about how your data is processed
Control Rights:
- Right to Rectification: Edit or update your transaction data and preferences within the app
- Right to Erasure: Revoke consent and choose to delete data for complete in-app erasure. Use "Clear Saved Data" when you only want to remove portfolio and tax data while keeping preferences and saved API keys
- Right to Restrict Processing: Control how your data is used through app settings
- Right to Object: Opt out of non-essential data processing
Consent Management:
- Withdraw Consent: Revoke consent for consent-based processing at any time
- Data Preservation Choice: When revoking consent, choose whether to preserve or delete your local data
- Granular Control: Control different types of data processing independently
How to Exercise Your Rights:
- In-App Controls: Most rights can be exercised directly through the app interface
- Consent Revocation: Access consent management through Settings → Privacy Policy or Terms of Service
- Data Deletion Options: Choose to delete all in-app data when revoking consent, or use "Clear Saved Data" in Settings for a portfolio-and-tax reset. Delete previously exported files and inaccessible Reminders items in the apps where you saved them
- Contact Us: For complex requests, contact us through the Help & Support section
- Response Time: We will respond to requests within one month
- No Fee: Exercising your rights is free of charge
Right to Complain:
- ICO Complaints: You have the right to lodge a complaint with the Information Commissioner's Office (ICO)
- ICO Contact: Information available at ico.org.uk
7. International Data Transfers
Limited International Transfers:
- API Requests: When fetching price data, requests may be processed by servers in various countries
- No Financial Records: These requests contain only cryptocurrency symbols or trading pairs, dates where required, optional provider-account API keys, and normal internet connection metadata such as the source IP. They never contain transaction history, quantities, balances, tax data, filing identity, or wallet addresses
- Provider Terms: Third-party processing is governed by each provider's privacy policy and service terms
UK Data Protection:
- Local Processing: Transaction, wallet, portfolio, and tax processing occurs on your device, wherever the device is located
- No Server Transfer of Financial Records: We do not transfer your transaction history, quantities, balances, tax data, filing identity, or wallet addresses to our servers or external providers. The limited international market-data requests are described above
- UK Data Protection: App-controlled processing is handled under the UK data-protection commitments described in this policy
8. Children's Privacy
- Not Directed to Children: Crypto Analyzer is a financial record-keeping tool and is not designed or marketed specifically for children
- No Child Account: The App has no account system and does not ask for a user's name, email address, date of birth, or age
- No Social or Trading Features: The App has no chat, social feed, advertising, in-app purchases, trade execution, custody, or token rewards
- Parental Supervision: A parent or guardian should supervise a young person's use of financial records and exported files
- Privacy Protection: Sensitive financial records stay local. Only the limited market-data request fields described above are sent to external providers
9. Updates to This Privacy Policy
Policy Updates:
- Regular Reviews: We review this Privacy Policy regularly to ensure it remains current
- Change Notification: Material changes will be identified in the App, the public policy, or release notes as appropriate
- Renewed Choice: The App will request renewed consent where applicable law or the nature of a change requires it
- Effective Date: Changes take effect on the date stated in the updated policy unless a later date is specified
Version Control:
- Last Updated Date: Always clearly displayed
- Change History: Previous versions are retained in the project's published version history and are available on request
- Material Changes: Significant changes will be described where appropriate
10. Contact Us
Data Protection Enquiries
If you have questions about this Privacy Policy or how your data is handled, contact hi@cryptoanalyzer.app or use the Help & Support page.
Response Times:
- General Enquiries: We aim to respond within 5 working days
- Data Subject Rights: We will respond within one month as required by law
- Urgent Issues: Use hi@cryptoanalyzer.app and describe the issue as urgent
Privacy Contact:
- Controller: Shanglong Ning, developer and operator of Crypto Analyzer
- Contact: hi@cryptoanalyzer.app