Privacy Policy

Last updated: January 2026

1. Introduction

CoinHarvest ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency tax-loss harvesting platform.

2. Information We Collect

Account Information

  • Email address (via Google OAuth)
  • Name (as provided by your Google account)
  • Profile picture (optional, from Google)

Exchange Connection Data

  • API keys and secrets for connected exchanges (encrypted at rest)
  • Account balances and transaction history from connected exchanges
  • Trade execution data for tax-loss harvesting operations

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Feature usage and preferences

3. How We Use Your Information

  • To provide and maintain our tax-loss harvesting service
  • To execute trades on your behalf when authorized
  • To generate tax reports and loss summaries
  • To communicate with you about your account and service updates
  • To improve our platform and develop new features
  • To comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • All API keys and secrets are encrypted at rest using Supabase Vault
  • Two-factor authentication (TOTP) is available for account protection
  • All data transmission is encrypted via TLS/HTTPS
  • We use row-level security to isolate user data
  • Regular security audits and penetration testing

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Third-party services that help us operate (e.g., hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Disconnect exchange accounts at any time
  • Opt out of non-essential communications

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Trade history and tax-related data may be retained for up to 7 years to comply with tax record-keeping requirements. You may request deletion of your account at any time.

8. Cookies

We use essential cookies required for authentication and session management. We do not use third-party advertising cookies. Analytics cookies may be used to improve our service, and you can opt out through your browser settings.

9. Children's Privacy

CoinHarvest is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: privacy@coinharvest.com