Privacy Policy

Who we are

Polyconomic is a UK-focused cryptocurrency tax calculation tool operated by Polyconomic Ltd. References to “we”, “us”, or “our” in this policy refer to Polyconomic Ltd. You can contact us at privacy@polyconomic.com.

We act as the data controller for the personal data you provide when using our service, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What we collect

How we use your data

We process your data only for the following purposes:

• To calculate your cryptocurrency tax position using HMRC rules
• To generate your PDF tax report if you purchase one
• To manage your account, including login and subscription status
• To send transactional emails (account confirmation, password reset, purchase receipt)
• To respond to support requests you send us
• To comply with legal obligations, including HMRC information requests where required by law
• To improve the service through analysis of aggregated, anonymised usage patterns

Our legal basis for processing is: (a) the performance of our contract with you, for data needed to provide the service; (b) our legitimate interests, for usage data and service improvement; and (c) legal obligation, where we are required to process or retain data by law.

Who we share it with

We do not sell your data. We share it only with the following service providers, each bound by data processing agreements consistent with UK GDPR:

We may also disclose your data if required by law, court order, or a legitimate request from a UK regulatory authority. We will notify you of such a request where we are legally permitted to do so.

Cookies

We use essential cookies to keep you signed in and maintain your session. We also use analytics cookies to understand how the service is used. You can manage cookie preferences using the link in the footer.

We honour Do Not Track browser settings. If DNT is enabled, we will not set non-essential cookies.

Security

Your data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). Passwords are hashed using bcrypt with a minimum cost factor of 12. Row-level security on our database means your transaction data is accessible only to your account. We do not store API keys or wallet private keys.

In the event of a data breach that affects your rights, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware, as required by UK GDPR.

How long we keep your data

We keep your data for as long as your account is active. If you delete your account, we will delete your personal data and transaction records within 30 days. We may retain anonymised, aggregated data that cannot be linked back to you. We keep payment records for seven years to comply with HMRC accounting requirements.

Your rights under UK GDPR

You have the right to:

• Access the personal data we hold about you
• Have inaccurate or incomplete data corrected
• Have your data deleted (the right to erasure), subject to legal retention requirements
• Restrict or object to how we process your data
• Receive your data in a portable, machine-readable format
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email us at privacy@polyconomic.com. We will respond within 30 days.

Children

Our service is not directed at anyone under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us and we will delete the account promptly.

Changes to this policy

We may update this policy from time to time. We will notify you by email of any material changes before they take effect. The date at the top of this page shows when it was last updated.

Contact

For any privacy-related questions, email us at privacy@polyconomic.com. For complaints, you can also contact the ICO at ico.org.uk.