Privacy Policy

1. Data controller

The controller of your personal data is MySelf Yevhen Shcherbynskyi, based in Warsaw.

Personal data is processed for the following purposes:

• Providing tax calculator services (Art. 6(1)(b) GDPR)
• Payment processing and order fulfillment (Art. 6(1)(b) GDPR)
• Technical communication and support (Art. 6(1)(f) GDPR)
• Providing optional marketing communications when enabled by the user (Art. 6(1)(a) and (f) GDPR, together with applicable electronic communications rules)
• Operating the optional Referral Program, including participation activation and abuse prevention (Art. 6(1)(b) and (f) GDPR)
• Fulfilling legal obligations (Art. 6(1)(c) GDPR)

Data will not be shared with third parties, except for entities authorized under applicable law and entities providing technical services necessary for the operation of the Service (hosting, payments).

2. What data we collect

When using the Service, we process the following categories of data:

2.1. Identification data

• Email address — required for account creation and communication
• Username — optional, displayed in the interface

2.2. Google OAuth data (optional)

If you choose to log in via Google OAuth, we collect:

• Email address from your Google profile
• First and last name (if available in your profile)
• Profile picture (if available)

We do not have access to: your Gmail inbox, contacts, Google Drive files, or any other Google data beyond the basic profile information listed above.

2.3. Transaction data

Data from imported broker files containing:

• Buy and sell transactions of financial instruments
• Transaction dates, amounts, instrument symbols
• Dividends and other income
• Broker commissions and fees

2.4. Technical data

• IP address, browser information, access time
• System logs used for Service administration

2.5. Payment data

Payment transaction information processed by Stripe, Inc. (payment processor). The Service Provider does not store credit card data.

3. Transaction data processing

Imported files are not shared or sold to third parties. They may only be used to improve the Service (e.g., improving broker format recognition algorithms), always in an anonymized manner without the possibility of identifying a specific user.

4. Sharing data with third parties

Personal data may be shared with the following categories of recipients:

• Google LLC — providing authentication data for Google OAuth login
• Stripe, Inc. — processing online payments for the Professional plan
• Supabase (AWS Frankfurt) — hosting and database in the European Union, including OAuth authentication
• National Bank of Poland — retrieving exchange rates for conversions (public data, no personal data)

We do not sell, trade, or share personal data with third parties for marketing purposes.

5. Data security

We apply appropriate technical and organizational measures to ensure data protection:

• SSL/TLS encryption for all data transmissions
• Encryption at rest on servers
• Data stored exclusively on servers in the European Union (AWS Frankfurt)
• Regular backups
• Access control and multi-factor authentication
• Security event monitoring and logging

6. User rights

Under the GDPR, you have the following rights:

• Right of access — you may request information about the data being processed
• Right to rectification — you may request correction of inaccurate data
• Right to erasure — you may request deletion of data ("right to be forgotten")
• Right to restriction of processing — you may request restriction of data processing
• Right to data portability — you may receive your data in a structured format
• Right to object — you may object to data processing in certain cases
• Right to lodge a complaint — you may file a complaint with the supervisory authority (UODO)

To exercise the above rights, contact us at kontakt@podatekgieldy.pl or use the "Delete account" option in your account settings.

7. Data retention period

Personal data is retained for the period necessary to fulfill the purposes for which it was collected:

• Account data — until the account is deleted by the user
• Transaction data — until the account is deleted by the user (if the user consented to storage)
• Payment data — in accordance with legal requirements (typically 5 years from the end of the contract)
• System logs — up to 12 months

In some cases, we may be required to retain certain data under applicable law (e.g., for tax or accounting purposes). In such cases, we will inform you of the reasons.

8. Cookies and similar technologies

For detailed information about the cookies and similar technologies we use, including the referral_code cookie and browser-stored consent preferences, please see ourCookie Policy.

9. Changes to the privacy policy

We reserve the right to make changes to this Privacy Policy. We will inform you of significant changes through the Service or by email. We recommend regularly reviewing the content of this Policy.

10. Contact

For matters related to personal data protection or exercising user rights, please contact us: