Privacy Policy
Last updated: June 20, 2026 · Effective: June 20, 2026
This Privacy Policy explains how CoinsTax LLC, a Washington limited liability company, doing business as AllMy ("AllMy", "we", "us", or "our"), handles personal information in connection with AllMy Support (the "Service"). It should be read together with our Terms and Conditions and, where applicable, our Data Processing Addendum ("DPA"). Capitalized terms not defined here have the meaning given in the Terms and Conditions, including "Customer", "Customer Content", and "End Users".
1. The two roles we play
AllMy handles personal information in two distinct capacities, and your rights depend on which applies.
As a controller. For some information, we decide how and why it is processed. This covers the information we collect to run our business and provide the Service to our customers, for example account and billing details of the businesses that subscribe, information about visitors to our website, and our own communications. This Privacy Policy governs that processing.
As a processor. When you use the Service to receive, store, and respond to support requests, the personal information contained in that Customer Content (including emails, tickets, attachments, and submissions your End Users make through any customer portal or knowledge base) is processed by us on behalf of, and under the instructions of, our Customer. For that information, the Customer is the controller and we are the processor. Our handling of it is governed by our agreement with that Customer and the DPA, not by this Privacy Policy.
If you are an End User (a customer of a business that uses AllMy Support): the business you contacted is the controller of your information. Please direct any privacy questions or requests to that business. We will assist them as their processor, but we cannot respond to your requests directly without their authorization.
2. Information we collect (as controller)
- Account and profile information: such as your name, work email address, company name, and login credentials (passwords are stored in hashed form).
- Billing information: your subscription and transaction history. Card payments are processed by Stripe; we do not store full payment card numbers on our systems.
- Communications: information you provide when you contact us for support, sales, or other enquiries.
- Usage and device information: collected automatically when you use our website or the Service, such as your IP address, browser type, operating system, pages viewed, and interactions with the Service.
- Security and audit events: records of security-relevant actions on your account, such as sign-ins, and privacy actions taken in the Service, kept to secure the Service and demonstrate accountability.
- Cookies and analytics data: as described in Section 5.
We do not seek to collect special categories of personal data about you in our role as controller. Customer Content may contain any information your End Users choose to send; that is handled in our processor role.
3. How we use information and our legal bases
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- To provide and administer the Service, manage your account, and process billing: performance of our contract with you.
- To secure the Service, prevent fraud and abuse, maintain reliability, and improve and develop our products: our legitimate interests in operating a safe and effective service.
- To set non-essential cookies and run analytics: your consent, where required.
- To send service and transactional messages (for example, security notices, billing notices, and important changes): performance of our contract or our legitimate interests. We do not currently send marketing email; if we introduce it, we will rely on consent where required and you will be able to opt out at any time.
- To comply with legal obligations (such as tax and accounting requirements) and to respond to lawful requests: compliance with a legal obligation.
4. How we share information
We do not sell your personal information for money. We share information only as described here:
- Service providers (sub-processors) that help us operate the Service, each
bound to protect the information and use it only on our instructions:
- Stripe: payment processing.
- Amazon Web Services (SES): inbound email and our own outbound transactional email. (Outbound email you send through your own SMTP provider is handled by that provider, not by us.)
- Hetzner: hosting and infrastructure.
- Google Analytics: website and product usage analytics.
- Legal and safety disclosures: where we reasonably believe disclosure is required by law, regulation, legal process, or a governmental request, or is necessary to protect the rights, property, or safety of AllMy, our customers, or others.
- Business transfers: if AllMy is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction; we will require the recipient to honor this Privacy Policy or notify you of any material change.
A current list of sub-processors, with their purpose and location, is published on our sub-processors page and forms part of our DPA.
5. Cookies and analytics
We use cookies and similar technologies on our website and within the Service:
- Strictly necessary and functional cookies: required to operate the Service, keep you signed in, and remember your preferences. These do not require consent.
- Analytics cookies: we use Google Analytics to understand how our website and the Service are used so we can improve them. Where required (including for visitors in the UK and EU), we will request your consent before setting these, and you can decline or withdraw consent at any time through our cookie controls or your browser settings. Before you accept, or if you decline, Google Analytics runs in a cookieless mode: it sets no analytics cookies, but a limited signal such as your IP address and browser type may still be sent to Google. Google may process the resulting data, including in the United States.
Where we set our own cookies or analytics on End-User-facing surfaces (such as a customer portal), we act as a controller for that limited usage data. Our Customers remain responsible for the privacy notices they present to their own End Users.
6. International transfers
We operate worldwide. We and our sub-processors may process personal information in the EU and the United States (for example, email delivery, analytics, and payment processing). The current sub-processors, with their location and transfer basis, are listed on our sub-processors page.
Where we transfer personal information out of the UK or EEA to a country without an adequacy decision, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or, where applicable, the EU-US Data Privacy Framework. You may contact us for more information about these safeguards.
7. Data retention
We keep personal information only for as long as needed for the purposes described in this Privacy Policy.
- Account and billing information is retained while your account is active and afterwards only as long as necessary for legitimate business and legal purposes, such as tax, accounting, and dispute resolution, after which it is deleted or anonymized.
- Customer Content is handled per our agreement and DPA; following termination, we make it available for export for 30 days, after which we delete it in the ordinary course, subject to any longer retention required by law.
- Backups are retained on a rolling basis and cycled out over time.
8. Security
We use reasonable technical and organizational measures designed to protect personal information against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
9. Your rights
Depending on where you live, you may have some or all of the following rights regarding personal information we hold about you as a controller.
UK and EU (GDPR / UK GDPR). You have the right to access, correct, delete, restrict, or object to our processing of your personal information, to data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection supervisory authority.
United States (California and other state privacy laws). You may have the right to know what personal information we collect and how we use and disclose it, to access and delete it, to correct it, and to opt out of any "sale" or "sharing" of personal information. We do not sell personal information for money. To the extent our use of analytics cookies is considered "sharing" or targeted advertising under your state's law, you can opt out through our cookie controls. We will not discriminate against you for exercising your rights.
To exercise any of these rights, contact us using the details in Section 12. We may need to verify your identity before acting. If you are an End User, please contact the business that handles your support request, as they control your information (see Section 1).
10. Children
The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from children under 16 (or under 13 in the United States). If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy with a new date at the top of this page, and material changes take effect 30 days after they are posted. Where data protection law requires us to give you notice of, or obtain your consent for, a change, we will do so. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy, so please review this page periodically.
12. Contact
For privacy questions or to exercise your rights, contact us at [email protected]. We operate as CoinsTax LLC, doing business as AllMy.