PRIVACY POLICY
TAXALOT takes the protection of your personal data very seriously. This Privacy Policy describes what data we collect when you use our website and trading statement analysis tools, how we process it, and your rights under the General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act (ZZLD).
GENERAL INFORMATION
TAXALOT is a web-based tool that helps Bulgarian nationals prepare their annual tax declarations. Using our website does not require registration or the creation of a user account. There are three ways personal data may enter our system:
· Analyzer tool — when you upload a trading statement file (CSV or XLSX) for tax calculation purposes.
· Contact form — when you submit an inquiry via our contact form with your name, email, phone number and message.
· Analytics — anonymous usage data collected via PostHog analytics (see Section 5 below).
CATEGORIES OF DATA COLLECTED
In the interest of providing and improving the TAXALOT service, the following categories of data may be collected:
· Financial information files (CSV, XLSX) containing information about instruments, quantities, prices, dates and realized profits/losses. These files are uploaded voluntarily by the user for analysis purposes.
· In rare cases, the uploaded files may contain personal identifiers such as a client number or name assigned by the broker. We recommend using reports without personal data whenever possible. TAXALOT automatically strips personally identifiable information (PII) from CSV files before storage. For Excel files, sheets containing sensitive personal information are excluded from storage.
· Contact form data: name, email, phone number and message content, collected solely for the purpose of responding to your inquiry.
· Request metadata (e.g. IP address, browser type) used for security and prevention of abuse. This data is processed with due care and is protected from access by third parties.
· Analysis session data: aggregated results of file parsing (transaction count, summary totals, diagnostic information). Each analysis session is identified solely by a random UUID — no user identity is linked to uploaded files or analysis results.
· User corrections: if you manually edit parsed transactions in the review step, those edits are stored (linked only by session UUID) for the purpose of improving our parsing algorithms.
LEGAL BASIS FOR PROCESSING
TAXALOT processes personal data on the following legal bases under Article 6 of the GDPR:
· Consent (Art. 6(1)(a)) — for the use of analytics cookies (PostHog) after you accept cookies via the cookie banner; and for the processing of uploaded trading statement files.
· Contract performance (Art. 6(1)(b)) — for processing contact form submissions in order to respond to your inquiry.
· Legitimate interest (Art. 6(1)(f)) — for anonymous analytics (before cookie consent), security measures, rate limiting, and abuse prevention.
USE AND DISCLOSURE OF DATA TO THIRD PARTIES
TAXALOT does not sell, rent, or share personal data with third parties for marketing purposes. Non-anonymous data is not disclosed to third parties except as required by law or explicitly agreed to by the user.
TAXALOT implements appropriate technical and organizational measures to protect stored data from unauthorized access.
We may provide links to other websites or resources. You acknowledge and agree that TAXALOT is not responsible for the availability, content, or practices of such external sites. You should review their privacy policies before providing them with any personal data.
USAGE ANALYSIS VIA POSTHOG
TAXALOT uses PostHog, an analytics platform, for understanding how our website is used and improving the service.
Before cookie consent: PostHog operates in anonymous, cookieless mode. No cookies or localStorage entries are created. Data is stored in memory only for the duration of the page session. No personal profiles are created.
After cookie consent (accepted): PostHog switches to full tracking mode with localStorage and cookie-based persistence. Person profiles may be created. Autocapture of user interactions may be enabled.
EU data residency: All PostHog data is stored on EU servers (eu.posthog.com). The analytics endpoint is proxied through our hosting provider to ensure reliable delivery.
Events tracked include: page views, navigation actions, language and theme changes, contact form interactions, and analyzer usage (platform selection, file upload outcomes, export downloads). All events include a page_lang property for language context. No personally identifiable information is sent to PostHog.
REVOCATION OF CONSENT
You may at any time revoke previously granted consent to process your data by sending written notification by e-mail to taxalot.service@gmail.com
If you revoke your consent, TAXALOT may no longer be able to provide certain services. Revocation does not affect the lawfulness of processing carried out before the revocation.
You may also withdraw cookie consent at any time by clearing your browser cookies for taxalot.com. PostHog will then revert to anonymous, cookieless mode on your next visit.
DATA RETENTION
TAXALOT retains data for the following periods:
· Uploaded file content (raw data): stored for up to 7 days for diagnostic and debugging purposes, then permanently deleted.
· Analysis session metadata (transaction counts, summaries, diagnostics): stored for up to 7 days.
· User corrections (manual edits from the review step): stored for up to 1 year for parser improvement, linked only by anonymous session UUID.
· Contact form submissions: stored until the user requests deletion, or until no longer needed for the purpose of responding to the inquiry.
· Analytics data: retained per PostHog's data retention policies (EU data residency).
· Cookie consent preference: stored as a browser cookie for 1 year.
When data is no longer needed for the purposes described above, it is permanently deleted or anonymized.
YOUR DATA RIGHTS
Under the GDPR and the Bulgarian Personal Data Protection Act (ЗЗЛД), you have the following rights:
· Right of access (Art. 15 GDPR) — to obtain confirmation of whether your personal data is being processed and to access it.
· Right to rectification (Art. 16 GDPR) — to correct inaccurate personal data.
· Right to erasure (Art. 17 GDPR) — to request deletion of your personal data ("right to be forgotten").
· Right to restriction of processing (Art. 18 GDPR) — to restrict the processing of your data under certain circumstances.
· Right to data portability (Art. 20 GDPR) — to receive your data in a structured, commonly used format.
· Right to object (Art. 21 GDPR) — to object to the processing of your data based on legitimate interest.
To exercise any of these rights, contact us at taxalot.service@gmail.com
You also have the right to lodge a complaint with the Commission for Personal Data Protection (КЗЛД) — the Bulgarian supervisory authority: kzld.bg, Sofia, Bulgaria.
CHILDREN'S PRIVACY
TAXALOT is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at taxalot.service@gmail.com so that we can take appropriate action.
DISCLAIMER — NOT FINANCIAL OR TAX ADVICE
TAXALOT is a document preparation tool only. It does not provide professional tax, financial, legal or investment advice. No professional-client relationship of any kind is created through the use of this website or its tools. All information, calculations and generated documents are provided for informational and assistive purposes only and should not be relied upon as a substitute for professional consultation. Use of this website and its tools is entirely at your own risk.
COOKIE POLICY
In order for the website https://taxalot.com (collectively, "Site") to work according to the set functionality and to be as easy as possible to use and to improve the quality of the offered services, the Site uses "cookies". This is a standard practice widely used in almost all websites around the world. This document explains how we do this.
What are cookies?
Cookies are small files saved by your browser on your device. They allow the user's device to be identified and the correct behavior of a web page to be achieved, according to their individual preferences. This improves the functionality of the Site. Cookies usually contain the name of the Site, the storage time of the terminal and a unique number.
How do we use cookies?
Cookies are used to adapt the content of the Site to the user's preferences and to optimize the use of the Site. They are also used to create anonymous statistics (on user behavior on the Site) in order to improve the structure, design, appearance and content of the Site.
We use cookies for:
• remembering your cookie consent preference;
• analytics and understanding how visitors use the Site (only after consent);
• ensuring the security of the Site;
• temporary storage of data entered in the tools offered on the Site;
What types of cookies do we use?
Absolutely necessary cookies
These cookies are necessary for the operation of the Site and cannot be excluded from our systems. They are usually set only in response to actions taken by you that constitute a request for services, such as setting your privacy preferences. You can set your browser to block or warn you about these cookies, but some parts of our page would not work. These cookies do not store any personal information.
Analytics cookies
These cookies allow us to track visits and understand usage patterns so that we can improve the effectiveness of the Site. All information collected by these cookies is aggregated and anonymous. These cookies are only set after you accept cookies via the cookie banner. If you do not accept cookies, analytics operates in fully anonymous, cookieless mode.
| Name | Supplier | Purpose | Validity | Type |
| cookie_consent | taxalot.com | Stores the user's cookie consent decision (accepted or declined) | 1 year | HTTP Cookie |
| ph_* | PostHog (EU) | Analytics session tracking and user identification (only set after cookie consent is accepted) | Session / varies | HTTP Cookie |
Local storage
In addition to cookies, TAXALOT uses browser local storage for the following purposes:
• Theme preference — your selected light/dark theme is stored in localStorage so it persists between visits.
• PostHog persistence (after cookie consent) — analytics session data is stored in localStorage for continuity between page navigations.
• Analyzer session ID — stored in sessionStorage (cleared when the browser tab is closed) to link related analysis actions within a single session.
Change cookie settings
Most sites automatically accept cookies, but if you do not wish to accept them, you can configure your browser to reject them.
Most web browsers allow you to control cookies through the settings of the browser itself. You can usually find these settings in the "Options" or "Preferences" menu. You can delete all cookies that are already stored on your computer, as well as set most browsers to block them completely.
Alternatively, an external resource located at www.allaboutcookies.org/manage-cookies can be used, which can provide specific information about cookies and how to manage them according to the User's preferences.
However, if you do this, you may need to manually adjust some settings each time you visit a site, and some services and features may not work.
Please note that blocking cookies will affect the way the Site works and may lead to malfunctioning of the Site.