1. Introduction & Overview

Arthur Labs, a Wyoming S-Corporation (Filing No. 2024-001512097) with its principal place of business in Omaha, Nebraska, USA (“Arthur Labs,” “we,” “our,” or “us”), operates the crypto tax reporting service available at crypto.arthurlabs.net (the “Service”). This Privacy Policy explains what information we collect when you use the Service, how we use it, with whom we share it, and what rights you have with respect to your information.

This Policy applies to all visitors to our website and to all users who submit wallet addresses, make payments, or communicate with us through any channel. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein. This Privacy Policy is incorporated by reference into our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

Arthur Labs collects only the minimum information necessary to provide the Service. The categories of information you may provide are as follows:

Email address. You provide your email address so that we can deliver your completed PDF tax report. Your email address is transmitted to our email service provider solely for the purpose of sending that report and any status notifications related to your scan (for example, a confirmation that your payment was received and your scan has begun). Once delivery is complete, your email address is not retained by Arthur Labs on any central server. Our email service provider may retain delivery logs subject to its own data retention practices; please review that provider’s privacy policy for details.

Wallet addresses. You provide one or more cryptocurrency wallet addresses so that the Service can retrieve and analyze the publicly available transaction history associated with those addresses. Wallet addresses are processed entirely in ephemeral server memory during the active scan session and are not written to any persistent database or storage medium. Once processing is complete and the report has been generated and delivered, wallet addresses are purged from server memory.

Support communications. If you contact us by email at support@arthurlabs.net, we will receive and read your message for the purpose of responding to your inquiry. These communications are handled through our email system and are not stored in any centralized database maintained by Arthur Labs.

2.2 Information We Do Not Collect

Arthur Labs does not collect, request, or store any of the following categories of information: government-issued identification numbers (including Social Security Numbers or Tax Identification Numbers); financial account numbers or credit card information; passwords or authentication credentials; biometric data; precise geolocation data; racial or ethnic origin; health or medical information; or any other category of sensitive personal information as defined under applicable privacy laws.

2.3 Information Collected Automatically

Arthur Labs does not log or retain IP addresses of visitors or users on any ongoing basis. Our hosting infrastructure (Vercel) may process IP addresses transiently as part of normal network request routing, but we do not configure or access those logs for any purpose relating to individual user identification. We do not use device fingerprinting, browser tracking, or any persistent identifier to track individual users across sessions.

3. Client-Side Storage & Tracking

3.1 Cookies

Arthur Labs does not set any cookies on your browser for any purpose, including authentication, analytics, advertising, or tracking. We have confirmed through review of our codebase that no cookie-setting code, tracking pixels, or session cookies of any kind are present in the Service.

3.2 Session Storage & IndexedDB

Arthur Labs does not use sessionStorage, IndexedDB, or any browser-based database mechanism to store user data of any kind.

3.3 Functional Consent Storage (localStorage)

Arthur Labs uses a single browser localStorage entry, identified by the key al_terms_accepted_v1, for the strictly functional purpose of recording your acknowledgment of these Terms of Service and this Privacy Policy. This entry contains only a version identifier and the ISO 8601 timestamp of your acknowledgment. It does not contain your name, email address, wallet address, IP address, or any other personal information, and it is not accessible to any third party. This entry is used solely to avoid re-presenting the consent modal on every page visit and is not used for any analytics, advertising, or profiling purpose. You may clear this entry at any time by clearing your browser’s site data for this domain, after which the consent modal will re-appear on your next visit.

3.4 Aggregated Analytics

We use Vercel Analytics to collect aggregated, anonymized traffic data about how visitors use the website. Vercel Analytics is configured to provide only aggregate-level data (for example, total page views, general geographic region, and traffic source categories) without creating individual user profiles, identifying returning visitors, or linking any data to a personally identifiable individual. We additionally use Google Tag Manager and paid marketing platform pixels to measure the aggregate performance of marketing campaigns. These technologies receive only aggregate traffic counts and do not receive, process, or store any personal information such as email addresses, wallet addresses, or user identifiers.

We do not use any advertising network retargeting pixel in a manner that identifies individual users. Any third-party analytics or advertising technology present on the website is configured to the most privacy-protective settings reasonably available and does not receive any data you submit in the course of using the Service (such as your wallet address or email address).

4. Third-Party Service Providers

4.1 Email Service Provider

Arthur Labs uses a third-party email service provider to deliver your PDF tax report and scan confirmation notifications to the email address you provide. We share your email address with this provider solely for the purpose of sending those communications. We do not share your wallet addresses, transaction data, or any other information with our email service provider. The email provider may retain delivery logs or bounce records in accordance with its own privacy and retention policies. We select email service providers that adhere to industry-standard security practices and that agree to process your information only as directed by Arthur Labs.

4.2 Blockchain Data API Providers

To retrieve publicly available transaction histories associated with the wallet addresses you provide, the Service communicates with third-party blockchain data API providers, including Alchemy and Helius for EVM-compatible and Solana blockchain data, respectively, and publicly accessible Bitcoin blockchain explorers. When the Service queries these providers, it transmits only the public wallet address or addresses necessary to retrieve the relevant transaction data. Wallet addresses are public identifiers on their respective blockchains and are not personal information in the traditional sense; they do not, by themselves, identify a natural person. No additional personal information such as your name, email address, or IP address is transmitted to blockchain data providers by the Service.

4.3 Contact & Support Communications

When you contact us at support@arthurlabs.net, your communications are handled through our email system. We do not use any third-party customer relationship management (CRM) platform or support ticketing system that stores your personal information in a centralized database. Support communications are used solely to respond to your inquiry and are not used for marketing or profiling.

4.4 No Sale or Sharing of Personal Information

Arthur Labs does not sell, rent, trade, or otherwise transfer any personal information to third parties for their own marketing, advertising, or commercial purposes. We share your information with third parties only as described in this Section 4 and only to the extent strictly necessary to provide the Service.

5. How We Use Your Information

Arthur Labs uses the information it collects for the following limited purposes only: (a) to deliver your completed PDF tax report and scan status notifications to your email address; (b) to process and analyze blockchain transaction data associated with the wallet addresses you provide and generate the resulting report; (c) to respond to your support inquiries and resolve any technical issues you report; (d) to verify payment of the applicable service fee on the blockchain; and (e) to aggregate anonymized traffic data to understand general usage patterns and measure marketing campaign performance.

Arthur Labs will not use your information for any purpose other than those listed above without your prior consent. Specifically, Arthur Labs will not use your email address for marketing communications, will not build a user profile from your transaction history, will not use your wallet address to monitor or track your on-chain activity after report generation, and will not combine your information with data obtained from other sources to create a more complete picture of your financial activity.

6. Data Retention & Deletion

Arthur Labs retains personal information only for as long as necessary to fulfill the specific purpose for which it was collected. The following retention practices apply:

Your email address is retained only until your report has been successfully delivered. It is not stored in any database maintained by Arthur Labs and is not retained for future communications without your separate consent.

Your wallet addresses and all associated transaction data are processed entirely in ephemeral server memory (RAM). They are never written to disk, to a database, or to any other form of persistent storage. They are automatically discarded when the processing session ends or the server process handling your request terminates, whichever occurs first.

Support communications are retained only in the email thread through which they are exchanged and are not transferred to any centralized database.

Because Arthur Labs does not maintain a central database of user records, formal data deletion requests are, in most cases, already satisfied by design. If you believe Arthur Labs has retained personal information about you and you would like it deleted, please contact support@arthurlabs.net and we will confirm what, if anything, is retained and take appropriate steps to delete it.

7. Payment Processing

Arthur Labs accepts payments exclusively in Ether (ETH) transmitted directly on the Ethereum blockchain. We do not accept, process, or store credit card numbers, bank account information, PayPal credentials, or any other form of traditional financial account data. When you make a payment, you transmit ETH directly from your personal wallet to a designated payment address using your own wallet software. This transaction occurs entirely on the public Ethereum blockchain and no financial account data passes through or is stored by Arthur Labs’ servers. Arthur Labs verifies payment by monitoring the public blockchain for a confirmed on-chain transaction of the specified amount to the specified address.

Because blockchain transactions are public and permanent, your payment wallet address and transaction amount are visible on the Ethereum blockchain to anyone who queries it. Arthur Labs cannot alter, conceal, or delete blockchain records.

8. Children's Privacy

The Service is not directed to, and Arthur Labs does not knowingly collect personal information from, any person under the age of nineteen (19). The minimum age to use the Service is nineteen (19) years, consistent with the age of majority in Nebraska as established by Nebraska Revised Statutes §43-2101. If you are under 19, you are not permitted to use the Service or submit any personal information. If Arthur Labs becomes aware that it has inadvertently collected personal information from a person under the age of 19, it will take prompt steps to delete that information. If you are a parent or guardian and believe your child under the age of 19 has provided personal information to Arthur Labs, please contact us at support@arthurlabs.net.

9. Legal Basis for Processing

Arthur Labs processes your personal information under the following legal bases, which may vary depending on the applicable jurisdiction:

Consent. You voluntarily provide your email address and wallet addresses by using the Service. You may withdraw consent at any time, though withdrawal will not affect the lawfulness of processing already completed.

Performance of a contract. Processing your email address and wallet addresses is necessary to fulfill our contractual obligation to deliver the service you have paid for, as described in our Terms of Service.

Legitimate interests. We have a legitimate interest in using aggregated, anonymized analytics data to understand how the Service is used and to maintain and improve it, provided that this interest is not overridden by your privacy interests or fundamental rights. No individually identifiable data is processed for this purpose.

10. Security Measures

Arthur Labs implements commercially reasonable technical and organizational security measures to protect the information it processes against unauthorized access, disclosure, alteration, or destruction. These measures include: transmission of all data over encrypted HTTPS connections using industry-standard TLS protocols; ephemeral-only server-side processing with no persistent database storage of personal data; no user authentication credentials stored by the Service (no login accounts exist); and access controls limiting Service infrastructure access to authorized personnel only.

Notwithstanding the above, no data transmission over the internet or electronic storage system can be guaranteed to be completely secure. Arthur Labs cannot guarantee the absolute security of information processed through the Service. You acknowledge and accept this inherent risk. Additionally, because blockchain transaction data is public by design, Arthur Labs has no ability to protect or restrict access to on-chain records associated with your wallet address.

11. California Residents — CCPA & CPRA Rights

This Section 11 applies to residents of the State of California and supplements the disclosures in the rest of this Privacy Policy. It is provided in compliance with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA).

11.1 Categories of Personal Information Collected

In the twelve (12) months preceding the effective date of this Policy, Arthur Labs has collected the following categories of personal information from California residents who used the Service:

Identifiers — specifically, email addresses provided voluntarily for report delivery. These are collected directly from you, retained only until delivery is complete, and not shared with third parties except our email service provider for the purpose of sending your report.

Internet or other electronic network activity information — specifically, aggregate and anonymized page-view data collected through Vercel Analytics. This information cannot be used to identify individual California residents and is not linked to any other category of personal information collected.

Arthur Labs does not collect Social Security numbers, financial account data, government-issued identification numbers, precise geolocation data, biometric data, health information, racial or ethnic origin, or any other category of sensitive personal information as defined by the CPRA.

11.2 Purposes for Collection

Personal information collected from California residents is used solely for the purposes described in Section 5 of this Policy: to deliver the Service, to respond to support inquiries, and to analyze aggregate traffic data. Personal information is not used for any other purpose, including targeted advertising or the construction of consumer profiles for commercial sale.

11.3 No Sale or Sharing of Personal Information

Arthur Labs does not sell personal information. Arthur Labs does not share personal information with third parties for cross-context behavioral advertising purposes. As a result, Arthur Labs does not offer a “Do Not Sell or Share My Personal Information” opt-out mechanism because such a mechanism is not required where a business does not engage in these practices.

11.4 Your Rights as a California Resident

As a California resident, you have the following rights with respect to your personal information, subject to certain exceptions and limitations under applicable law:

Right to Know. You have the right to request that Arthur Labs disclose the categories and specific pieces of personal information it has collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom it is shared. Because Arthur Labs retains almost no personal information, most requests will result in a disclosure that there is no personal information on file.

Right to Delete. You have the right to request deletion of personal information Arthur Labs has collected about you, subject to certain exceptions. Because Arthur Labs does not maintain a central database of user records, most user information is already deleted by operation of our retention architecture before any deletion request could be submitted.

Right to Correct. You have the right to request correction of inaccurate personal information that Arthur Labs maintains about you.

Right to Opt Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. Arthur Labs does not sell or share personal information; therefore, this right is already satisfied.

Right to Non-Discrimination. Arthur Labs will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you a different price, or provide a different level of quality of services because you have exercised your rights under the CCPA/CPRA.

11.5 How to Submit a Request

To submit a request to know, delete, or correct personal information, or to ask questions about your California privacy rights, please email support@arthurlabs.net with the subject line “California Privacy Rights Request.” Arthur Labs will respond to verifiable requests within forty-five (45) days, unless an extension is required and you are notified accordingly. We may need to verify your identity before fulfilling your request.

12. European Union Residents — GDPR

The Service is primarily intended for United States taxpayers and is not specifically directed at residents of the European Economic Area (EEA), the United Kingdom, or Switzerland. If you are located in the EEA, United Kingdom, or Switzerland and you choose to use the Service, you may have certain rights under the General Data Protection Regulation (GDPR) or applicable national implementing legislation.

To the extent GDPR applies to Arthur Labs’ processing of your personal data, you have the following rights: the right to access your personal data; the right to rectification of inaccurate personal data; the right to erasure (“right to be forgotten”); the right to restriction of processing; the right to data portability; the right to object to processing; and the right to lodge a complaint with a supervisory authority. Because Arthur Labs retains virtually no personal data in persistent form, most of these rights are satisfied by the architecture of the Service. To exercise any of these rights or to ask questions about GDPR applicability to your situation, contact support@arthurlabs.net.

The legal bases on which Arthur Labs processes personal data of EEA residents are: (a) the necessity of processing for the performance of a contract you have entered into (Article 6(1)(b) GDPR); (b) our legitimate interests in operating, maintaining, and improving the Service through aggregate analytics (Article 6(1)(f) GDPR); and (c) your consent, where applicable.

13. Sanctions & Export Compliance

Arthur Labs does not knowingly collect or process personal information from individuals located in countries or territories subject to comprehensive U.S. sanctions administered by the Office of Foreign Assets Control (OFAC), including but not limited to Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine. If Arthur Labs determines that a user is located in a comprehensively sanctioned jurisdiction, it will take appropriate steps to terminate the user’s access to the Service and will not process or retain any personal information submitted in connection with that access.

14. Changes to This Policy

Arthur Labs may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Policy, we will update the “Last Updated” date at the top of this page and post a notice on the website for at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the updated practices. We encourage you to review this Policy periodically.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or Arthur Labs’ data practices, please contact us at:

Any privacy dispute or complaint shall be governed by and construed under the laws of the State of Wyoming, with jurisdiction and venue in Douglas County, Nebraska, consistent with the Dispute Resolution provisions of our Terms of Service.