Why does it matter where your crypto taxes are calculated?

Your transaction history reveals your net worth. On someone else's server, it's a target. On your machine, it doesn't exist to attackers.

Breaches are not hypothetical

Cloud crypto tax platforms store your complete financial history on their servers. When those servers are compromised, attackers learn exactly what you own and what you've traded.

December 2022

CoinTracker — 1.5 million users exposed

Names and email addresses of 1.5 million users leaked via a third-party analytics service breach. Listed on Have I Been Pwned.

November 2025

CoinTracker — transaction summaries exported

A second breach via Mixpanel analytics exposed transaction-level summaries. Attackers now knew what users traded and how much.

December 2025

Koinly — user emails leaked

User email addresses leaked via the same Mixpanel analytics breach. The number of affected users was never disclosed.

January 2026

Waltio (France) — 50,000 users' financial data stolen

Profit/loss data and asset balances stolen. France saw 19 crypto-related kidnappings in 2025 alone — breached crypto financial data has real-world physical consequences.

2025–2026

French tax office employee — data sold to criminals

A government employee sold crypto investors' home addresses and financial data to criminal networks. The data was used to identify and target high-value individuals.

PrivateACB eliminates every one of these vectors. There is no server to breach. No analytics service to compromise. No employee with access to your data. Your financial data exists in one place: your encrypted database, on your machine.

2025 changed everything

New IRS and CRA rules mean crypto tax software isn't optional anymore — and what your software does with your data matters more than ever.

2025

IRS: Per-account cost basis

Treasury Decision 10000 requires cost basis tracking per wallet and per account. The universal pooling method is no longer permitted. If you transferred crypto between exchanges, your 1099-DA may show $0 cost basis — making the IRS think your entire sale is profit.

2025

IRS: 1099-DA reporting begins

Exchanges must file Form 1099-DA reporting gross proceeds. In 2026, they must also report cost basis. Millions of taxpayers will receive inflated tax bills unless they calculate their own cost basis with supporting documentation.

2026

Canada: CARF automatic reporting

The Crypto-Asset Reporting Framework requires Canadian exchanges to automatically report user data to the CRA. First filings due 2027. Your transaction history becomes government-visible whether you file or not.

These rules create an urgent need for software that calculates correct cost basis. But that software will also process your most sensitive financial data. The question is: who else gets to see it?

The privacy-compliance gap

Most crypto tax tools fall into one of two categories. Neither solves the whole problem.

Cloud platforms

Compliant

Generally support the latest IRS and CRA rules, including per-account tracking and 1099-DA categorization.

Not private

Your complete transaction history is stored on their servers. You create an account, upload your trades, and trust that their security holds. As the breach timeline above shows, that trust has been broken repeatedly.

Open-source tools

Private

Run locally on your machine. No account, no upload, no server. Your data stays with you.

Not compliant

Most open-source crypto tax calculators have not implemented the 2025 IRS per-account basis rules (T.D. 10000). Some explicitly warn users not to rely on them for 2025+ US tax filing. Privacy-conscious users who need regulatory compliance have nowhere to go.

PrivateACB bridges the gap

Local-only privacy — no server, no account, no upload. Full 2025+ regulatory compliance — per-account basis tracking (T.D. 10000), 1099-DA categorization, Rev. Proc. 2024-28 safe harbor, CRA superficial loss with proration. Your data never leaves your machine, and your tax calculations meet the latest IRS and CRA requirements.

What stays local. What crosses the network.

PrivateACB is a desktop application. Here's exactly what happens with your data.

Stays on your machine

  • Your CSV import files
  • Every transaction record
  • All cost basis calculations
  • Capital gains and losses
  • Tax lot inventory
  • Generated reports (PDF, CSV)
  • Your encrypted database
  • API keys (encrypted via Windows DPAPI)

Crosses the network

  • Exchange rate requests (Bank of Canada, FRED)
  • Asset price requests (CoinGecko)
  • License validation (one-time check)

Only public market data is fetched. Your trades, balances, and identity are never transmitted.

We never have

  • Your name or email (no account exists)
  • Your transaction history
  • Your gains, losses, or tax liability
  • Your exchange accounts or API keys
  • Your database password

We can't be subpoenaed for data we don't have. We can't leak what we never collected.

Even "secure" servers can be compelled

Security isn't just about hackers. Governments have legal tools to access data stored on third-party servers — without naming you specifically.

John Doe summonses

The IRS has used John Doe summonses to obtain bulk user data from Coinbase (13,000 accounts), Kraken, Circle, and Poloniex — without naming specific taxpayers. The Supreme Court upheld this practice.

Government software partnerships

Some crypto tax platforms have direct contracts with the IRS to provide data analysis and tax calculation support. When your tax software is also the government's tax software, the line between "your tool" and "their tool" gets blurry.

PrivateACB can't be compelled

There is no server to subpoena. There is no user database to query. There are no analytics logs to hand over. Your data exists in exactly one place — your machine, encrypted with your password.

Private and compliant. 30 days free.

Download Trial Security Details