The following third-party services are contacted when you use tobcalc:
- [Yahoo Finance](https://finance.yahoo.com) to determine the type of security in a transaction based on the ISIN. Contacted through a proxy server to avoid CORS issues, also stripped of any unnecessary data.
- [JustETF](https://www.justetf.com) to determine the type of ETF (accumulating or distributing) based on the ISIN. Contacted through a proxy server to avoid CORS issues, also stripped of any unnecessary data.
- [European Central Bank](https://www.ecb.europa.eu) to get the exchange rate for a given currency. Contacted through a proxy server to avoid CORS issues, also stripped of any unnecessary data.
- [Simple Analytics](https://simpleanalytics.com) for analytics.

The processing of transaction history files as well as PDF generation is done in the browser. Certain text inputs such as your name, address and so on is saved in the browser so you don't have to re-enter those details every time you visit the site. Your national registration number (rijksregisternummer) is _not_ saved in local storage just to be extra safe in the case that a script in the site might be compromised and data could be leaked.

When you upload a transaction history file, the file is processed in the browser. The file is not sent to any server.

In terms of analytics, tobcalc uses [Simple Analytics](https://simpleanalytics.com). Simple Analytics uses a number of different factors to determine if a website visit is unique or not. To keep it short, they do _not_ use your IP address, but they do use (and sometimes store) things such as your user agent, the timestamp of requests, the referrer and so on. See how they do it in more detail here: https://docs.simpleanalytics.com/what-we-collect. On top of that, when you click on the "Download PDF" button, a request is made to Simple Analytics to count this event. No other information is sent, literally just the fact that the button was clicked.

Lastly, the website is hosted on Netlify and served by Cloudflare.