- The Neurobro Web non‑custodial trading interface at https://neurodex.ai (the “Platform”)
- The Neurobro Mobile App for iOS (available on the Apple App Store) and Android (available on Google Play), including NeuroWallet, its self-custodial embedded wallet and spot-trading feature
- The Neurobro AI Agent on Telegram
- The Neurobro Landing Page and Website at https://neurobro.ai
- The Neurobro AI Agent on Base app at https://base.app/profile/oxneurobro
- Any related APIs, widgets, or deep-links
1. Summary
- We collect only the technical data required to operate our services: wallet addresses, IP‑derived region, server logs, anonymized/aggregated analytics and performance data.
- We use Google Analytics together with Matomo — a self-hosted, open-source analytics tool we run on our own infrastructure — and Sentry for error and performance monitoring, to improve our services and reliability. Matomo analytics data is not shared with a third-party analytics provider.
- For AI Agent services, we collect authentication information and chat history to enable communication.
- We collect IP addresses for analytics, product improvement, and geo-compliance purposes.
- Subscription payments are processed by Stripe (web) and Apple/Google (mobile). We do not store full payment-card numbers.
- We use Neurobro Pass for authentication with social logins, Telegram, Web3 wallets, and mini-apps, and use JWT tokens for session authentication across our services.
- When you use the Portfolio Tracking feature of the Neurobro Mobile App, we collect the exchange API credentials you provide (read-only keys, encrypted at rest) and portfolio and financial data from your connected exchange accounts, including balances, trade, order and transfer history, open positions and profit/loss, and net-worth history over time.
- When you use the on-chain portfolio feature, we collect the public blockchain wallet addresses you enter.
- When you use NeuroWallet, we collect your embedded-wallet identifier and public wallet addresses (Solana and Base) and store a record of the trades and withdrawals you initiate; the wallet is self-custodial and we never hold or have access to your private keys or seed phrase. Trades are routed through a third-party provider (Relay) and priced using a third-party market-data provider (Codex), and your wallet is created and secured by Privy.
- When you use AI-assisted portfolio features, some of your portfolio data may be transmitted to third-party AI/LLM providers solely to generate the response or insight you requested.
2. What We Collect
Wallet address you connect
Wallet address you connect
Lawful Basis: Contract (you request a swap)
IP address and derived country/region
IP address and derived country/region
Geolocation data (country-level)
Geolocation data (country-level)
- Cloudflare IP geolocation: Your country is determined from your IP address by our CDN provider (Cloudflare) and sent to our servers as a request header. This is country-level only — no precise GPS, city, or street-level location is collected.
- App Store / Play Store region (mobile only): The country associated with your device’s app store, derived from your device locale settings and sent by the mobile app.
- Browser timezone and language (web only): Your browser’s timezone (e.g., “Europe/Berlin”) and language preference (e.g., “de-DE”), used to corroborate country-level data.
- Determine eligibility for region-specific promotional offers from third-party exchanges (affiliate programs)
- Comply with regional regulations that restrict certain services or content by jurisdiction
- Personalize content and default settings (e.g., relevant trading pairs, localized information)
Server logs
Server logs
Lawful Basis: Legitimate interestIncludes: timestamp, endpoint, error codes
Analytics data
Analytics data
Lawful Basis: Legitimate interest (with user consent where required)Services Used: Google Analytics (third-party processor) and Matomo (self-hosted, in-house — analytics data stays on our own infrastructure and is not shared with a third-party analytics provider)
Includes: page views, user interactions, device/browser information, usage patterns (stored in anonymized/aggregated form where possible). This data is used only for telemetry and product improvement.
Error tracking & performance monitoring (Sentry)
Error tracking & performance monitoring (Sentry)
Lawful Basis: Legitimate interestService Used: Sentry
Includes: error stack traces, timestamps, basic device/browser metadata, and page/application context. We do not intentionally collect message content, private keys, or wallet seed phrases.
Authentication information (Neurobro Pass)
Authentication information (Neurobro Pass)
Subscription and payment data
Subscription and payment data
Notification preferences
Notification preferences
Lawful Basis: Consent / Contract (service requested)Includes: delivery channel and preferences (e.g., Telegram/X/Email/Push). You can manage preferences at any time in your account settings (e.g., at https://neurodex.ai or within the Neurobro Mobile App).
Chat history
Chat history
Lawful Basis: Contract (you request AI Agent services)Includes: messages exchanged with AI Agent, conversation context
TikTok account data (internal use)
TikTok account data (internal use)
Alpha Profile & personalization data
Alpha Profile & personalization data
Lawful Basis: Consent (optional data you provide)Includes: trading goals, crypto experience level, life stage, strategy style, discovery breadth, decision speed, custom instructions for the AI Agent.Visibility: Not publicly available and not visible to other users. We DO NOT sell this data or use it for advertising.Deletion: You can remove this data anytime in your settings (e.g., by clicking “Delete” or clearing your Alpha Profile). When deleted, it is permanently erased from our systems with no internal backups or archived copies retained.
Exchange API credentials (read-only)
Exchange API credentials (read-only)
Exchange account & portfolio data
Exchange account & portfolio data
- Balances and holdings;
- Trades and orders;
- Deposits and withdrawals, including destination wallet addresses and on-chain transaction identifiers;
- Ledger entries, such as funding, interest, staking and earn rewards, transfers, and conversions;
- Open derivatives positions and realized and unrealized profit/loss (PnL).
Net-worth history
Net-worth history
On-chain wallet portfolios
On-chain wallet portfolios
NeuroWallet embedded-wallet data
NeuroWallet embedded-wallet data
NeuroWallet trade & withdrawal activity
NeuroWallet trade & withdrawal activity
NeuroWallet portfolio snapshots
NeuroWallet portfolio snapshots
3. How We Use the Data
Service Provision
Portfolio Tracking
NeuroWallet
AI-Assisted Portfolio Features
Compliance
Security
Analytics & Improvement
Regional Personalization & Affiliate Offers
4. Data Retention
Wallet & swap logs
IP‑level server logs
Chat history
Analytics data
Subscription & billing data
Geolocation data
Exchange API credentials
Exchange/portfolio data
Net-worth snapshots
On-chain wallet data
NeuroWallet data
5. Your Rights (EU/EEA & UK GDPR)
If you are in the EU/EEA or UK, you have the right to:Access
Access
Rectify
Rectify
Erase
Erase
Restrict or Object
Restrict or Object
Data Portability
Data Portability
6. Third Parties and Sub-Processors
We share data with the third parties below so we can operate our services. Each acts either as an independent data controller or as a processor/sub-processor on our behalf, as indicated.Supported cryptocurrency exchanges
Supported cryptocurrency exchanges
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Alchemy
Alchemy
Privy (NeuroWallet embedded wallet & authentication)
Privy (NeuroWallet embedded wallet & authentication)
Relay (trade routing & execution)
Relay (trade routing & execution)
Codex (market & token data)
Codex (market & token data)
CoinGecko
CoinGecko
LLM / AI providers
LLM / AI providers
Analytics, monitoring & payments
Analytics, monitoring & payments
7. AI-Assisted Features and LLM Providers
When you use AI-assisted portfolio features, relevant portfolio data — such as balances, positions, and history — may be transmitted as context to third-party large language model (LLM) providers solely to generate the response or insight you requested. LLM providers may include OpenAI, Anthropic, Google, Groq, xAI, and DeepSeek, among others. The specific provider used to handle a given request may vary depending on your subscription tier and our backend systems, and the set of providers we use may change over time. We transmit only the data needed to fulfill your request. Each provider processes the data it receives under its own terms and privacy policy.8. Marketing, Authentication & Notifications
When you sign in using Neurobro Pass (e.g., Google, Apple, Email, Telegram, Web3 wallets, or mini-apps), we facilitate authentication directly. For marketing emails, we collect your verified email address during sign-up or through opt-in forms.What We Collect
We collect your verified email address (for newsletters), and may store the login method used (Google, Apple, Telegram, Web3 wallet, or mini-app via Neurobro Pass) to operate authentication. Notification preferences (channels and topics) may be stored to deliver opt‑in alerts.Why We Collect It
We use your email address solely for non‑transactional communications:- Weekly product‑update newsletters
- Feature announcements
- Curated market recaps and relevant content
Legal Grounds for Processing
European Economic Area & UK: Your explicit consent (GDPR Art. 6(1)(a)). Marketing consent is optional and not required to use Neurobro Web. Canada: Implied or express consent under CASL with business address and unsubscribe mechanism in every message. United States: CAN‑SPAM Act compliance with clear promotional identification and opt‑out links. California (CCPA/CPRA): We do not “sell” or “share” your personal information for cross‑context behavioural advertising.Communication Frequency
By default, we send at most one newsletter per week. Material changes to frequency will be communicated and may require fresh consent.How to Unsubscribe
You can opt out at any time by either:- Clicking the unsubscribe link in any marketing email
- Toggling preference checkbox in emails
- Emailing us at info@neurobro.ai
Retention & Deletion
We retain your email for marketing only until you withdraw consent. After withdrawal, it’s added to a suppression list to prevent future marketing messages.Third‑Party Processing
Stripe, Apple, and Google act as payment processors for subscription billing. Google Analytics and Sentry act as processors for analytics/monitoring; Matomo is self-hosted by us and is not a third-party processor. For Portfolio Tracking, AWS provides infrastructure, key management, and email; Alchemy provides on-chain data; CoinGecko provides public market prices; and the LLM providers listed in the AI-Assisted Features section process portfolio data for AI-assisted features. For NeuroWallet, Privy (United States) provides the embedded wallet and authentication, Relay (United States) provides trade routing and execution, and Codex (Canada) provides market and token data. Their processing is governed by their respective terms and data protection addenda. Because of this, your data may be processed in multiple jurisdictions, including the European Union, the United States, Canada, Singapore, and other countries, and — where you use AI-assisted features — in China. Where data is transferred outside the EEA, the UK, or your country of residence, we rely on Standard Contractual Clauses or other appropriate safeguards where applicable. The supported cryptocurrency exchanges act as independent data controllers and process your data under their own policies and in their own jurisdictions.9. Cookies and Similar Technologies
We use cookies, local storage, and SDKs:- Essential (no consent required): authentication/session security, fraud prevention, sanctions screening, basic preferences
- Analytics (consent where required): Google Analytics, Matomo (self-hosted)
- Performance/Monitoring (consent where required): Sentry
Your Rights
Depending on your residence, you have rights including access, rectification, erasure, restriction, portability, and objection to direct marketing. Exercise them via info@neurobro.ai.10. Security
We use:- Encrypted transport (TLS 1.3)
- JWT tokens for secure authentication
- Least‑privilege keys
- Segregated production networks
- Encryption at rest for exchange API credentials
11. Changes to this Policy
We may update this Policy. Important changes will be posted on our services and take effect 7 days after posting unless a shorter period is required by law.12. Contact
Phone
Version History
v0.9 - July 07, 2026
v0.9 - July 07, 2026
v0.8 - May 22, 2026
v0.8 - May 22, 2026
v0.7 - May 19, 2026
v0.7 - May 19, 2026
v0.6 - Mar 20, 2026
v0.6 - Mar 20, 2026
v0.5 - Mar 13, 2026
v0.5 - Mar 13, 2026
v0.4 - Nov 06, 2025
v0.4 - Nov 06, 2025
v0.3 - July 27, 2025
v0.3 - July 27, 2025
v0.2 - July 09, 2025
v0.2 - July 09, 2025
v0.1 - June 06, 2025
v0.1 - June 06, 2025