Skip to main content

Documentation Index

Fetch the complete documentation index at: https://whitepaper.neurobro.ai/llms.txt

Use this file to discover all available pages before exploring further.

Effective Date: May 22, 2026This Privacy Policy explains how Neuro Foundation LLC (“we”, “our”, “Operator”) collects, uses, shares and stores information when you use our services, including:

1. Summary

  • We collect only the technical data required to operate our services: wallet addresses, IP‑derived region, server logs, anonymized/aggregated analytics and performance data.
  • We use Google Analytics together with Matomo — a self-hosted, open-source analytics tool we run on our own infrastructure — and Sentry for error and performance monitoring, to improve our services and reliability. Matomo analytics data is not shared with a third-party analytics provider.
  • For AI Agent services, we collect authentication information and chat history to enable communication.
  • We collect IP addresses for analytics, product improvement, and geo-compliance purposes.
  • Subscription payments are processed by Stripe (web) and Apple/Google (mobile). We do not store full payment-card numbers.
  • We use Neurobro Pass for authentication with social logins, Telegram, Web3 wallets, and mini-apps, and use JWT tokens for session authentication across our services.
  • When you use the Portfolio Tracking feature of the Neurobro Mobile App, we collect the exchange API credentials you provide (read-only keys, encrypted at rest) and portfolio and financial data from your connected exchange accounts, including balances, trade, order and transfer history, open positions and profit/loss, and net-worth history over time.
  • When you use the on-chain portfolio feature, we collect the public blockchain wallet addresses you enter.
  • When you use AI-assisted portfolio features, some of your portfolio data may be transmitted to third-party AI/LLM providers solely to generate the response or insight you requested.

2. What We Collect

Purpose: Route your transaction and provide non‑custodial services (no platform fees)
Lawful Basis: Contract (you request a swap)
Purpose: Enforce geo‑blocks & sanctions policy; analytics and product improvement Lawful Basis: Legal obligation (OFAC/UN sanctions); Legitimate interest (prevent abuse, analyze usage patterns, improve services)We collect IP addresses to enforce geo-restrictions and sanctions compliance. We also use IP-derived data (country, region) in aggregated analytics dashboards to understand user distribution, measure product adoption, and guide product decisions. IP addresses used for analytics are not linked to individual user accounts.
Purpose: Regional compliance, content personalization, and affiliate offer eligibility Lawful Basis: Legitimate interest (compliance with regional regulations, service personalization)We collect country-level geolocation data from the following sources:
  • Cloudflare IP geolocation: Your country is determined from your IP address by our CDN provider (Cloudflare) and sent to our servers as a request header. This is country-level only — no precise GPS, city, or street-level location is collected.
  • App Store / Play Store region (mobile only): The country associated with your device’s app store, derived from your device locale settings and sent by the mobile app.
  • Browser timezone and language (web only): Your browser’s timezone (e.g., “Europe/Berlin”) and language preference (e.g., “de-DE”), used to corroborate country-level data.
This data is stored on your user profile and updated when you log in or refresh your session. It is used to:
  • Determine eligibility for region-specific promotional offers from third-party exchanges (affiliate programs)
  • Comply with regional regulations that restrict certain services or content by jurisdiction
  • Personalize content and default settings (e.g., relevant trading pairs, localized information)
We do not collect precise geolocation (GPS coordinates, city, or street address). You cannot manually override your detected country at this time.
Purpose: Debug and ensure security
Lawful Basis: Legitimate interestIncludes: timestamp, endpoint, error codes
Purpose: Improve user experience and service performance
Lawful Basis: Legitimate interest (with user consent where required)Services Used: Google Analytics (third-party processor) and Matomo (self-hosted, in-house — analytics data stays on our own infrastructure and is not shared with a third-party analytics provider)
Includes: page views, user interactions, device/browser information, usage patterns (stored in anonymized/aggregated form where possible). This data is used only for telemetry and product improvement.
Purpose: Detect, reproduce, and fix errors; monitor app performance
Lawful Basis: Legitimate interestService Used: Sentry
Includes: error stack traces, timestamps, basic device/browser metadata, and page/application context. We do not intentionally collect message content, private keys, or wallet seed phrases.
Purpose: Provide AI Agent services and maintain user sessions Lawful Basis: Contract (you request our services)Includes: JWT tokens, user identifiers, session data, and the login method used (e.g., Google, Apple, Email, Telegram, Web3 wallet, or mini-app via Neurobro Pass). We remain fully non‑custodial and never have access to your private keys or seed phrases.
Purpose: Process subscription payments and manage billing Lawful Basis: Contract (you purchase a subscription)Web subscriptions are processed by Stripe. Mobile subscriptions are processed by the Apple App Store or Google Play Store. These processors handle payment-card details directly; we do not store full card numbers. We receive and store: subscription tier, billing status, payment method type, transaction identifiers, and renewal dates.
Purpose: Deliver opt‑in notifications through connected channels
Lawful Basis: Consent / Contract (service requested)Includes: delivery channel and preferences (e.g., Telegram/X/Email/Push). You can manage preferences at any time in your account settings (e.g., at https://neurodex.ai or within the Neurobro Mobile App).
Purpose: Enable AI Agent communication and improve responses
Lawful Basis: Contract (you request AI Agent services)Includes: messages exchanged with AI Agent, conversation context
Purpose: Enable automated content publishing and performance analytics for Neurobro’s internal marketing operations Lawful Basis: Legitimate interest (internal business operations)Our content creators use an internal marketing platform (Neurobro) that connects to TikTok via OAuth for automated content publishing and analytics. This data is collected only from our team members’ TikTok accounts, not from end users.Includes: TikTok profile information (username, avatar, follower count), encrypted OAuth access tokens, and content performance metrics (views, likes, comments, shares).Creators can disconnect their TikTok account at any time, which permanently removes all stored tokens and associated data.
Purpose: Personalize Neurobro’s responses within Neurodex and related mini apps
Lawful Basis: Consent (optional data you provide)Includes: trading goals, crypto experience level, life stage, strategy style, discovery breadth, decision speed, custom instructions for the AI Agent.Visibility: Not publicly available and not visible to other users. We DO NOT sell this data or use it for advertising.Deletion: You can remove this data anytime in your settings (e.g., by clicking “Delete” or clearing your Alpha Profile). When deleted, it is permanently erased from our systems with no internal backups or archived copies retained.
Purpose: Connect the third-party cryptocurrency exchange accounts you choose to link so we can provide the Portfolio Tracking feature of the Neurobro Mobile App Lawful Basis: Contract (you request Portfolio Tracking)When you connect an exchange through Portfolio Tracking, you provide the API credentials issued to you by that exchange. These are read-only exchange API keys (distinct from NeuroAPI or any other Neurobro API): they allow us to retrieve and display your account information but do not allow trading, order placement, withdrawals, or transfers. Through these exchange connections we cannot trade, withdraw, or otherwise move funds on any connected exchange. Credentials are encrypted at rest and used only to make authenticated read-only requests to the exchange on your behalf. Portfolio Tracking is a feature of the Mobile App only and is separate from the Neurodex non-custodial swap interface.
Purpose: Display your balances, history, positions, and net worth within the Portfolio Tracking feature Lawful Basis: Contract (you request Portfolio Tracking)When you connect an exchange, we retrieve and store account and portfolio data from that exchange, which may include:
  • Balances and holdings;
  • Trades and orders;
  • Deposits and withdrawals, including destination wallet addresses and on-chain transaction identifiers;
  • Ledger entries, such as funding, interest, staking and earn rewards, transfers, and conversions;
  • Open derivatives positions and realized and unrealized profit/loss (PnL).
On first connection, we import the historical activity available to us from the connected exchange in order to build your portfolio history. The categories of data available differ by exchange — some connected exchanges provide spot-only data and do not expose derivatives or earn/staking data.
Purpose: Show how your total portfolio value changes over time within Portfolio Tracking Lawful Basis: Contract (you request Portfolio Tracking) / Legitimate interest (providing portfolio history and trend features)Includes: periodic snapshots of the total value of your connected portfolios, recorded over time so the App can display your net-worth history.
Purpose: Display token balances for public blockchain wallet addresses you choose to track Lawful Basis: Contract (you request the on-chain portfolio feature)Includes: the public blockchain wallet addresses you enter for the on-chain portfolio feature, together with cached on-chain token-balance data retrieved for those addresses.
Exchange and portfolio data is sensitive personal financial data. In addition, on-chain identifiers such as wallet addresses and transaction IDs are recorded on public blockchains and are publicly visible and traceable by anyone; we cannot remove or alter data on a public blockchain.
Cookies/local storage and SDKs are used for essential functionality (auth/session) and, with consent where required, for analytics and performance monitoring (Google Analytics, Matomo, Sentry). You can manage non‑essential cookies in the cookie banner and adjust preferences in your account settings.

3. How We Use the Data

Service Provision

To provide our services - build and relay your swap transactions, enable AI Agent communication, and maintain user sessions.

Portfolio Tracking

To provide the Portfolio Tracking feature of the Neurobro Mobile App - connect your chosen exchange accounts using read-only exchange API keys, retrieve and display your balances, trade and transfer history, positions, and net worth, and track your on-chain wallet portfolios.

AI-Assisted Portfolio Features

To provide AI-assisted portfolio features - process relevant portfolio data, including via third-party LLM providers, solely to generate the insights, summaries, or answers you request. See the AI-Assisted Features & LLM Providers section below.

Compliance

To comply with sanctions laws - screen wallet addresses against OFAC, UN, EU, and other global sanctions lists.

Security

To secure our services - detect DDOS or abuse, maintain authentication security, and monitor application errors and performance (via Sentry).

Analytics & Improvement

To analyze usage patterns and improve our services using Google Analytics, our self-hosted Matomo analytics, and Sentry (error/performance telemetry).

Regional Personalization & Affiliate Offers

To determine your eligibility for region-specific promotional offers from third-party cryptocurrency exchanges. We may earn a commission when you sign up for or use a third-party service through a link or offer displayed in our Services. Offer availability is determined by your detected country to comply with regional regulations and exchange-specific restrictions.
We do not sell or share your data with advertisers. We may share hashed logs with regulators or auditors if legally compelled. Google Analytics data is processed according to Google’s privacy policy; Matomo is self-hosted, so Matomo analytics data is not shared with a third-party analytics provider.

4. Data Retention

Wallet & swap logs

12 months then deleted/aggregated

IP‑level server logs

30 days unless required for security investigation

Chat history

Until user requests deletion

Analytics data

Google Analytics and Sentry: per their retention policies. Matomo (self-hosted): per our own retention configuration

Subscription & billing data

Duration of subscription plus 24 months for accounting/tax compliance

Geolocation data

Stored on user profile for the duration of the account; deleted upon account deletion

Exchange API credentials

Until you disconnect the exchange or delete your account

Exchange/portfolio data

Balances, trades, orders, transfers, ledger entries, and positions: until you disconnect the exchange or delete your account

Net-worth snapshots

Retained for the life of your account; deleted on account deletion

On-chain wallet data

Until you remove the wallet or delete your account
JWT tokens expire according to session settings.

5. Your Rights (EU/EEA & UK GDPR)

If you are in the EU/EEA or UK, you have the right to:
Request a copy of data we hold about you.
Correct inaccurate data.
Request deletion where we no longer have a legal ground. For detailed instructions on how to delete your account and associated data, see our Account Deletion page.For Portfolio Tracking: disconnecting an exchange permanently deletes that exchange’s data from our systems, including the API credentials, balances, trades, orders, transfers, ledger entries, and positions associated with that connection. Deleting your account deletes all connected-exchange and portfolio data, including net-worth history and on-chain wallet data.
Restrict or object to processing in certain cases.
Receive data in a machine‑readable format.
To exercise a right, email info@neurobro.ai. For wallet-related requests, include a signed message from the wallet you used. We may decline requests that would contravene sanctions screening. By using our services, you acknowledge that certain data (e.g., wallet address, IP-derived region, chat history) is processed for security, compliance, and service provision purposes, and you consent to this processing under applicable data protection laws.

6. Third Parties and Sub-Processors

We share data with the third parties below so we can operate our services. Each acts either as an independent data controller or as a processor/sub-processor on our behalf, as indicated.
When you use Portfolio Tracking, we make authenticated, read-only API requests to the exchange you connect, scoped to your account, in order to retrieve your portfolio data. Each supported exchange is an independent third party and independent data controller that processes your data under its own privacy policy and is not owned or controlled by us. The supported exchanges and their privacy policies are:
ExchangePrivacy Policy
Binancehttps://www.binance.com/en/about-legal/privacy-portal
OKXhttps://www.okx.com/help/privacy-policy-statement
Bybithttps://www.bybit.com/en/legal/policies-and-rules/privacy-policy
KuCoinhttps://www.kucoin.com/legal/privacy-policy
Indodaxhttps://help.indodax.com/hc/en-us/articles/19751527469721-Privacy-Notice
Tokocryptohttps://support.tokocrypto.com/hc/en-us/articles/21694168727565-Privacy-Policy
AWS provides our cloud infrastructure, including hosting and storage, key management used to encrypt exchange API credentials, and transactional email delivery. AWS acts as a processor on our behalf.
Alchemy is an on-chain data provider. When you use the on-chain portfolio feature, Alchemy receives the public blockchain wallet addresses you enter in order to return token-balance data for those addresses. Alchemy acts as a processor on our behalf.
CoinGecko provides public market-price data used to value portfolios. CoinGecko receives no user data; we only request public market prices.
When you use AI-assisted portfolio features, relevant portfolio data may be transmitted to third-party large language model (LLM) providers to generate the response you requested. See the AI-Assisted Features & LLM Providers section below.
We continue to use Google Analytics (analytics), Sentry (error and performance monitoring), and Stripe, the Apple App Store, and the Google Play Store (subscription payments). These parties process data as described elsewhere in this Policy and under their own terms. We also use Matomo for product analytics, which we self-host: Matomo analytics data stays on our own infrastructure and is not shared with a third-party analytics provider.

7. AI-Assisted Features and LLM Providers

When you use AI-assisted portfolio features, relevant portfolio data — such as balances, positions, and history — may be transmitted as context to third-party large language model (LLM) providers solely to generate the response or insight you requested. LLM providers may include OpenAI, Anthropic, Google, Groq, xAI, and DeepSeek, among others. The specific provider used to handle a given request may vary depending on your subscription tier and our backend systems, and the set of providers we use may change over time. We transmit only the data needed to fulfill your request. Each provider processes the data it receives under its own terms and privacy policy.
Some LLM providers operate outside the European Economic Area (EEA), the United Kingdom, and your country of residence, including in the United States and in China. Please review the international-transfers disclosure in Section 8 (Third‑Party Processing) below.

8. Marketing, Authentication & Notifications

When you sign in using Neurobro Pass (e.g., Google, Apple, Email, Telegram, Web3 wallets, or mini-apps), we facilitate authentication directly. For marketing emails, we collect your verified email address during sign-up or through opt-in forms.

What We Collect

We collect your verified email address (for newsletters), and may store the login method used (Google, Apple, Telegram, Web3 wallet, or mini-app via Neurobro Pass) to operate authentication. Notification preferences (channels and topics) may be stored to deliver opt‑in alerts.

Why We Collect It

We use your email address solely for non‑transactional communications:
  • Weekly product‑update newsletters
  • Feature announcements
  • Curated market recaps and relevant content
European Economic Area & UK: Your explicit consent (GDPR Art. 6(1)(a)). Marketing consent is optional and not required to use Neurodex.ai. Canada: Implied or express consent under CASL with business address and unsubscribe mechanism in every message. United States: CAN‑SPAM Act compliance with clear promotional identification and opt‑out links. California (CCPA/CPRA): We do not “sell” or “share” your personal information for cross‑context behavioural advertising.

Communication Frequency

By default, we send at most one newsletter per week. Material changes to frequency will be communicated and may require fresh consent.

How to Unsubscribe

You can opt out at any time by either:
  • Clicking the unsubscribe link in any marketing email
  • Toggling preference checkbox in emails
  • Emailing us at info@neurobro.ai
Withdrawal is immediate for new campaigns and processed within 72 hours for all lists.

Retention & Deletion

We retain your email for marketing only until you withdraw consent. After withdrawal, it’s added to a suppression list to prevent future marketing messages.

Third‑Party Processing

Stripe, Apple, and Google act as payment processors for subscription billing. Google Analytics and Sentry act as processors for analytics/monitoring; Matomo is self-hosted by us and is not a third-party processor. For Portfolio Tracking, AWS provides infrastructure, key management, and email; Alchemy provides on-chain data; CoinGecko provides public market prices; and the LLM providers listed in the AI-Assisted Features section process portfolio data for AI-assisted features. Their processing is governed by their respective terms and data protection addenda. Because of this, your data may be processed in multiple jurisdictions, including the European Union, the United States, Singapore, and other countries, and — where you use AI-assisted features — in China. Where data is transferred outside the EEA, the UK, or your country of residence, we rely on Standard Contractual Clauses or other appropriate safeguards where applicable. The supported cryptocurrency exchanges act as independent data controllers and process your data under their own policies and in their own jurisdictions.

9. Cookies and Similar Technologies

We use cookies, local storage, and SDKs:
  • Essential (no consent required): authentication/session security, fraud prevention, sanctions screening, basic preferences
  • Analytics (consent where required): Google Analytics, Matomo (self-hosted)
  • Performance/Monitoring (consent where required): Sentry
You can manage non‑essential cookies via the cookie banner and update choices any time in your account settings. You can also block or delete cookies in your browser settings; our Services will continue to function with essential cookies only.

Your Rights

Depending on your residence, you have rights including access, rectification, erasure, restriction, portability, and objection to direct marketing. Exercise them via info@neurobro.ai.

10. Security

We use:
  • Encrypted transport (TLS 1.3)
  • JWT tokens for secure authentication
  • Least‑privilege keys
  • Segregated production networks
  • Encryption at rest for exchange API credentials

11. Changes to this Policy

We may update this Policy. Important changes will be posted on our services and take effect 7 days after posting unless a shorter period is required by law.

12. Contact

Email

info@neurobro.ai

Phone

(856) 416-6698

Mail

Neuro Foundation LLC, 1111B S Governors Ave STE 28958, Dover, DE 19904

Version History

Replaced PostHog with Matomo, a self-hosted, open-source analytics tool run on our own infrastructure (Matomo analytics data is not shared with a third-party analytics provider); Google Analytics and Sentry are unchanged. Added the Apple App Store and Google Play download links to the services list. Added the Base app and related APIs to the services scope. Corrected references from “platform settings” to account/in-app settings so Mobile App settings are not conflated with the Neurodex web Platform. Fixed the international-transfers cross-reference to point to Section 8. Aligned deletion disclosures with the Account Deletion page. Clarified that the read-only API keys for Portfolio Tracking are exchange-issued credentials, distinct from NeuroAPI.
Added Portfolio Tracking data collection for the Neurobro Mobile App: exchange API credentials (read-only, encrypted at rest), exchange account and portfolio data (balances, trade/order/transfer/ledger history, open positions and PnL), net-worth history, and on-chain wallet portfolio data. Added the Third Parties & Sub-Processors section (supported exchanges, AWS, Alchemy, CoinGecko, LLM providers). Added the AI-Assisted Features & LLM Providers section. Updated data-retention and international-transfer disclosures, and clarified deletion mechanics for connected exchanges. Renumbered later sections.
Added geolocation data collection disclosure (country-level from Cloudflare IP, store region, browser timezone/language). Added affiliate offer eligibility as a data use case. Added geolocation data retention policy.
Replaced Privy with Neurobro Pass authentication. Added subscription/payment data collection (Stripe, Apple, Google). Added IP address collection for analytics and product improvement. Added Neurobro Mobile App to services scope. Added subscription billing data retention. Fixed section numbering.
Added Privy authentication (socials and Web3 wallets), Sentry error/performance monitoring, cookie banner and categories, notification preferences, and clarified non‑custodial operation and anonymized analytics.
Added Marketing and Newsletter Communications section covering email collection via Privy, consent management, and unsubscribe processes for weekly newsletters and product updates.
Updated for expanded services including AI Agent on Telegram, Landing Page, and Neurodex Terminal. Added analytics services (Google Analytics, PostHog), authentication data collection, and chat history. Updated company information to Neuro Foundation LLC.
Initial draft - no cookies, no analytics