> ## Documentation Index
> Fetch the complete documentation index at: https://whitepaper.neurobro.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Privacy Policy

> How we collect, use, and protect your data

<Info>
  Effective Date: Mar 25, 2026

  This Privacy Policy explains how Neuro Foundation LLC ("we", "our", "Operator") collects, uses, shares and stores information when you use our services, including:

  * The Neurodex non‑custodial trading interface at [https://neurodex.ai](https://neurodex.ai) (the "Platform")
  * The Neurobro Mobile App for iOS and Android
  * The Neurobro AI Agent on Telegram
  * The Neurobro Landing Page and Website at [https://neurobro.ai](https://neurobro.ai)
</Info>

## 1. Summary

* We collect only the technical data required to operate our services: wallet addresses, IP‑derived region, server logs, anonymized/aggregated analytics and performance data.
* We use analytics and monitoring services including Google Analytics, PostHog, and Sentry to improve our services and reliability.
* For AI Agent services, we collect authentication information and chat history to enable communication.
* We collect IP addresses for analytics, product improvement, and geo-compliance purposes.
* Subscription payments are processed by Stripe (web) and Apple/Google (mobile). We do not store full payment-card numbers.
* We use Neurobro Pass for authentication with social logins, Telegram, Web3 wallets, and mini-apps, and use JWT tokens for session authentication across our services.

## 2. What We Collect

<AccordionGroup>
  <Accordion icon="wallet" title="Wallet address you connect">
    **Purpose**: Route your transaction and provide non‑custodial services (no platform fees)\
    **Lawful Basis**: Contract (you request a swap)
  </Accordion>

  <Accordion icon="globe" title="IP address and derived country/region">
    **Purpose**: Enforce geo‑blocks & sanctions policy; analytics and product improvement
    **Lawful Basis**: Legal obligation (OFAC/UN sanctions); Legitimate interest (prevent abuse, analyze usage patterns, improve services)

    We collect IP addresses to enforce geo-restrictions and sanctions compliance. We also use IP-derived data (country, region) in aggregated analytics dashboards to understand user distribution, measure product adoption, and guide product decisions. IP addresses used for analytics are not linked to individual user accounts.
  </Accordion>

  <Accordion icon="location-dot" title="Geolocation data (country-level)">
    **Purpose**: Regional compliance, content personalization, and affiliate offer eligibility
    **Lawful Basis**: Legitimate interest (compliance with regional regulations, service personalization)

    We collect **country-level** geolocation data from the following sources:

    * **Cloudflare IP geolocation**: Your country is determined from your IP address by our CDN provider (Cloudflare) and sent to our servers as a request header. This is country-level only — no precise GPS, city, or street-level location is collected.
    * **App Store / Play Store region** (mobile only): The country associated with your device's app store, derived from your device locale settings and sent by the mobile app.
    * **Browser timezone and language** (web only): Your browser's timezone (e.g., "Europe/Berlin") and language preference (e.g., "de-DE"), used to corroborate country-level data.

    This data is stored on your user profile and updated when you log in or refresh your session. It is used to:

    * Determine eligibility for region-specific promotional offers from third-party exchanges (affiliate programs)
    * Comply with regional regulations that restrict certain services or content by jurisdiction
    * Personalize content and default settings (e.g., relevant trading pairs, localized information)

    We do **not** collect precise geolocation (GPS coordinates, city, or street address). You cannot manually override your detected country at this time.
  </Accordion>

  <Accordion icon="server" title="Server logs">
    **Purpose**: Debug and ensure security\
    **Lawful Basis**: Legitimate interest

    Includes: timestamp, endpoint, error codes
  </Accordion>

  <Accordion icon="chart-line" title="Analytics data">
    **Purpose**: Improve user experience and service performance\
    **Lawful Basis**: Legitimate interest (with user consent where required)

    **Services Used**: Google Analytics, PostHog\
    Includes: page views, user interactions, device/browser information, usage patterns (stored in anonymized/aggregated form where possible)
  </Accordion>

  <Accordion icon="bug" title="Error tracking & performance monitoring (Sentry)">
    **Purpose**: Detect, reproduce, and fix errors; monitor app performance\
    **Lawful Basis**: Legitimate interest

    **Service Used**: Sentry\
    Includes: error stack traces, timestamps, basic device/browser metadata, and page/application context. We do not intentionally collect message content, private keys, or wallet seed phrases.
  </Accordion>

  <Accordion icon="user-check" title="Authentication information (Neurobro Pass)">
    **Purpose**: Provide AI Agent services and maintain user sessions
    **Lawful Basis**: Contract (you request our services)

    Includes: JWT tokens, user identifiers, session data, and the login method used (e.g., Google, Apple, Email, Telegram, Web3 wallet, or mini-app via Neurobro Pass). We remain fully non‑custodial and never have access to your private keys or seed phrases.
  </Accordion>

  <Accordion icon="credit-card" title="Subscription and payment data">
    **Purpose**: Process subscription payments and manage billing
    **Lawful Basis**: Contract (you purchase a subscription)

    Web subscriptions are processed by **Stripe**. Mobile subscriptions are processed by the **Apple App Store** or **Google Play Store**. These processors handle payment-card details directly; we do not store full card numbers. We receive and store: subscription tier, billing status, payment method type, transaction identifiers, and renewal dates.
  </Accordion>

  <Accordion icon="bell" title="Notification preferences">
    **Purpose**: Deliver opt‑in notifications through connected channels\
    **Lawful Basis**: Consent / Contract (service requested)

    Includes: delivery channel and preferences (e.g., Telegram/X/Email/Push). You can manage preferences at any time in platform settings at [https://neurodex.ai](https://neurodex.ai).
  </Accordion>

  <Accordion icon="comments" title="Chat history">
    **Purpose**: Enable AI Agent communication and improve responses\
    **Lawful Basis**: Contract (you request AI Agent services)

    Includes: messages exchanged with AI Agent, conversation context
  </Accordion>

  <Accordion icon="video" title="TikTok account data (internal use)">
    **Purpose**: Enable automated content publishing and performance analytics for Neurobro's internal marketing operations
    **Lawful Basis**: Legitimate interest (internal business operations)

    Our content creators use an internal marketing platform (Neurobro) that connects to TikTok via OAuth for automated content publishing and analytics. This data is collected only from our team members' TikTok accounts, not from end users.

    Includes: TikTok profile information (username, avatar, follower count), encrypted OAuth access tokens, and content performance metrics (views, likes, comments, shares).

    Creators can disconnect their TikTok account at any time, which permanently removes all stored tokens and associated data.
  </Accordion>

  <Accordion icon="user-gear" title="Alpha Profile & personalization data">
    **Purpose**: Personalize Neurobro's responses within Neurodex and related mini apps\
    **Lawful Basis**: Consent (optional data you provide)

    Includes: trading goals, crypto experience level, life stage, strategy style, discovery breadth, decision speed, custom instructions for the AI Agent.

    Visibility: Not publicly available and not visible to other users. We **DO NOT** sell this data or use it for advertising.

    Deletion: You can remove this data anytime in your settings (e.g., by clicking "Delete" or clearing your Alpha Profile). When deleted, it is permanently erased from our systems with no internal backups or archived copies retained.
  </Accordion>
</AccordionGroup>

<Info>
  Cookies/local storage and SDKs are used for essential functionality (auth/session) and, with consent where required, for analytics and performance monitoring (Google Analytics, PostHog, Sentry). You can manage non‑essential cookies in the cookie banner and adjust preferences in platform settings.
</Info>

## 3. How We Use the Data

<Steps>
  <Step title="Service Provision" icon="gears">
    To provide our services - build and relay your swap transactions, enable AI Agent communication, and maintain user sessions.
  </Step>

  <Step title="Compliance" icon="scale-balanced">
    To comply with sanctions laws - screen wallet addresses against OFAC, UN, EU, and other global sanctions lists.
  </Step>

  <Step title="Security" icon="shield">
    To secure our services - detect DDOS or abuse, maintain authentication security, and monitor application errors and performance (via Sentry).
  </Step>

  <Step title="Analytics & Improvement" icon="chart-line">
    To analyze usage patterns and improve our services using Google Analytics, PostHog, and Sentry (error/performance telemetry).
  </Step>

  <Step title="Regional Personalization & Affiliate Offers" icon="globe">
    To determine your eligibility for region-specific promotional offers from third-party cryptocurrency exchanges. We may earn a commission when you sign up for or use a third-party service through a link or offer displayed in our Services. Offer availability is determined by your detected country to comply with regional regulations and exchange-specific restrictions.
  </Step>
</Steps>

<Warning>
  We do not sell or share your data with advertisers. We may share hashed logs with regulators or auditors if legally compelled. Analytics data is processed according to the respective privacy policies of Google Analytics and PostHog.
</Warning>

## 4. Data Retention

<CardGroup cols={2}>
  <Card title="Wallet & swap logs" icon="wallet">
    12 months then deleted/aggregated
  </Card>

  <Card title="IP‑level server logs" icon="server">
    30 days unless required for security investigation
  </Card>

  <Card title="Chat history" icon="comments">
    Until user requests deletion
  </Card>

  <Card title="Analytics data" icon="chart-line">
    As per Google Analytics, Sentry and PostHog retention policies
  </Card>

  <Card title="Subscription & billing data" icon="credit-card">
    Duration of subscription plus 24 months for accounting/tax compliance
  </Card>

  <Card title="Geolocation data" icon="location-dot">
    Stored on user profile for the duration of the account; deleted upon account deletion
  </Card>
</CardGroup>

<Info>
  JWT tokens expire according to session settings.
</Info>

## 5. Your Rights (EU/EEA & UK GDPR)

If you are in the EU/EEA or UK, you have the right to:

<AccordionGroup>
  <Accordion icon="eye" title="Access">
    Request a copy of data we hold about you.
  </Accordion>

  <Accordion icon="pen" title="Rectify">
    Correct inaccurate data.
  </Accordion>

  <Accordion icon="trash" title="Erase">
    Request deletion where we no longer have a legal ground. For detailed instructions on how to delete your account and associated data, see our [Account Deletion](/legal/account-deletion) page.
  </Accordion>

  <Accordion icon="hand" title="Restrict or Object">
    Restrict or object to processing in certain cases.
  </Accordion>

  <Accordion icon="file-export" title="Data Portability">
    Receive data in a machine‑readable format.
  </Accordion>
</AccordionGroup>

To exercise a right, email [info@neurobro.ai](mailto:info@neurobro.ai). For wallet-related requests, include a signed message from the wallet you used. We may decline requests that would contravene sanctions screening.

By using our services, you acknowledge that certain data (e.g., wallet address, IP-derived region, chat history) is processed for security, compliance, and service provision purposes, and you consent to this processing under applicable data protection laws.

## 6. Marketing, Authentication & Notifications

When you sign in using Neurobro Pass (e.g., Google, Apple, Email, Telegram, Web3 wallets, or mini-apps), we facilitate authentication directly. For marketing emails, we collect your verified email address during sign-up or through opt-in forms.

### What We Collect

We collect your verified email address (for newsletters), and may store the login method used (Google, Apple, Telegram, Web3 wallet, or mini-app via Neurobro Pass) to operate authentication. Notification preferences (channels and topics) may be stored to deliver opt‑in alerts.

### Why We Collect It

We use your email address **solely** for non‑transactional communications:

* Weekly product‑update newsletters
* Feature announcements
* Curated market recaps and relevant content

### Legal Grounds for Processing

**European Economic Area & UK**: Your explicit consent (GDPR Art. 6(1)(a)). Marketing consent is optional and not required to use Neurodex.ai.

**Canada**: Implied or express consent under CASL with business address and unsubscribe mechanism in every message.

**United States**: CAN‑SPAM Act compliance with clear promotional identification and opt‑out links.

**California (CCPA/CPRA)**: We do not "sell" or "share" your personal information for cross‑context behavioural advertising.

### Communication Frequency

By default, we send at most **one newsletter per week**. Material changes to frequency will be communicated and may require fresh consent.

### How to Unsubscribe

You can opt out at any time by either:

* Clicking the unsubscribe link in any marketing email
* Toggling preference checkbox in emails
* Emailing us at [info@neurobro.ai](mailto:info@neurobro.ai)

Withdrawal is immediate for new campaigns and processed within 72 hours for all lists.

### Retention & Deletion

We retain your email for marketing **only until you withdraw consent**. After withdrawal, it's added to a suppression list to prevent future marketing messages.

### Third‑Party Processing

Stripe, Apple, and Google act as payment processors for subscription billing. Google Analytics, PostHog, and Sentry act as processors for analytics/monitoring; their processing is governed by their respective terms and data protection addenda. Data may be stored in the United States with appropriate safeguards, including Standard Contractual Clauses for international transfers where applicable.

## 7. Cookies and Similar Technologies

We use cookies, local storage, and SDKs:

* Essential (no consent required): authentication/session security, fraud prevention, sanctions screening, basic preferences
* Analytics (consent where required): Google Analytics, PostHog
* Performance/Monitoring (consent where required): Sentry

You can manage non‑essential cookies via the cookie banner and update choices any time in platform settings. You can also block or delete cookies in your browser settings; the Platform will continue to function with essential cookies only.

### Your Rights

Depending on your residence, you have rights including access, rectification, erasure, restriction, portability, and objection to direct marketing. Exercise them via [info@neurobro.ai](mailto:info@neurobro.ai).

## 8. Security

We use:

* Encrypted transport (TLS 1.3)
* JWT tokens for secure authentication
* Least‑privilege keys
* Segregated production networks

## 9. Changes to this Policy

We may update this Policy. Important changes will be posted on our services and take effect 7 days after posting unless a shorter period is required by law.

## 10. Contact

<CardGroup cols={2}>
  <Card title="Email" icon="envelope">
    [info@neurobro.ai](mailto:info@neurobro.ai)
  </Card>

  <Card title="Phone" icon="phone">
    (856) 416-6698
  </Card>

  <Card title="Mail" icon="building">
    Neuro Foundation LLC, 1111B S Governors Ave STE 28958, Dover, DE 19904
  </Card>
</CardGroup>

## Version History

<AccordionGroup>
  <Accordion icon="clock-rotate-left" title="v0.6 - Mar 20, 2026">
    Added geolocation data collection disclosure (country-level from Cloudflare IP, store region, browser timezone/language). Added affiliate offer eligibility as a data use case. Added geolocation data retention policy.
  </Accordion>

  <Accordion icon="clock-rotate-left" title="v0.5 - Mar 13, 2026">
    Replaced Privy with Neurobro Pass authentication. Added subscription/payment data collection (Stripe, Apple, Google). Added IP address collection for analytics and product improvement. Added Neurobro Mobile App to services scope. Added subscription billing data retention. Fixed section numbering.
  </Accordion>

  <Accordion icon="clock-rotate-left" title="v0.4 - Nov 06, 2025">
    Added Privy authentication (socials and Web3 wallets), Sentry error/performance monitoring, cookie banner and categories, notification preferences, and clarified non‑custodial operation and anonymized analytics.
  </Accordion>

  <Accordion icon="clock-rotate-left" title="v0.3 - July 27, 2025">
    Added Marketing and Newsletter Communications section covering email collection via Privy, consent management, and unsubscribe processes for weekly newsletters and product updates.
  </Accordion>

  <Accordion icon="clock-rotate-left" title="v0.2 - July 09, 2025">
    Updated for expanded services including AI Agent on Telegram, Landing Page, and Neurodex Terminal. Added analytics services (Google Analytics, PostHog), authentication data collection, and chat history. Updated company information to Neuro Foundation LLC.
  </Accordion>

  <Accordion icon="clock-rotate-left" title="v0.1 - June 06, 2025">
    Initial draft - no cookies, no analytics
  </Accordion>
</AccordionGroup>