Privacy Policy

Last Updated: June 11, 2025

This Privacy Policy explains how BrahmaFi LTD ("Brahma," "we," "our," or "us") collects, uses, and shares information about you, as well as your rights and choices regarding such information. BrahmaFi LTD is incorporated in the British Virgin Islands (BVI), and we adhere to the BVI Data Protection Act, 2021, along with other applicable data protection laws (such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Brazil's Lei Geral de Proteção de Dados (LGPD)) in all jurisdictions where we operate.


Reverb Inc., with principal office in the Republic of Panama, maintains the Interface that is the Frontend. For privacy-related inquiries regarding the Interface, you may contact [email protected].


"You" or "your" refers to the natural person interacting with our websites, services, or products.

By accessing our website, using our services, or interacting with our products (including Brahma Smart Accounts, DeFi Agents, Automations, ConsoleKit SDK, and Brahma Cards), you agree to be bound by this Privacy Policy and consent to our collection, use, and sharing of personal information as described below. If you do not agree, please notify us in writing, cease all use of the services, and delete any cookies from your devices.

1. Information We Collect

We collect various types of information from and about users of our services.

A. Information You Provide

We collect personal information that you provide to us when you interact with Brahma, including:

  • Contact Information: First and last name, email address, phone number.

  • Identity Verification Data: Date of birth; identification documents (such as driver's license or passport) for KYC verification purposes.

  • Business Information: If you represent a company or institution, we may collect company name, address, incorporation documents, tax IDs, beneficial owners, and associated wallet addresses.

Limited KYC Scope: We only require identity documents for certain regulated products (such as the Brahma crypto card) to fulfill Know-Your-Customer (KYC) obligations. These verifications are performed through our third-party KYC provider (e.g., Sumsub) and are not required for using Brahma's open protocol infrastructure beyond such compliance needs.

B. Information Collected Automatically

When you use our websites or services, we automatically collect certain information about your device and usage:

  • Technical Data: Browser type, operating system, device identifiers, and device information.

  • IP Address and Geolocation: Your Internet Protocol (IP) address and an approximate geolocation (which may infer your country or region).

  • Usage Patterns: Interaction data about how you use our websites and developer tools -- for example, events and logs relating to your use of the ConsoleKit SDK, Brahma Smart Accounts, and automated DeFi Agents on our platform. This helps us understand feature utilization and improve user experience.

  • Cryptocurrency Wallet Addresses: We may collect wallet addresses when you connect your wallet or perform blockchain-based transactions.

C. Transactional and Financial Information

If you utilize Brahma's financial features, we collect information about the transactions you make through our services:

  • Transaction Details: Transaction amounts, types, asset or token details, and other metadata related to each transaction.

  • Timestamp and Context: Dates and times of transactions and the contexts (e.g., whether it was an automated action by an Agent).

  • Card Activity: For Brahma Card users, information about card transactions such as merchant names and locations, and any associated transaction metadata.

  • Smart Account Activity: Financial activity occurring via Brahma Smart Accounts and Agents, including deposits, withdrawals, and any automated DeFi actions carried out on your behalf.

D. Information from Third Parties

We may receive additional information about you from third-party sources and combine it with the data you provide. For example, we could obtain data from: credit bureaus or identity verification services (for fraud prevention and KYC), compliance partners, analytics providers, or public databases. This supplemental information helps us verify identities, prevent fraud, and understand our user base better.

2. Purposes and Legal Basis of Processing Personal Information

The legal person that determines the purposes and means of the processing of personal data is

Reverb Inc., with principal office in the Republic of Panama, email [email protected]

Purpose of Processing

Providing service in accordance with our Terms of Use and other agreements.

Verify user information and prevent fraud.

Ensuring compliance with legal obligations, including KYC and AML checks

Personalize our service and associate staking activities to you.

Communicating with you and providing customer support.

Improve our service, enhance customer experience, resolve bugs and issues.

Website analytics and data aggregations.

Determine general location information to safeguard our service and comply with laws.

Conduct anti-money laundering and other legal checks.

Personal Data Categories

Email address, IP address, device information, web browser type, cryptocurrency wallet addresses.

IP address, device information, web browser type, cryptocurrency wallet addresses, identity verification data.

Identity verification data, IP address, geolocation, transaction data

IP address, device information, web browser type, device IDs, usage patterns

Email address, contact information

IP address, device information, usage patterns, technical data.

Cookies, web beacons, usage data.

IP address, geolocation data.

Identity verification data, transaction data.

Legal Basis

Necessary for the performance of our contractual obligations.

Necessary for the performance of our contractual obligations; protect the vital interests of the data subject.

Compliance with a legal obligation; necessary for the performance of our contractual obligations.

Necessary for the performance of our contractual obligations.

Necessary for the performance of our contractual obligations

Necessary for the performance of our contractual obligations.

Your consent for non-essential cookies.

Protect the vital interests of the data subject; compliance with a legal obligation.

Compliance with a legal obligation.

In some jurisdictions, we may not be able to rely on the above lawful bases. If this is the case, we will seek your consent, and we will rely on that consent as the lawful basis of processing. You can withdraw consent at any time.

3. How We Use Information

We use the information collected about you for various business and operational purposes, including:

  • Providing and Maintaining Services: To present our website and its contents, provide services, and fulfill transactions.

  • Identity Verification: To verify user identities and conduct KYC/AML checks as required by law.

  • Product Improvements: For testing, research, analysis, product development, and machine learning to improve user experience and develop new services.

  • Communication: To provide customer support, send service-related communications, and notify you about changes to our services.

  • Legal Compliance: To satisfy requirements under applicable laws, regulations, or legal processes.

  • Fraud Detection and Security: To detect, prevent, and investigate fraudulent activities and security threats.

  • Marketing: To market our services through various channels, including email, push notifications, and advertisements (with appropriate consent where required).

4. Sharing of Information

We do not sell your personal information to third parties. However, we may share your information with certain categories of recipients:

  • Service Providers: Third-party companies that provide services on our behalf, bound by contractual obligations to keep information confidential.

  • Financial Partners: Payment processors, KYC providers, and other financial service partners necessary to provide our services.

  • Affiliates: Our subsidiaries and affiliated companies for legitimate business purposes.

  • Legal Compliance and Protection: To comply with legal obligations, court orders, or government requests; to enforce our agreements; or to protect rights, property, or safety.

  • Business Transfers: In connection with mergers, acquisitions, or other business transactions where personal information may be transferred as part of the business assets.

5. Blockchain Technology and Permanent Information

Important Notice: Interactions with blockchain systems (including smart contract logs and events) may result in the permanent recording of certain information, which cannot be altered or deleted. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal information, particularly when blockchain data is combined with other data. Because blockchains are decentralized networks not controlled or operated by us, we cannot erase, modify, or alter personal data from such networks. Blockchain technology operates independently, and Brahma has no control over its immutability.

6. Cookies and Similar Technologies

Cookies Used by the Site

_ga_*

Domain: .brahma.fi

Description: Google Analytics sets this cookie to store and count page views.

Duration: 1 year 1 month 4 days

Type: Analytical

_ga

Domain: .brahma.fi

Description: Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.

Duration: 1 year 1 month 4 days.

Type: Analytical.

_hjSessionUser_*

Domain: .brahma.fi

Description: Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

Duration: 1 year.

Type: Analytical.

_hjSession_*

Domain: .brahma.fi

Description: Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

Duration: 1 hour.

Type: Analytical.

__cf_bm

Domain: .walletconnect.com

Description: This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Duration: 1 hour.

Type: Necessary.

__cf_bm

Domain: .walletlink.org

Description: This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Duration: 1 hour.

Type: Necessary.

Types of Cookies We Use

  • Strictly Necessary Cookies: Allow us to provide basic website functions such as browsing capabilities and secure access. These cookies are essential for the website to function properly.

  • Functional Cookies: Allow us to provide enhanced functionality such as account updates, notifications, and personalized features. You may refuse these cookies; however, this may affect access to certain parts of our website.

  • Performance/Analytics Cookies: Collect information about how you use our website, which pages you visited, and which links you clicked. This information is aggregated and cannot be used to identify you personally.

  • Wallet Cookies: Generated when users perform blockchain-based transactions online. These cookies may store information about user characteristics, transaction information, and wallet addresses.

Disabling Cookies Through Your Browser

Most browsers automatically accept cookies, but this is typically something you can adjust. Information can be found in the links below:

If you refuse cookies, you might not be able to use other cookie-dependent features of the Interface. To manage specific cookie settings, review this Privacy Policy for further information.

7. Security Measures

We take reasonable administrative, technical, and physical security measures to protect your personal information from loss, theft, misuse, and unauthorized access, disclosure, or alteration. Our security measures include:

  • Encryption: We encrypt sensitive personal information both in transit and at rest.

  • Technical Safeguards: Implementation of firewalls, secure server environments, and access controls.

  • Administrative Controls: Regular security training for employees and contractors with access to personal information.

  • Physical Security: Secure facilities and restricted access to servers and data centers.

However, the transmission of information via the internet is not completely secure. The safety and security of your personal information also depends on you. Please ensure you use strong passwords, protect your account credentials, and do not share your password with anyone.

Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, as outlined in this Privacy Policy, and to the extent permitted by applicable legal requirements.

Specific Retention Periods

  • Account Information: Retained while your account is active and for 30 days after account termination (unless you request earlier deletion).

  • Transaction Records: Retained for up to 7 years to comply with financial record-keeping requirements.

  • Identity Verification Data: Retained for the duration required by applicable KYC/AML regulations.

  • Marketing Communications: Until you unsubscribe or withdraw consent.

Where you request deletion of your personal information or where your account is terminated, we may continue to retain and use it as permitted or required under applicable laws for legal, tax, regulatory, or legitimate business purposes.

9. Children's Privacy

Brahma's services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from individuals under 18 years old. If we become aware that we have collected personal information from someone under 18, we will take steps to delete such information promptly.

10. International Data Transfers

We may transfer information collected about you, including personal information, to affiliated entities or third-party service providers across borders and from your country or jurisdiction to other countries or jurisdictions around the world for legitimate business purposes.

For users in the EEA, UK, Switzerland, or Brazil: We comply with applicable law to provide an adequate level of data protection for international transfers. We implement appropriate safeguards, including:

  • Adequacy Decisions: Transferring data to countries recognized as providing adequate protection.

  • Standard Contractual Clauses: Using approved standard contractual clauses for transfers to third countries.

  • Data Processing Agreements: Entering into appropriate data processing agreements with service providers.

11. Your Rights and Choices

You have certain rights regarding your personal information, which may vary depending on your jurisdiction:

Data Subject Rights

  • Right to Access/Information: You may request details about the personal information we hold about you and details of our processing.

  • Right to Rectification: If any personal information we hold is inaccurate, you may request correction.

  • Right to Erasure (Right to be Forgotten): You may request the deletion of your personal information under certain circumstances.

  • Right to Restriction of Processing: You may request the restriction of processing under certain circumstances.

  • Right to Object to Processing: Under certain circumstances, you may object to processing based on legitimate interest or direct marketing.

  • Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format.

  • Right to Withdraw Consent: Where we rely solely on consent for processing your personal information, you may withdraw it at any time through your account settings or by contacting us.

  • Right to Object to Automated Decision-Making: You have the right to object to decisions based solely on automated processing, including profiling.

How to Exercise Your Rights

To exercise these rights, please contact us at [email protected] or [email protected]. We may ask you to provide additional evidence and information to confirm your identity before processing your request.

Response Time: We will respond to your request within 30 days (or as required by applicable law).

Complaints: If you believe your rights have been violated, you may lodge a complaint with a competent data protection supervisory authority in your jurisdiction.

12. User Account Management

You may update, correct, or delete certain profile information by logging into your account and using the account settings tools. You can also:

  • Update your communication preferences

  • Withdraw consent for marketing communications

  • Manage cookie preferences through our cookie consent tool

  • Request account deletion (subject to legal retention requirements)

13. Do Not Track Signals

Brahma's websites do not respond to Do Not Track signals at this time.

14. Third-Party Websites

We may have links to unaffiliated third-party websites on our website. These third-party websites have their own privacy policies. We have no involvement with their policies and are not responsible for their practices. You are encouraged to review the privacy policies of all third-party websites you visit.

15. Aggregated and Anonymized Data

We may aggregate or anonymize personal information so that it can no longer be linked to any specific individual. We may use and share such aggregated/anonymized data for any legitimate purpose, provided it contains no personally identifiable information.

16. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy, please contact us:

  • Email: [email protected]

  • Privacy-related inquiries regarding the Interface: [email protected]

  • Mailing Address: BrahmaFi LTD, Road Town, Tortola, British Virgin Islands (Attn: Privacy Officer)

17. Additional Disclosures for Specific Jurisdictions

Additional disclosures for residents of Nevada, California, the EEA, UK, Brazil, and the BVI are provided to ensure compliance with respective laws. Please contact us for jurisdiction-specific information relevant to your location.

18. Changes to Our Privacy Policy

It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

Effective Date: This Policy is effective as of the "Last Updated" date stated above. Continued use of Brahma's services after a revised Privacy Policy has been posted constitutes your acceptance of the updated terms.