Privacy Policy

Last updated: March 31, 2025

This privacy notice (“Privacy Notice“) describes how Brave People LTD. (together with its affiliated companies – “Brave“, “we“, or “us“) collects, stores, uses and discloses identified or identifiable information (“Personal Data”) of individuals (“you” or “your”) who interact with us, including when you visit or interact with any of our linked website: https://www.thebrave.io/ (“Site”), participate in any of our events, interact with any of our online ads and content, emails, sales and marketing channels, integrations or communications under our control (collectively, the “Business”).  

Our “Services” facilitate the display of advertising content (“Ads”) of third-party services and products (“Advertisers”) on online assets of our partners (“Publishers”, and together with Advertisers, our “Business Partners”) where End-Users (See definition below in Section 1) can interact with them. 

Please review this Privacy Notice carefully, so you can understand our practices and your rights in relation to Personal Data, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us at privacy@thebrave.io.

If you do not agree to this Privacy Notice, do not use the Site, interact with us, or give us any Personal Data. 

Our Services are designed for businesses.

You are not legally required to provide us with any Personal Data. If you do not wish to provide us with your Personal Data, or to have it processed by us or any of our service providers, please do not provide it to us and avoid any interaction with us or with our Business. 

Important note: Nothing in this Privacy Notice is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

Specifically, this Privacy Notice describes our practices regarding:

1. 1. Data Collection & Processing
   2. Data Uses & Lawful Bases for Processing
   3. How Long We Retain Your Personal Data
   4. How We Share or Otherwise Disclose Your Personal Data
   5. Transfer Mechanism
   6. Cookies and other Data Collection Technologies
   7. Communications with Business Partners and Prospects
   8. Data Security
   9. Your Data Subject Rights
   10. U.S. Multistate Privacy Notice
   11. Roles and Responsibilities
   12. Additional Notice & Contact Details

1. Data Collection & Processing

We process the following categories of Personal Data, with respect to the following types of data subjects:

1. 1. Business Representatives Data: Personal Data concerning our Business Partners’ internal focal persons who directly engage with Brave concerning their organization’s account, e.g., the account administrators, billing contacts and authorized signatories on behalf of the Business Partner (“Representatives”).
   2. Prospect Data: Personal Data relating to visitors of our Site, participants at our events, and any other prospective partner (collectively, “Prospects”) who visits, purchases, or otherwise interacts with our Business. 

We collect the following data about Representatives and Prospects: 

Contact and business details: name, business email, business phone number, position, workplace and professional information, and related business insights, our communications with such individuals (correspondences, sensory information including call and video recordings, and transcriptions and analyses thereof), as well as any expressed, presumed or identified needs, preferences, attributes and insights relevant to our potential or existing engagement, purchasing details including interest and/or purchase history, commercial information, including records of our products or services purchased, obtained, or considered. 

Connectivity, technical and aggregated usage data: IP addresses, device data (like type, OS, device id, browser version, locale and language settings used), activity logs, session recordings, inferred or presumed data generated from the Business, other internet or electronic network activity information and other device or browser information. We also infer our Business Partners’ needs and preferences, as identified to us or recognized through our engagement with Representatives and Prospects.

End-User Data: we process the following Personal Data relating to individuals that interact or engage with the digital assets on which Brave displays Ads (“End-User”): IP addresses, Geolocation (including, country, region, city, zip code, latitude and longitude (if available)), language, IFV and IFA (e.g., IDFA/ AAID or any other related device IDs), Privacy String, cookies data or unique identifiers, information about End-Users’ devices (device type, model, operation system), and any other information that the supply side platform (SSP)/Publisher makes available and shares Brave to be passed on to Demand Partner. This data is not collected directly by Brave, but it is shared with Brave by its Business Partners who collected the aforementioned data concerning visitors to their digital assets, websites, and apps, from the users who interacted with . Please note that Brave does not store the End-User Data, Brave processes it and shares it with the Advertisers to provide the services to the Business Partners. To learn about the privacy policies and practices of said Business Partners, please contact them directly.

We collect Personal Data from the following sources: (i) directly from the data subject, (ii) collected via cookies, (iii) provided by the advertiser/publisher, and (iv) obtained from third-party partners (e.g., lead generation or enrichment vendors).

2. Data Uses & Lawful Bases for Processing

We use your Personal Data as applicable and necessary for the following business and commercial purposes and in reliance on the lawful bases detailed in the chart below:

Representatives & Prospects: If you reside in or are interacting with our Business in a territory governed by privacy laws under which “Consent” is the only or most appropriate lawful basis for the processing of Personal Data as described herein (in general, or specifically with respect to the types of Personal Data you expect or elect to process or have processed by us via the Business, or due to nature of such processing), your continued interaction with our Business means that you have had the opportunity to read and to the maximum extent permitted by law, you accept this Privacy Notice and it will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Notice, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at privacy@thebrave.io. 

End-Users: For end-users where the only or most appropriate lawful basis for the processing of Personal Data as described herein is “Consent” – Brave have a contract in place with the relevant Publishers and we rely on the warranties and representations made by its Business Partners regarding the legality of the collected End-User Data, including for Brave’s processing of the End-Users’ Data as described in this Privacy Notice. Brave requests Publishers to obtain the relevant permissions and lawful basis (e.g., depending on the context, consent) through the Publishers consent management platform on their online assets. Publishers are responsible for collecting consent and passing it to Brave. Please note that our Services can be initialized whether or not an end-user provides their consent to the Publishers, at the Publishers’ decision and discretion.

3. How Long We Retain Your Personal Data

• Representatives & Prospects: We retain Personal Data for as long as we deem it as reasonably necessary in order to maintain and expand our relationship and provide you with our Business and Services; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship in the event of any complaints or challenges), all in accordance with our data retention policy and applicable laws.
• End-Users: We retain Personal Data for as long as we deem it as reasonably necessary in order to provide our Services; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship), all in accordance with our agreements with our Business Partners and applicable laws.

Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete or anonymize it for any reason and at any time, with or without notice to you. 

If you have any questions about our data retention policy, please contact us by e-mail at privacy@thebrave.io.   

4. How We Share or Otherwise Disclose Your Personal Data

We disclose Personal Data in the following ways:

Service Providers: We engage selected third-party companies and individuals to perform services on our behalf or complementary to our own. Such service providers include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, billing and payment processing services, fraud detection and prevention services, web and product analytics, session or activity recording services, content transcription and analysis services, performance measurement, data optimization and marketing services, social and advertising networks, content and data enrichment providers, event production and hosting services, e-mail, support, enablement and customer relation management systems, and our legal, financial, privacy and compliance advisors (collectively, “service providers“). Depending on each of our service providers’ specific roles and purposes, they will have access to Personal Data and may only use the data as determined in our agreements with them.

Sharing your Feedback or Recommendations: If you submit a public review or feedback, note that we may (at our discretion) store and present your review in our Business. If you wish to remove your public review, please contact us at privacy@thebrave.io. 

Business Partners: As part of providing our Services, we share End-User Data with our Publishers (or their representatives/partners) and Advertisers (or their representatives/partners), each as relevant to their activity. 

Legal Compliance: We may disclose or allow government, law enforcement officials and other governmental agencies to access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and services.

Protecting Rights and Safety: We may share Personal Data with others if we believe in good faith that this will help protect the rights, property or personal safety of Brave and our employees, any of our Prospects, or our Business Partners or their Representatives, or any members of the general public.

Brave Subsidiaries and Affiliated Companies: We may share Personal Data internally within our group, for the purposes described in this Privacy Notice. 

Mergers, Acquisitions, and Transfer of Assets: In addition, should Brave or any of its subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, Personal Data may be shared with or transferred to the parties involved in such an event. We may disclose Personal Data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal Data may also be disclosed in the event of insolvency, bankruptcy or receivership. 

Others: For the avoidance of doubt, Brave may share Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, de-identified and/or anonymous. We may transfer, share or otherwise use such de-identified data at our sole discretion and without the need for further approval.

If you want to receive the list of the current recipients of your Personal Data, please make your request by contacting us at privacy@thebrave.io.

5. Transfer Mechanism

When Brave engages transfers of Personal Data, it relies on Adequacy Decisions adopted by the European Commission based on Article 45 of the GDPR (for example, when we access Personal Data from Israel), Standard Contractual Clauses laid down by the European Commission, Data Privacy Framework certification, or any other approved transfer mechanism. Brave continually monitors the circumstances surrounding such transfers to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the level of protection guaranteed by the GDPR.

6. Cookies and other Data Collection Technologies

Representatives and Prospects:

We and our service providers utilize third-party software development kits (SDKs), cookies, pixels and similar technologies (collectively “Cookies”) in order for us to provide our Business, to ensure its proper functions, to analyse our performance and marketing activities, and to personalize your experience. Cookies are packets of information sent to and from your web browser each time it accesses the server that sent the Cookie and may store Personal Data, such as IP address and Device Unique Identifiers, previously indicated by you. Some cookies are removed when you close your browser session. These are the “Session Cookies”. Some last for longer periods and are called “Persistent Cookies”. 

We use both types to facilitate the use of the Business. We may also use HTML5 local storage or other techniques for the above-mentioned purposes. These technologies differ from browser Cookies in the amount and type of data they store, and how they store it.

Whilst we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, you can manage your Cookie preferences, including whether or not to accept them and how to remove them, through your browser settings. Please bear in mind that disabling cookies may complicate or even prevent you from using the Business.

Please note that if you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-out will be necessary to prevent additional tracking.

For more information on our cookie and data collection technologies practices, you may also use the “Your Privacy Choices” feature available in our Business depending on your location and activity, as applicable.

End-Users:

The Personal Data collected by our Business Partners to help facilitate our Services is defined above. 

Note that this Notice does not address the point of End-User Data collection. Any End-User Data collected is subject, at the point of collection, to the privacy practices of our Business Partners which the End-User interacted with, including that Business Partner’s cookie practices. If you have any question, please refer to the applicable Business Partner with whom you interact with. We recommend you review the Business Partner’s privacy policy and terms of use. 

7. Communications with Business Partners and Prospects

We engage in service and promotional communications, through e-mail, phone, and notifications. 

Service Communications: We may contact you with important information regarding our Services such as changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use of some of our Services (like password resets or billing notices).

Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities or any other information we think you will find valuable. You can opt-out of such promotional communications by sending an e-mail to: privacy@thebrave.io or by following the instructions contained in the promotional communications you receive.

8. Data Security

We have implemented industry-standard physical, administrative and technical security measures, designed to secure your Personal Data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. However, we cannot guarantee that our Business and Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information. If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, or if you have any questions about our security, please contact us by e-mail at privacy@thebrave.io. 

9. Your Data Subject Rights

Individuals have rights concerning their Personal Data. Please contact us by e-mail at privacy@thebrave.io if you wish to exercise your privacy rights (each to the extent applicable to you under the laws which apply to you). Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request. 

See below a list of data subject rights, which may be available to you under your jurisdiction:

• The right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
• The right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
• The right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
• The right to object, to or to request restriction, of the processing;
• The right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
• The right to object to profiling;
• The right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• The right to request certain details on the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality; and
• You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

These rights are also subject to various exclusions and exceptions under applicable laws. We will not charge a fee to process or respond to your verifiable privacy request, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Alternatively, we may refuse to comply with your request in such circumstances. To the extent applicable to you, you may also designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.

Please note that when you or an authorized agent ask us to exercise any of your rights under this Privacy Notice or applicable law, we may need to ask you to provide us with certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Data related to others and to ask you to provide further information to better understand the nature and scope of data regarding which you request to exercise your rights. Such additional data may be then retained by us for legal, compliance and auditing purposes (e.g., as proof of the identity of the person submitting the request or proof of request fulfillment). We will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the individual about whom we collected the Personal Data. 

We may redact from the data that we will make available to the requesting data subject any Personal Data related to others.

Please also note that if you request deletion of your Personal Data, we may deny your request or may retain certain elements of your Personal Data if it is necessary for us or our service providers. We will provide details of our reasoning to you in our correspondence on the matter.

10. U.S. Multistate Privacy Notice

Different US states have implemented comprehensive consumer privacy laws, including the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”), as well as similar privacy laws in the US (collectively, “Applicable US Laws”). Additional provisions applicable to individual residents of U.S. states (“US Residents”) are outlined below.

These provisions outline the specific disclosure requirements under the Applicable US Laws and offer additional details on how we collect, use, share, and otherwise process the Personal Data of US Residents. They also explain the rights of these US Residents concerning their Personal Data and the methods available to exercise those rights.

The table below summarizes the categories of Personal Data we collect, the sources of the Personal Data collected, the business purposes for our collection, and the categories of third parties with whom we “disclose” or “share” Personal Data. The Table describes our practices in the last 12 months:

Selling or Sharing or Personal Data

In certain cases, our use of the End Users’ Personal Data may qualify as a “Sharing” under Applicable US Laws in the following cases: for behavioral advertising purposes, and internal technological purposes.

Children Privacy

Without derogating from any of our statements above, we do not intentionally collect personal information from, or serve advertisements to, children as defined and required by applicable laws.  In addition, we do not knowingly “sell” or “share” the Personal Data of consumers that we know to be under 16 years of age. If you believe we have served an advertisement to a child or might have any Personal Data from or about a child, or if you believe a mobile application in which an Brave-served advertisement appeared may be designed for, directed to, or pass Personal Data knowingly from, children, please contact us via email at privacy@thebrave.io.

Your privacy rights

The following rights (which may be subject to certain exemptions or derogations, including the verification of your identity and our right to retain information to comply with our legal obligations, among other circumstances) shall apply to US Residents:

1. You have the right to know what Personal Data is being collected about you, this include the right to request that we disclose what Personal Data of yours we collect, use, disclose, and sell;
2. You have the right to request the erasure/deletion of your Personal Data (e.g. from our records and the records of our service providers). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
3. You have the right to know whether your Personal Data is sold or disclosed and to whom;
4. You have the right to restriction of, or object to, processing of your Personal Data, including the right to opt in or opt out of sale of your Personal Data to third parties, if applicable, where such requests are permitted by law;
5. You have the right to Opt-Out of the “Sharing” of your Personal Data for targeted advertising often referred to as “cross-contextual behavioral advertising” or “interest-based advertising”;
6. You have the right not to receive discriminatory treatment for the exercise of the privacy rights; 
7. You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller, unless transmitting the information would not be technically feasible;
8. You have the right to correct inaccurate information. You have the right to request that we correct errors or inaccurate information in the Personal Data that we may have collected from you.
9. You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence (e.g. the Attorney General in your State). We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution. You have certain choices about your Personal Data. Where you have consented to the processing of your Personal Data, you may withdraw that consent at any time and prevent further processing by contacting us as described in this Privacy Policy. Even if you opt out, we may still collect and use non-Personal Data regarding your activities on our services and for other legal purposes as described above. While we cannot guarantee privacy perfection, we will address any requests to the best of our ability as soon as possible. We will process such requests in accordance with applicable laws.

Exercising Your Privacy Rights

You can exercise your rights by contacting us at privacy@thebrave.io. If we decline to take action on one of your rights, Applicable US Law may allow you to submit an appeal, this may be done by emailing us at privacy@thebrave.io. You may use an authorized agent to submit a request on your behalf if you provide the authorized agent with written permission signed by you. To protect your privacy, we may take steps to verify your identity before fulfilling your request. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law. 

Opt-Out to the Sale or Sharing of Your Personal Data

You have the right to opt-out to the sale or sharing of your Personal Data. If you want to exercise your (or, where applicable, your child’s) right to opt out of the sale or sharing of Personal Data, please contact us at privacy@thebrave.io. You can also opt out by clicking the “Do Not Sell or Sharing My Personal Data” on our Site.

In addition, you may opt-out of all cookies that may result in such a “sharing” of your Personal Data in the following ways:

Set the Global Privacy Control (GPC) for each participating browser system that you use, to opt out of the use of cookies that may be considered a “sharing” of Personal Data under the CCPA (instructions on how to download and use GPC are available here).

11. Roles and Responsibilities

Certain data protection laws and regulations, such as the EU GDPR, UK GDPR, and other applicable US laws, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under other applicable US laws, “business”), who determines the purposes and means of processing; and the “data processor” (or under other applicable US laws, “service provider”), who processes the data on behalf of the data controller (or business). Below, we explain how these roles apply to our processing activities, to the extent that such laws and regulations apply.

• Brave is the “data controller” of Representatives and Prospects Data. With respect to such data, we assume the responsibilities of a data controller (to the extent applicable under law), as set forth in this Privacy Notice. In such instances, our service providers processing such data will assume the role of “data processor.” 
• Our business partners are solely responsible for determining whether and how they wish to use our Services, and for ensuring that any End-User Personal Data they provide us with meets any and all applicable privacy laws and regulations. Specifically, at the point of collection, this includes the Business Partner’s responsibility to collect/allow the End-User’s privacy preferences, obtaining (when required) consent, to show a privacy policy to the End User, all as required by applicable laws and regulations.

12. Additional Notices & Contact Details

Updates and Amendments: We may update and amend this Privacy Notice from time to time by posting an amended version. The amended version will be effective as of the date it is published. We will provide prior notice if we believe any substantial changes are involved via email or other means. After such notice period, your continuing browsing and/or using our Site and/or Services shall be deemed as the changes have been accepted by you.

External Links: While our Business may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave our Business for the website or application of such third parties, and to read the privacy policies of each and every website and service you visit. This Privacy Notice applies only to our Business.

Children: Our Business/Services are not designed to attract minors. We do not knowingly collect Personal Data from minors and do not wish to do so. If we learn that a person who is considered as a minor according to applicable law is interacting with our Business or their data is being processed by us through the Services, we will attempt to prohibit and block such use and will make efforts to promptly delete any Personal Data stored with us with regard to such minor. If you believe that we might have any such data, please contact us by e-mail at privacy@thebrave.io. 

EU and UK Representative: Brave has designated Prighter Group as Brave’s representative in the EU and the UK for data protection matters pursuant to Article 27 of the GDPR and the UK GDPR, as applicable. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/12099585802. 

Contacting Us: If you have any comments or questions regarding our Privacy Notice, or if you have any concerns regarding your Personal Data held with us, please contact Brave’s privacy team at privacy@thebrave.io.