Skip to main content
Last Updated: January 24, 2026
  1. Introduction & Scope
This Privacy Policy (the “Policy”) sets out how Brain Labs Ltd., a company incorporated under the laws of the British Virgin Islands (together with its affiliates, subsidiaries and any related entities, “Gigabrain”, “we”, “us” or “our”) collects, uses, discloses, stores, transfers, protects and otherwise processes personal data and other information relating to identifiable individuals when you (“you”, “your” or “user(s)”) access or use our website available at https://gigabrain.gg/, any sub-domains, mobile applications, terminals, dashboards, APIs, software, community channels and other products and services we make available now or in the future, including any features described as chat, reasoning, research, market intelligence feeds, event intelligence, alerts, workflows, automation tasks, token-gated access, and execution integrations (collectively, the “Platform” or “Services”). This Policy applies to all personal data processed by us in connection with your interaction with or use of the Services, whether such data is provided directly by you, automatically collected through your use of the Services, or lawfully obtained from third party sources. It governs how we handle personal data of existing, prospective, and former users, including visitors to the Platform who may not have subscribed to the Services. By accessing, browsing, creating an account on, or otherwise using the Platform, you acknowledge that you have read, understood, and agree to this Policy, and that you consent to the collection, processing, and use of your personal data as described herein, subject to your rights under applicable data-protection laws. Please read this Policy carefully. If you do not agree with this Policy or any part of it, you should immediately discontinue access to or use of the Platform. Where we rely on your consent for specific processing activities, such consent is obtained as described herein and may be withdrawn subject to applicable law. This Policy forms part of, and should be read in conjunction with, Gigabrain’s Terms of Service and Disclaimer (collectively, the “Gigabrain Terms”). All capitalized terms not otherwise defined herein shall have the meanings assigned to them in the Gigabrain Terms. In the event of any inconsistency between this Policy and the Gigabrain Terms with respect to privacy matters, this Policy shall prevail; otherwise, the Gigabrain Terms shall govern. Gigabrain is established in the British Virgin Islands (BVI) and processes personal data in accordance with the BVI Data Protection Act, 2021. Where other data protection laws are applicable to our processing activities based on users’ location or the nature of the Services, we process personal data in accordance with those laws to the extent required. The Services provide AI-assisted market intelligence, reasoning, and research support for crypto markets and related data. The Services may incorporate analytics based on blockchain data and other market sources, may provide event-driven insights such as funding shifts, liquidity movements, whale activity, governance updates and macro conditions, and may allow you, if you choose to enable it, to connect third party execution functionality such as using an exchange or trading venue API to place orders that you initiate. The Services are informational and analytical in nature, and are not intended to provide financial advice.
  1. Definitions & Interpretation
data” means all information processed by Gigabrain in connection with the Services, including personal data, aggregated data, anonymized data, technical data, usage statistics, system logs, device information, and metadata generated through your interaction with the Platform. Data may include information that does not, by itself, identify a user and may be used for analytics, system improvement, performance monitoring, and security purposes. personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household, or device. Data that is aggregated or de-identified such that it cannot reasonably be linked to an individual is not personal data, provided we maintain it in such a form and do not attempt to re-identify it except as permitted by law. blockchain data” means information recorded on public blockchains and distributed ledgers, such as transaction hashes, wallet addresses, token transfers, contract interactions, and related metadata. Blockchain data may be publicly available and replicated across networks and third party indexers, and may not be within our exclusive control even if referenced in or processed by our Services.
  1. Categories of Personal Data We Collect
We may collect your personal data from the following sources: (i) directly from you; (ii) automatically when you use the Services; and (iii) from third parties when you choose to connect integrations or interact with third party services in connection with the Services. 3.1. Account, authentication & identity data. When you access the Services, we may collect authentication-related information. Since our onboarding may rely on wallet connection, this may include a public wallet address, wallet type, public account identifiers, and cryptographic signatures used to verify control of a wallet address. Where we offer additional login mechanisms now or in the future, we may also collect usernames, email addresses, or other credentials you choose to provide. 3.2. Profile & preferences data. We may collect information you provide to configure the Services, such as preferred assets, watchlists, notification settings, interface preferences, language settings, and other configuration choices. 3.3. User content & communications. We collect the content you submit when using the Services, including prompts and queries entered into chat interfaces, messages sent to Gigabrain through its support system interfaces, research requests, feedback, support inquiries, and any attachments or text you provide. Where you participate in community or gated channels, we may collect identifiers you provide for that purpose, such as a Telegram username or other handle, and associated administrative metadata necessary to administer access. 3.4. Trading & execution integration data. If you choose to enable trading or execution features, we may collect integration credentials and operational data necessary to provide that functionality. This may include API keys or wallet keys for third party execution venues (such as Hyperliquid API credentials), permissions scopes, and records of execution requests initiated through the Services such as order parameters, timestamps, and resulting confirmations or error messages. We do not request and do not want you to provide your wallet seed phrase or recovery phrase, and you should never submit such information through the Services. 3.5. Subscription & commercial data. If you purchase a subscription or paid access, we may collect information associated with the transaction, such as payment status, timestamps, subscription tier, invoices, billing history, and identifiers provided by payment processors. Payment card details are generally processed by third party payment providers, and we typically receive only limited payment metadata rather than full payment instrument details. We do not conduct identity verification or collect government-issued identification documents as part of our Services. 3.6. Token-gating & entitlement verification data. If access to certain features depends on holding a token or meeting an on-chain eligibility threshold, we may process your wallet address and relevant blockchain data in order to verify eligibility, maintain entitlements, prevent abuse, and administer token-gated features. This verification may be repeated periodically while you use token-gated features to ensure ongoing eligibility. 3.7. Device, usage and log data. When you use the Services, we automatically collect information such as IP address, device type, browser type, operating system, app version, session identifiers, pages or screens viewed, referring and exit pages, timestamps, clickstream, performance logs, error logs, and other diagnostic and usage data. 3.8. Approximate location data. We may derive approximate location from your IP address for security, fraud prevention, localization, and compliance screening purposes. We do not require precise geolocation to operate the core Services, but if we introduce features that use precise location, we will provide additional notice and, where required, obtain consent. 3.9. Cookies & similar technologies data. We may collect information through cookies, pixels, SDKs, and similar technologies, which may include session information, identifiers, preferences, and analytics data, subject to your device and browser settings and applicable law. 3.10. Security & abuse prevention data. We collect information reasonably necessary to protect the Services and our users, including signals indicating automated traffic, attempted account compromise, suspicious activity patterns, rate-limit triggers, and audit logs for administrative actions. 3.11. Information from third parties. We may receive information from third parties such as analytics providers, infrastructure and security providers, customer support platforms, payment processors, execution venues you connect, community platforms you use in connection with the Services, and publicly available sources, including blockchain indexers and market data providers. We treat such information in accordance with this Policy, subject to any additional restrictions imposed by the source.
  1. Purposes of Processing & How We Use Personal Data
4.1. Providing and operating the Services. We process personal data to provide, maintain, and operate the Services, including authenticating users, enabling access to features, responding to queries, producing AI-assisted outputs, delivering market intelligence feeds and event insights, and administering subscriptions and entitlements. 4.2. AI features, reasoning outputs, and quality improvement. We may process user prompts, queries, and usage signals to generate responses and outputs, to improve relevance, accuracy, and usability, to detect and mitigate misuse, to troubleshoot, to train or fine-tune internal evaluation systems where permitted, and to evaluate and improve our models and pipelines. Where we use your content for improvement, we apply safeguards designed to reduce risk, such as access controls, minimization, and, where feasible, de-identification or aggregation. 4.3. Workflows, alerts, and automation tasks. Where the Services allow you to configure automated monitoring, alerts, or workflows, we process your configuration choices, targets, thresholds, and notifications settings to run those tasks, deliver alerts, and maintain a record of workflow execution status. 4.4. Trading and execution functionality. If you enable execution functionality, we process the information necessary to route your instructions to the integrated third party venue, to display confirmation and activity history, to detect errors, and to support dispute resolution and audits. We do not decide to place trades for you. We process your data to execute instructions you initiate or authorize through the Services, subject to the design of the specific feature you choose to use. 4.5. Payments, subscriptions, and account administration. We process personal data to manage subscriptions, verify payment status, provide receipts or invoices, handle refunds or charge disputes where applicable, and maintain business records consistent with our legal and accounting obligations. 4.6. Security, fraud prevention, and protection of the Services. We process personal data to secure the Services, protect accounts, enforce rate limits, prevent fraud, detect malicious or abusive activity, investigate potential violations of our terms, and protect the rights and safety of users, third parties, and the public. 4.7. Compliance with law and lawful requests. We process personal data as necessary to comply with applicable laws, regulations, lawful requests, subpoenas, court orders, and to establish, exercise, or defend legal claims. 4.8. Communications. We process personal data to communicate with you about the Services, including responding to support requests, sending administrative messages, security notices, and service updates. If you opt in to marketing or promotional communications, we may use your contact details to send those communications, and you can opt out at any time as described below. 4.9. Business operations and development. We process personal data for internal business purposes such as analytics, forecasting, service planning, transaction diligence, corporate governance, and to evaluate new features and partnerships, provided that we use appropriate safeguards and do not use personal data for incompatible purposes without notice or a legal basis. Where required by applicable data protection laws, we process personal data on one or more of the following legal bases: (i) where processing is necessary to provide the Services or to perform or prepare a contract with you; (ii) where processing is based on our legitimate interests in operating, securing, improving, and marketing the Services, in accordance with applicable law; and (iii) where you have provided your consent for specific processing activities, which you may withdraw at any time with effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
  1. Disclosures & Sharing of Personal Data
We do not sell, lease or rent personal data and do not provide personal data to third parties in exchange for monetary consideration for their own marketing purposes. Any sharing or disclosure of personal data is carried out strictly for legitimate business purposes, in accordance with applicable laws, and under appropriate confidentiality and security obligations. 5.1. Service providers and processors. We may disclose or share personal data with vendors and service providers that process data on our behalf to deliver the Services. This may include providers of hosting and content delivery, cloud infrastructure, database and storage, analytics, monitoring and error tracking, customer support tooling, email and notification delivery, identity and access management, security services, and compliance tooling. We require service providers to process personal data only for the purposes of providing services to us, subject to appropriate contractual protections, confidentiality obligations, and security requirements. 5.2. Payment processing. If you purchase paid Services, payment processing is performed by third party payment providers. We share the information necessary to process transactions with those providers and may receive confirmation and transaction metadata in return. We do not intentionally store full payment card details on our servers when using third party processors, although we may store payment status, subscription tier, and related transaction records for business and compliance purposes. 5.3. Execution and trading venues. If you connect an execution venue or trading integration, we share the information necessary to facilitate that integration with the venue you select, including the instructions and credentials you authorize for that purpose. The venue’s independent processing of your information is governed by its own terms and privacy notices, and you should review them carefully before enabling integration. 5.4. Community and communication platforms. If you choose to join a community channel or receive notifications through third party platforms, we may share limited identifiers and administrative information with those platforms in order to administer access and deliver messages you request. Those platforms process information under their own policies. 5.5. Professional advisors. We may share personal data with professional advisors such as lawyers, auditors, accountants, and insurers where necessary for legal, compliance, and business operations. 5.6. Legal and safety disclosures. We may disclose personal data if we believe in good faith that disclosure is necessary to comply with law, regulation, legal process, or governmental request, or to enforce our agreements and policies, or to detect, prevent, or address fraud, security, or technical issues, or to protect the rights, property, and safety of Gigabrain, our users, or others. 5.7. Corporate transactions. If we are involved in a merger, acquisition, reorganization, financing, dissolution, sale of some or all of our assets, or similar corporate transaction, personal data may be disclosed to counterparties and advisors as part of diligence and may be transferred as part of that transaction, subject to appropriate safeguards and continued protection consistent with this Policy. 5.8. Aggregated and de-identified information. We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, benchmarking, marketing, and product improvement purposes.
  1. Transfer of Personal Data
Since our Services are global and our service providers and users are located around the world, your personal data may be processed in jurisdictions other than your country of residence, including jurisdictions that may have different data protection standards. Where required by applicable law, we implement appropriate safeguards for international transfers, which may include contractual protections such as standard contractual clauses, data processing agreements, and other lawful transfer mechanisms recognized by regulators. By using the Services, you understand that your personal data may be transferred, stored, and processed internationally as described in this Policy, subject to the safeguards we apply and your rights under applicable law.
  1. Data Retention
We retain personal data only for as long as reasonably necessary to provide the Services, to fulfil the purposes described in this Policy, to comply with legal obligations, to resolve disputes, to enforce agreements, and to maintain security and auditability. Retention periods depend on the nature of the data, how it is used, the sensitivity of the information, the risk of harm from unauthorized use or disclosure, whether the purposes can be achieved through less identifying data, and applicable legal requirements. Authentication logs and security records may be retained for a period appropriate to detect and investigate abuse and to maintain system integrity. Support communications may be retained for operational continuity and training. Execution activity logs may be retained for transparency, troubleshooting, and dispute resolution. Subscription and transaction records may be retained as required for accounting and compliance. Where feasible, we may delete, anonymize, or aggregate information when it is no longer needed. If you request deletion, we will take reasonable steps to delete personal data we control, subject to legal retention requirements, security needs, and legitimate interests such as fraud prevention and recordkeeping. Some information may remain in backups for limited periods as part of standard business continuity practices, and will be protected and deleted in accordance with our backup cycles.
  1. Security Measures
We take the protection of your personal data seriously and implement a combination of technical, administrative, and organizational safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures may include encryption protections (including encryption in transit and, where applicable, end-to-end encryption), secure storage with role-based access controls and least-privilege access, secure API gateways, firewalls and intrusion detection systems, logging and monitoring, secure key management practices, and regular vulnerability assessments and remediation practices. If you provide execution integration credentials, we take steps designed to limit access and to store and transmit those credentials securely, including by using secure storage controls, role-based access controls, and secure API gateway patterns designed to protect credential handling and execution requests. You are responsible for selecting appropriate permissions scopes, for safeguarding any credentials, and for revoking them if you believe they may be compromised. Despite our efforts, no system can be guaranteed to be perfectly secure. You should use the Services responsibly, keep your devices and wallets secure, and immediately notify us if you suspect unauthorized access to your account or credentials. Payment information is not stored on our servers. We receive only limited payment-related metadata necessary to administer subscriptions and records.
  1. Cookies & Similar Technologies
Cookies and similar tracking technologies (the “cookies”) are text files that can be stored on your devices when you visit an online service such as an application or a website. Cookies are used to store information on the user’s device so that it can be accessed later. As you navigate through and interact with the Services, different types of cookies may be placed on your device and we may ask your consent to use those cookies. These cookies may be placed directly by us or by third parties. The data we collect automatically includes statistical and performance information arising from your use of the Platform. This type of data will only be used by us in an aggregated or anonymized manner. Except for cookies that are necessary for the proper functioning of the Platform and Services, you are free to refuse the deposit of cookies on your device at any time. If you do not want cookies to be placed or read on your device and choose this option when presented to you, a refusal cookie will be stored on your device so that we can keep track of your choice. If you delete this cookie, we will no longer be able to know that you have refused the use of cookies. Similarly, when you consent to accept cookies, a consent cookie is placed on your device. You can choose to disable cookies through your individual browser options. The settings for each browser are different. They are described in the help menu of your browser, which will enable you to know how to change your cookies preferences.
  1. Your Rights & Choices
Depending on where you live and the laws that apply, you may have rights regarding your personal data, including rights to access, correct, delete, object to certain processing, restrict processing, and receive a copy of your data in a portable format. 10.1. Right of access. You have the right to request confirmation of whether we hold any off-chain personal data about you. You may request access to such personal data at any time. If you exercise your right of access, we will provide you with a copy of the personal data we hold about you as well as information relating to its processing. 10.2. Right of rectification. You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete. 10.3. Right of erasure. You can ask us to delete your personal data if, for example, it is no longer necessary for the processing we carry out. We will use our best efforts to comply with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise, or defence of our rights. 10.4. Right to restriction of processing. You may request that we restrict or limit the processing of your personal data under certain conditions (e.g., pending verification of accuracy or in case of an objection). In such cases, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests. 10.5. Right to object. You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing of your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your personal data for marketing or analytics purposes. 10.6. Right to data portability. Where applicable and technically feasible, you may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format, for transfer to another service provider. The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on the Platform, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with our request, we will inform you of the reasons for our refusal. 10.7. Right to withdraw consent. You have the right to withdraw consent at any time for processing of your personal data based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal. 10.8. Right to complain. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Information Commissioner (OIC) in the British Virgin Islands. If you are located in the European Economic Area or the United Kingdom, you may have the right to lodge a complaint with your local data protection authority if you believe our processing violates applicable law. If you are a resident of California or another U.S. state with a comprehensive privacy law, you may have additional rights, which can include rights to know categories of personal information collected, categories of sources, purposes of use, categories of disclosures, and to request deletion or correction, subject to statutory exceptions. We do not sell personal information, and where “sharing” for cross-context behavioural advertising is regulated, we provide mechanisms to opt out where required.
  1. Children’s Data
Our Services are not intended for anyone who is under the age of 18 (eighteen) years of age or a minor under their respective jurisdictions, or where the Services are being accessed (“Minor”). We do not intend to or knowingly collect any data related to a Minor. If you believe that any kind of data related to a Minor has been collected or provided to us, please contact us at [[email protected]] so we can take appropriate steps.
  1. Third Party Links, Data Sources & Public Blockchain Information
The Services may link to third party websites, tools, and services. We are not responsible for the privacy practices of those third parties, and your use of third party services is governed by their policies. You should review third party privacy notices before using them. The Services may reference or analyse public blockchain data and may use third party indexers and data providers to interpret blockchain activity. Blockchain addresses may be pseudonymous, but in some cases can be associated with individuals or entities through public information or third party attribution. We may process such information to provide market intelligence, detect patterns, and administer token-gated entitlements, and apply safeguards designed to minimize unnecessary collection and exposure of personal data. Market intelligence and analytics may be derived from sources that evolve over time, may include probabilistic inferences, and may be subject to correction as new data becomes available. Our processing and storage of personal data is not dependent on guaranteeing the correctness of analytical interpretations, and we do not promise that any particular output will be error-free.
  1. Changes to this Policy
We reserve the right to amend this Policy at any time and may update this Policy from time to time to reflect changes in the law, our data collection, use or sharing practices, advances in technology, changes in features or the Services, security measures, or compliance requirements. The “Last Updated” date above indicates when this Policy was most recently revised. We therefore encourage you to review this Policy regularly. When required by applicable law, we will provide notice of material changes, which may include posting a notice within the Services, sending an email, or using other communication methods reasonably designed to reach users. Your continued use of the Services after an update becomes effective, constitutes acknowledgement and confirmation that you have read and understood the latest version of this Policy, to the extent permitted by law.
  1. Governing Law & Jurisdiction
This Policy and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of the British Virgin Islands, without regard to conflict of law principles. Notwithstanding the foregoing, if you are located in a jurisdiction that provides mandatory data protection rights or imposes mandatory privacy obligations that apply to our processing of your personal data, we will process your personal data in accordance with those mandatory requirements to the extent they apply.
  1. Contact Information
If you have any questions or comments about this Policy, our privacy practices, the processing of your personal data under this Policy, including the exercise of your rights as detailed above, please contact us by email at [[email protected]]. We may request information necessary to verify your identity and to process the request securely. If you use wallet-based authentication, verification may involve signing a message to prove control of the wallet address associated with the request. We may decline or limit a request where permitted by law, including where we cannot verify identity, where complying would violate the rights of another person, where requests are manifestly unfounded or excessive, where information is protected by legal privilege, where compliance would require disproportionate effort, or where legal obligations require retention. Where we deny a request, we will provide an explanation to the extent required by law.