LAST UPDATED May 14, 2024

Brave Browser Privacy Policy

Our company does not store any record of people’s browsing history. We don’t write any personal data to the blockchain. The only way a user’s data is stored by Brave is if the user has switched on Rewards or Sync.

Read this document to understand how the Brave Browser uses data.

To learn how we use data to operate our websites, forums, and communications, visit the Website Privacy Policy. To learn how we use data for publishers and creators visit the Publisher Privacy Policy on the Basic Attention Token website.

In this policy “we”, “us”, etc. refers to Brave Software Inc, while “Brave” refers to the browser.

Security & updates

Brave automatically checks with us for updates. This ensures that you always have access to the latest security fixes. We count the number and type of these requests when we receive them to produce aggregate statistics. No particular person’s information can be identified in the statistics we produce.

You can also update to the latest version here.

Safe Browsing

The Brave Browser automatically uses Google Safe Browsing to help protect you against websites, downloads and extensions that are known to be unsafe (such as sites that are fraudulent or that host malware). On desktop, we use the Safe Browsing Update API which relies on storing URL hashes locally on your device. We proxy these requests through Brave’s servers to reduce the amount of information sent to Google (for example, we remove your IP address) to protect against Google profiling or tracking you when using Safe Browsing. On iOS, Apple proxies Google Safe Browsing through their own servers. For iOS users in mainland China, Apple may also use the Tencent Safe Browsing service. More details at https://www.apple.com/legal/privacy/data/en/safari/. On Android, we use the SafetyNet Safe Browsing API which sends partial URL hashes directly to Google when a URL is determined to be potentially malicious by the list stored locally on your device, as per the Safe Browsing Update API.

If you prefer not to use Safe Browsing, just visit brave://settings/security to change your settings to “No protection (not recommended)”. On iOS, open “Brave Shields & Privacy” inside settings and disable “Block Dangerous Sites”. On Android, open “Brave Shields & privacy” inside settings and then set the Safe Browsing option to “No protection (not recommended)”.

Sync

If you switch on Sync then your bookmarks (and soon passwords and other data) will be saved in an encrypted file on a cloud storage service, to which you will have the only decryption key. The data1 are entirely inaccessible to Brave and to the cloud storage provider. Learn how to switch on Sync here.

Unused Sync chains expire after 12 months and the associated server data is permanently deleted.

Location

If you use Brave to visit a website that wants to determine your location, you will be asked whether you want it to be allowed to know where you are. If you click yes to this message, then the website will be sent an approximation of where you are based on your IP address. Your IP address will not be stored by Brave, but it may be stored by the website you have visited. See data processing details.

Brave Rewards

If you enable Brave Rewards, we assign your Brave browser a “Rewards Payment ID”, which is used to account for Basic Attention Token (BAT) rewards you may earn for seeing Brave Private Ads. We will also ask you to select your country, which we will use to assign a country code to your Rewards Payment ID. The country code helps us ensure Ads are displayed to individuals depending on their country. We will also use the country code to help us prevent fraud. You can find your Rewards Payment ID by navigating to brave://rewards-internals.

Even with Brave Rewards enabled and a Rewards Payment ID assigned, we never collect your browsing history or similar information, and we can’t derive this information from your contributions to content creators or sites. We also cannot tell which specific Brave Private Ads you’ve seen or interacted with.

Note that we record the identifiers mentioned herein on servers located in the United States. We take a range of technical and organisational measures to safeguard personal data.

Connecting a custodial account

When you choose to connect a custodial account to Brave Rewards using one of our custodial partners such as Uphold, Gemini, bitFlyer (Japan only), or ZebPay (India only), three things become associated with your Rewards Payment ID: a custodian ID, deposit address(es), and a country code. All three are assigned by the custodial partner. The deposit address allows us to make deposits to your custodial account, while the country code helps us prevent fraud and limit service to users in countries where Brave Rewards is supported. In addition, we also use IP addresses and Rewards Payment IDs associated with monthly BAT payments to safeguard against fraud. See the Brave Rewards data processing table

When you make an on-demand contribution to Brave Creators using BAT from your linked custodial account(s), the custodian can see and record the details of your contribution transactions (such as, but not limited to, the amount and the recipient). This is subject to the privacy policies of Uphold, Gemini, bitFlyer, or ZebPay. However, when using the Auto-Contribute feature to support Brave creators with BAT from your custodial account, neither Brave nor your custodian can tell which specific creators you’re contributing to.

Connecting a self-custody account

When you choose to connect a self-custody account/address (such as a Solana address), your Rewards Payment ID will be associated with your self-custody address. See the Brave Rewards data processing table for details of what data we process and why and for how long.

Cookies: As part of the process to connect your Solana address to your Rewards Payment ID, a temporary, security-related cookie will be set in your browser for one of our Rewards-related service domains. The purpose of this cookie is to protect you against cross-site forgery attacks during the connection process. The moment the cookie is done playing its role in the connection process, the cookie is immediately cleared from your browser.

Ads

If you switch on Brave Rewards we automatically enable Brave Ads. This means you will receive ads in the form of notifications and in-browser sponsored content, and Basic Attention Tokens to reward you for viewing those ads. While the categories of ads that you see and when you see them are inferred from your browsing activity, the data are stored on your device and are inaccessible to us. We will receive anonymized confirmations for ads that you have viewed, but no data that identifies you or that can be linked to you as an individual leaves the Brave browser on your device. You can disable Ads by visiting Settings > Brave Rewards > Ads and turning off the Ads default.

In the cases where we collect high-level statistics relating to web activity data (e.g. what are the estimated amount of ads that can be served to different content categories that users encounter as they browse the web) we use proven privacy mechanisms like local differential privacy that guarantee that no information about individual users will ever be revealed to us. Read more about how we achieve this with Privacy Preserving Product Analytics and Private Advertising Analytics. To read more about Brave Ads and privacy have a look at our FAQ.

Brave conducts A/B testing to support research into user engagement with Brave Ads to inform our strategy for choosing and displaying Ads to end-users. We use variables such as type of Ad, placement and timing. This is done in a way that protects end-user privacy - we cannot link data to individuals or their devices and nor can we identify users or their devices from the research.

Brave Wallet

The Brave Wallet is a secure crypto wallet built directly into the Brave browser. You can buy, send, store, and swap thousands of assets (and NFTs) seamlessly on 100+ blockchain networks including Ethereum, Solana, Filecoin, and more. You can learn more about ‘crypto wallets’ and the Brave Wallet here

Brave does not track any of the actions you make in your wallet. We strive to put privacy first:

Brave News

Brave News is a private, ad-supported content news reader integrated into the Brave browser. It provides news content, Brave offers, display advertising, and promoted content. It is off by default.

When you turn ON Brave News, a range of content is presented by default. The default content is selected using Brave Search. You can at any time change the default content settings and choose what content you want appearing in your feed. You can also add feeds manually by subscribing directly to publishers’ content using publicly available RSS feeds.

To protect your privacy, Brave employs a combination of methods for delivering content that ensure your browser cannot be identified or tracked by Brave or any third party. Headlines are made available on a public CDN in text files, the same file for all users for each region. Some images from publishers and images in the Brave News user interface are processed to improve performance and ensure they display correctly in the Brave News user experience. Processed images are all delivered through a private and encrypted proxy method. The proxy removes and does not retain IP addresses before passing the encrypted request to the private content server, which then sends the encrypted reply back to the browser via the proxy. All other publisher images are collected directly from the publishers from your device. When you add RSS feeds manually, the text and images are collected directly from the publisher of the RSS feed and included in Brave News on the client. The feed of text and images from Brave and from your RSS feeds is temporarily stored on your device, and it is replaced upon starting or refreshing your Brave News session.

Display advertising and promoted content is delivered to all browsers within a given country that have turned on and enabled Brave News. Images from these are served by Brave using its private and encrypted proxy. If you also enable Brave Ads, advertising will be presented based on your interests, as inferred from your browsing behaviour and done on your device. Brave News remains private to you and anonymous.

Brave News will offer suggestions of sources you might like to follow. If you choose to follow a suggested source it will be added to your Following list; you can always unfollow a source via the Settings panel. The suggestions and your choices are determined on your browser and never leave your device. Your Brave News sessions are not logged or saved by Brave. This information is private to you and only you.

Brave’s source list, content aggregator and Suggestions service are open source and available to view via GitHub.

Please note: The RSS feed content you add is collected directly from the feed source and not proxied by Brave. The Brave browser fetches it without ever hitting Brave servers, and Brave never knows anything about your chosen RSS feeds.

It’s your choice. You can add, follow, unfollow, or hide content sources any time.

Brave Talk

Brave Talk is a private video and/or audio conference tool. What you say or type in the service is not logged or saved. Who you talk to, when, and how, is private to you. See data processing details.

Please note that Brave uses the 8x8 communications platform, and software (API) capabilities of 8x8 (based on the Jitsi Open Source video conferencing software) to help deliver Brave Talk. 8x8 provides a service on behalf of Brave, and we remain responsible for Brave Talk.

What information does Brave Talk process?

We process the minimum information necessary to provide the Brave Talk service. This includes:

While communications are encrypted between the Brave browser and Brave Talk servers via transport layer encryption, they are not encrypted on the server during a call, unless you enable Video Bridge Encryption (VBE). Additional security options are available to you in the settings menu once you initiate a call. These include:

Please note that if you upgrade to the Brave Talk Premium plan, Brave will require an email address to initially create a premium account, and subsequently to manage your access to the account using anonymous credentials. We use the third-party payment provider Stripe to process payments for premium subscriptions. Stripe will process your email address, name, and payment card data for the purpose of managing your subscription payments only. Brave does not receive nor have access to your payment method details supplied to Stripe, and we cannot associate an account email address or payment details with your communications on Brave Talk.

Web3 calls are a special feature of Brave Talk. They use Web3 services as a gating mechanism to a call, so that only people who can prove ownership of a particular NFT can join a video call.

For each new Web3 Brave Talk call the service will look up NFT addresses that match users’ Brave Wallet addresses, via a service called Simplehash. The address lookup is handled via an anonymous proxy, which means Brave servers never record the addresses and have no visibility of members of a call.

Web3 calls use the same infrastructure as non-Web3 Brave Talk calls. However, the use of NFTs and POAPs (which are publicly available on blockchains) makes the members of Web3 calls anonymous but not private.

Learn more about Web3 Calls

To avoid scams: For the avoidance of phishing attacks, note that we at Brave will never contact Brave Browser users in a Brave Talk call.

We do not authenticate users or their associated avatar images. Accordingly, you should never share any confidential information with anyone on Brave Talk unless you are certain that you know who you are talking to. (Of course, this is a good practice regardless of whether you are using Brave Talk, or email, or any other form of communication.)

Brave Translate

Brave removes IP addresses associated with requests submitted to the translation service. Additionally, any text submitted is not retained after the request completes. We do this to protect your privacy.

Brave Firewall + VPN

You can subscribe to Brave Firewall + VPN in two ways: via account.brave.com, or via the applicable app store for your mobile device (iOS App Store or Google Play Store). Brave Firewall + VPN is powered by Guardian, and Guardian also provides technical support for Brave’s Firewall + VPN service. To learn more about what information we use for subscriptions—and why—see our data processing details.

Brave Leo

The Brave Leo AI private chat feature provides summaries of the webpage you’re browsing via a chat interface that allows you to submit questions and receive responses about the content of that page. You can also ask Brave Leo questions in general and enable automatic suggested questions. Brave browser shares with the server your latest prompt, the context of your current conversation and, when the use case calls for it, the necessary context from the page you’re viewing. Note that once a chat is closed all record of it is erased. 

Brave Leo privacy protections include:

The accuracy of summaries and responses to questions is not guaranteed and may include inaccurate, misleading, and/or false information. You should not submit sensitive or private information in Leo, and should exercise caution with any text related to health, finance, personal safety, or similar cases.

Brave Leo is powered by different AI models which you can select, including self-hosted implementations of open-source models, such as Meta’s Llama 2 and Mistral AI models, and models provided by 3rd parties, such as Anthropic’s Claude models. More information on each model, rate limits, and defaults can be found in the Brave Leo wiki https://github.com/brave/brave-browser/wiki/Brave-Leo

Submitting a prompt may include context from the current web page you are viewing, and if you enable automatic suggested questions, the page contents of your navigations will be sent to Leo to generate these suggestions while Leo is open. You can change these options any time in Settings.

The legal basis relied on to process any personal data submitted is that it is necessary for the legitimate interests of Brave and end users.

Web Discovery Project

The Web Discovery Project is intended to make Brave Search more relevant and useful for everyone. If you opt in, you’ll contribute some anonymous data about searches and web page visits made within the Brave Browser (including pages arrived at via some, but not all, other search engines). This data helps build the Brave Search independent index, and ensure we show relevant results to your search queries and support more relevant experiences with Brave products and services.

Collection is done in a privacy-preserving fashion. The Web Discovery Project records the terms you search for on some search engines if that search query passes a series of checks, intended to avoid recording or sending sensitive queries. For example, WDP will not send search queries that are very long, including email addresses or long numbers.

WDP also records some of the pages you visit, if the URLs pass a series of checks designed to filter out unique or identifying URLs. For example, URLs that are too long or include certain terms or long numbers are never sent. Additionally, WDP protects the URLs you send by encrypting them in a manner that prevents Brave from seeing or reading the URL unless it has been sent by a large number of other users.

The system is designed so that no data received can be linked back to individuals or their devices. For a URL to be sent it needs to be visited independently by a large number of people. All data received is unlinkable, making it impossible to build profiles or sessions of Web Discovery Project contributors.

Read a full description of the Web Discovery Project methodology.

How we improve Brave

Diagnostic reports

When Brave crashes or freezes, it creates a report that can be sent to us to help us diagnose and fix whatever caused the problem. This report contains technical information about your computer system and the event causing the problem. The data can’t be used to identify you.

We use a service called Backtrace.io to store the reports. You can choose whether to send us these reports. Even if you have chosen to send reports in the past, you can turn off future reports in settings.

Privacy Preserving Product Analytics

The Browser sends us anonymous reports to alert us to product problems and necessary improvements. None of the information it reports harms your privacy. The report only describes general use of the Browser or other Brave products, such as a general range of how many extensions are installed, a general range of how many tabs are open, and whether features like Shields, Rewards, and Ads are switched on. See the full list of questions here. These reports are stripped of metadata, and aggregated with measurements reported by many other instances of Brave. The data are not personal, and cannot be combined to identify you. You can deactivate Privacy-Preserving Product Analytics in Settings.

Your feedback

If you submit a Web compatibility report, you’ll have the option to include certain details to help us analyze and address compatibility issues. Providing this information is voluntary, and any data you submit will be deleted from Brave’s servers after 30 days. See our Web compatibility reports wiki page for more details on what data is collected.

By submitting Brave AI feedback, you have the option to include additional details to assist us in improving this feature. These details may include the address of the website on which Leo was used. It is important to note that providing this information is entirely voluntary. Submitted data will be deleted from Brave servers after 1 year.

Any personally identifiable information (PII) you provide, such as your contact details, will be handled with strict confidentiality. We do not sell, trade, or transfer your information to any third parties.

We collect this data solely for the purpose of improving our services, enhancing your browsing experience, and resolving compatibility issues.

If you write feedback for Brave, we will use this to improve the product. See data processing details.

Nightly, Dev, and Beta browser versions

Nightly, Dev, and Beta versions of the Brave Browser are experimental previews of new Brave Browser versions. They allow us to test new features so that we can find and fix errors before releasing a new version of the Brave Browser. These test versions of the Browser may automatically send crash reports to Brave so that we can identify and fix problems. A crash report can contain personal information. See data processing details.

How to switch this feature off. You can switch off “Automatically send usage statistics and crash reports to Brave Software” in settings.

Tip: you can quickly access settings by copying brave://settings into your address bar.

These incomplete versions of Brave represent unfinished and untested work on future versions of Brave, and their incomplete behaviour may not be adequately described by this policy. More information about the safety & reliability of pre-release versions of Brave can be found in our development documentation.

Location

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To estimate the user’s physical location at the request of a website and with the confirmation of the user. IP address, and information about nearby WiFi access points (MAC address, signal strength, and SSID). Legitimate interest. No storage.

Brave Rewards

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To make and verify Basic Attention Token contributions, (including to detect and prevent fraud). IP address at time of claiming a grant of BAT tokens or requesting confirmation tokens.

Necessary for the performance of a contract between us and necessary to provide the requested service.

Processing for the purposes of fraud prevention is based on the legitimate interests of Brave and users of Brave Rewards.

Generally stored for 7 days. In cases of suspected fraud, stored for up to 60 days. In case of confirmed fraud, stored for up to 2 years.
To make and verify Basic Attention Token contributions, (including to detect and prevent fraud). Rewards Payment ID, declared country code and Custodian ID and custodial country code when verifying a Brave Rewards wallet with a custodial partner.

Necessary for the performance of a contract between us, (and necessary to provide the requested service & to provide customer support).

Processing for the purposes of fraud prevention is based on the legitimate interests of Brave and users of Brave Rewards.

The duration of the user’s account, plus 4 years in order to comply with US Internal Revenue Service requirements.
To make and verify Basic Attention Token contributions to a Solana address, (including to detect and prevent fraud). Rewards Payment ID and associated Solana address

Necessary for the performance of a contract between us and necessary to provide the requested service.

Processing for the purposes of fraud prevention is based on the legitimate interests of Brave and users of Brave Rewards.

Compliance with legal obligations

The duration of the user’s account, plus 4 years in order to comply with US Internal Revenue Service requirements.

Brave News

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To collect content from the server in order to display it for the user. IP addresses. Legitimate interest. The data are used in order to deliver the service, and the risk of the processing of the data is minimal. The duration of the request and response

Brave Talk

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To facilitate communications via Brave Talk. IP address, meeting URL, chat content, audio and video, recordings of meetings. Legitimate interest. The processing is necessary to provide the requested service. Duration of the call, except for recordings of meetings that are temporarily stored for 24 hours.
To create a Brave Premium account and manage account access. Email address

Legitimate interest.

The data is necessary to establish an account and manage account access.

Until an account is deleted.

Brave Firewall + VPN

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To send an alert to the user when a firewall rule is triggered. Pseudonymous user ID, details of the blocked tracker/firewall rule triggered. Necessary for the performance of the contract (to deliver the service). 3 days.
To create private connections. IP Address. Necessary for the performance of the contract (to deliver the service). None. IP addresses are not logged.
To provide customer support. Email address and other personal data that a user may choose to share when requesting technical support from Guardian. Necessary for the performance of the contract (to deliver the service). 12 Months after closing a support ticket.

Brave IPFS Public Gateway

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To allow access to IPFS content when the user cannot access it via a local IPFS node IP address Legitimate interest. The user requested the service, and the risk of the processing of the data is minimal. Indefinite. (Protocol Labs)

Your feedback

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To use feedback sent by users to improve the product. Personal data that a user may include in the text they write when sending feedback through an app store or any other means. Legitimate interest. The user intends for the data to be used for this purpose, and the risk of the processing of the data is minimal. 2 years.

Browser testing and research (Nightly, Dev, and Beta versions only)

Purpose of processingCategories of personal data processedLegal basis of processingDuration of storage
To fix problems in the Brave Browser by acting on issues highlighted by crash reports from Beta and Dev versions of the Browser Device model, iOS version, language, timezone, CPU architecture, carrier, connection status. Optional: Crash log (crash logs will also be sent if you opted-in when activating iOS) Optional: Comments and screenshots you share if you send feedback through TestFlight. Our interest in testing the product and fixing problems. The data are used in a way that does not negatively affect your rights or interests. Apple retains the data for one year. Brave may retain some crash reports indefinitely, if useful for testing.

Help with privacy settings in Brave

You can find guides on how to change privacy settings in Brave in the Help Center..

Contacting Brave about your personal data and privacy rights

To contact our data protection officer and privacy team with privacy related enquiries, or to exercise your data protection and privacy rights, email privacy@brave.com.

It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.

Where we process personal data about you (subject to laws such as the EU General Data Protection Regulation (GDPR), or California privacy laws such as the CCPA or CPRA), you have the following rights:

For EU residents, we have appointed a nominated representative under the GDPR to act on our behalf regarding GDPR compliance. You may contact our nominated representative if you wish; however, the representative will refer enquiries to Brave’s data protection officer for consideration.

Our EU nominated representative is:

Brave EU Nominated Representative
Care of Castlebridge
New Work Junction
Clonard, Wexford
Ireland

brave@gdprnomrep.eu

We’ll update this policy whenever we make material changes to our practices, and we’ll announce it to let you know. We hope you’ll find any changes agreeable, but if you’re not comfortable with changes to the info we collect or how we use it, we understand your choice to stop using Brave. 



  1. Personal data means any information that relates to an identified or identifiable living individual. In the USA, this is often referred to as Personal Information (PI) or Personally Identifiable Information (PII). These terms are equivalent but not identical.

    This can include information that can directly identify an individual—such as name or email address—and any other information that may make a person indirectly identifiable—such as online identifiers that could be combined with other data to identify an individual, or used on their own to single out individuals and distinguish one person from another with an intent to learn something about them or to take an action towards them. ↩︎ ↩︎