What personal data flows occur when using Brave Rewards or connected wallets?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Brave’s Rewards and Wallet ecosystem is designed to keep most ad-related signals local while requiring certain data flows when users connect a payout account or use custodial/on‑ramp services; connecting a custodial partner associates identifiable payment metadata with that partner and with Brave’s Rewards IDs in limited form [1] [2] [3]. Self‑custody via Brave Wallet keeps private keys local, but using swaps, on‑ramps, or custodial payouts creates transactional data flows to third parties that may include wallet addresses, IPs, amounts, custodial IDs and country codes [4] [2] [5].
1. How Brave Rewards and connected wallets actually link together
Brave Rewards (BAT earnings) requires a payout destination: users can connect a self‑custody wallet (Brave Wallet) or a custodial account from partners like Uphold, Gemini, bitFlyer or ZebPay; connecting gives Brave a destination to deposit BAT and unlocks full Rewards features [6] [1] [7]. A “connected Brave Rewards profile” therefore means a linkage between a Rewards Payment ID and either a custody provider ID or a self‑custody wallet address [8] [2].
2. What Brave says stays on device — and what it means
Brave emphasizes that ad matching and Brave Ads events are processed locally so browsing history and ad‑viewing activity “never leaves your browser,” using privacy‑preserving cryptographic protocols to anonymize automatic contributions and ad events [1] [9]. That design limits Big Tech‑style profiling inside Brave itself, but this claim applies primarily to ad targeting and Auto‑Contribute telemetry rather than to payment or custody operations [1] [9].
3. Data flows to custodial partners when accounts are connected
When a custodial account is connected, Brave receives some data from the custodial partner and, importantly, the custodian can see and record on‑demand contribution details such as amount and recipient; Brave warns users that custodians store personal account data for linked accounts and may record transaction details [3] [5]. Brave’s privacy page states that three elements become associated with a Rewards Payment ID when using custodial partners: a custodian ID, deposit address(es), and a country code — concrete identifiers that link on‑chain movements to custody accounts [2].
4. Self‑custody reduces third‑party exposure but not all metadata leakage
Using Brave Wallet as self‑custody keeps private keys and wallet management local to the device and Brave describes the Wallet as self‑custody where the user alone manages assets [7] [4]. However, certain operations like swaps, DEX aggregation, or blockchain interactions require sending wallet addresses and transaction data to third‑party aggregators (0x, Jupiter) or to services that will also process IP addresses to fulfil quotes and transactions — Brave says these parties “will ONLY use this data to fulfill the transaction” [2].
5. Third‑party on‑ramps, exchanges and sanctions checks create additional flows
Brave uses on‑ramp partners and exchanges for fiat‑to‑crypto and custodial linking; Brave says it proxies some requests in certain circumstances to avoid connecting requests to a user’s IP and aggregates anonymized statistics for transaction volumes, but it also passes wallet addresses/transactional data to service providers when necessary and enforces sanctions checks using an embedded SDN list [2]. That means compliance and payment routing create unavoidable exposures to partners and to the data those partners retain [2].
6. User control, deletion and the limits of Brave’s promises
Brave documents processes to request deletion of transaction data and clarifies that personal data for linked custodial accounts is stored by the custodians (Uphold, Gemini, bitFlyer) not Brave — a signal that users must deal with those providers’ policies for account data rights [5]. Brave also highlights that automatic contributions are anonymized, while on‑demand contributions from custodial accounts are visible to custodians, creating a clear divide in privacy outcomes depending on feature choices [9] [3].
7. Conclusion — tradeoffs, transparency and what to watch
The Brave architecture delivers real privacy advantages for ad‑related signals by keeping them local, but any payout, swap, on‑ramp or custodial connection necessarily routes personal and transaction metadata to external partners (custodian IDs, deposit addresses, country codes, amounts, recipients, sometimes IPs), and custodians control much of the stored personal data [1] [2] [5]. Users seeking maximal privacy must weigh the tradeoff: self‑custody limits how much outside parties can link earnings to identities, while connecting custodial accounts provides convenience at the cost of sharing identifiable payment metadata with third parties [7] [3].