Skip to main content

Transparency Page

Pedro Furtado
Updated

Welcome to our transparency page. Here at PICNIC, we believe you should understand exactly how your financial technology works. We are not a bank, nor a traditional brokerage. We are something new. We are the technology of your financial freedom.

Recently, we have dedicated considerable time to thoroughly reviewing our operational structure. We have been working intensively on consolidating our Pure DeFi model.

The purpose of this document is to clarify how PICNIC operates and how we ensure our actions comply with current legislation.

 

1. What are we?

PICNIC is a non-custodial DeFi interface aggregator.

Technically, we are a tool that translates complex smart contract operations into a simplified user experience. 

When you use PICNIC, you are using our software to send commands directly to the public Blockchain. This means we only provide the necessary software interface for the user to interact with the Blockchain. At no point do the user's assets pass through accounts owned by PICNIC; our software simply allows you to allocate your capital directly into protocols, without human or centralized intermediaries.

Our platform operates under the self-custody model. The legal relationship established is a software use license, where the technological tool allows the user to exercise their financial sovereignty, maintaining exclusive control over their private keys and the final execution of any transaction.

 

2. How does our technology work?

Technologically, PICNIC operates under a non-custodial software architecture. This means our platform strictly acts as a graphical interface for interacting with the Blockchain, never holding possession of the assets. 

The technical operation is based on four pillars:

  • Cryptography and local storage (your private key): When using PICNIC, a digital wallet is generated for the user. Control of this wallet depends on a private key. For security architecture, PICNIC does not have access to this key. Today, your security relies on Magic's cutting-edge technology (HSM) to protect your key. Very soon, with the arrival of Passkeys in PICNIC v1, we will take a step further: the key that controls your account will be generated and stored exclusively on your phone or computer. This means you will have 100% custody and control of your wallet, with maximum security from your hardware.
  • Transaction signing: Our software's role is to translate your intention into code. When you decide to perform an operation, the final validation — the "digital signature" — occurs on your device. You authorize the transaction before it is transmitted to the network.
  • Direct settlement on the blockchain: Traditional banks and brokerages use an "Internal Ledger." When you see your balance there, you see a promise of payment, not necessarily the actual asset real. In Picnic, financial settlement occurs without intermediaries: assets move from your wallet directly to the smart contracts (automated protocols) on the Blockchain. At no point do funds pass through bank accounts or wallets owned by PICNIC. 

Source: Appinvestiv

Understanding DeFi Architecture

To understand why PICNIC is not a bank, it's essential to grasp the fundamental shift that Decentralized Finance (DeFi) has brought: the change in the trust locus.

In DeFi, trust is placed in public and auditable code: a smart contract (see section 5 for more details). This creates a deterministic execution environment: if the contract rules are met, the outcome invariably occurs, without the possibility of censorship or human intervention.

1. The Block Structure

The DeFi ecosystem is not random; it follows a logical "layered" architecture, comparable to building a digital structure (based on the Schär, 2021 model).

  • Layer 1 - Settlement: It's the solid ground. Here are the Blockchain (like Ethereum or Gnosis) and their native assets. It ensures that transactions are irreversible and publicly recorded.
  • Layer 2 - Assets: On the foundation, tokens are created (like the ERC-20 standard). It's the digital representation of value that allows different currencies to "communicate" with each other.
  • Layer 3 - Protocols: These are the sets of Smart Contracts that define the rules, such as Decentralized Exchanges (DEXs - e.g., Uniswap).
  • Layer 4 - Application: These are the visual interfaces that allow you to look inside the contracts and interact with them.
  • Layer 5 - Aggregation: This is where PICNIC operates. We connect various protocols simultaneously, allowing you to compare and access the best opportunities in a single simplified interface.

Source: Schär (2021, p. 157)

 

3. Legislation and Framework

It's crucial to dispel a common misconception: PICNIC does not operate in a legal vacuum.

The fact that our business model is distinct does not exempt us from responsibilities. On the contrary: as a global platform, Picnic operates in strict compliance with the legal framework of the countries where we are present.

Our operations are governed by a complex matrix of regulations that ensure user safety, data privacy, and the integrity of commercial operations. Although PICNIC is a non-custodial technology provider, we have an ethical and legal commitment to prevent our software from being used to facilitate illicit activities. Our compliance policy is based on community protection and adherence to global anti-money laundering (AML), counter-terrorism financing (CFT), and economic sanctions regulations.

  • The typical prudential requirements for custodians — such as asset segregation and capital requirements — are designed to mitigate counterparty risk (fraud, bankruptcy, commingling). In self-custodial software like Picnic, these risks do not exist. 
  • There are other risks involved in self-custody, such as permanent loss of private keys, phishing, or potential code failures. Regarding these risks, we are actively and continuously working to alert and ensure they do not occur with users who use our technology.

3.1. Why are we not a regulated Financial Institution or Virtual Asset Service Provider?

We operate as Technology Providers (Software as a Service). For this reason, in the current model, we understand that our structure does not fit into the regulatory categories of financial institutions or virtual asset service providers, precisely because our architecture is different.

A. We are not "Custodians"

To be a custodian, the institution needs to have control of the private keys or the ability to move funds on behalf of the client. Our technology is self-custodial. We do not have your private key. Without the key, it is technically impossible for us to transfer, freeze, or confiscate your funds. Without possession of this cryptographic code, there is no effective control over the asset in a decentralized network. It is the technical ability to make transactions on behalf of the client — and the consequent power of exclusion of third parties — that attracts the qualified duty of diligence of a potential custodian. Furthermore, your funds never pass through a Picnic account, nor do we have any control over them, as they are stored directly on the Blockchain and can only be transferred with possession of your private key. 

B. We are not "Intermediaries"

Intermediaries have the social purpose of acting "on behalf of third parties." Their primary function is order execution and business management, encompassing activities such as buying, selling, and exchanging assets, portfolio management, and acting as a fiduciary agent. It is noted that the core of this activity is agency: the intermediary connects ends or manages strategies, operating as a transactional intermediary or resource manager, without necessarily holding the definitive custody of assets for deposit purposes.

By regulation, an Intermediary is a company that acts "on behalf and order of third parties." It's like a broker who receives an order from you and goes to the market to execute it on your behalf. We do not act on your behalf. We are the technology that you use to transact on your own behalf directly on the blockchain.

  • Picnic functions like a browser (Google Chrome, for example), which allows you to access your bank's website and make a Pix, but the browser is not the bank nor the financial intermediary. It is just the technological tool. Similarly, we are the interface (SaaS) that connects you directly to the Blockchain. The legal relationship is You ↔ Blockchain.

C. We are not "Brokers/Exchanges" 

Brokers (like exchanges) are hybrid entities that mix the two functions above: they hold the funds (custody) and make the exchanges (intermediation).

Moreover, we do not maintain an internal "Order Book" and do not match buy and sell orders internally - another typical brokerage activity - because you transact and transfer your funds directly on the Blockchain. 

  • The Picnic reality: In light of the described operational architecture, we understand that Picnic does not fit into the typical activities of custody, intermediation, or brokerage, especially because it does not hold control over private keys, does not execute orders on behalf of the user, and does not maintain an internal order book.

What are we then?

Picnic acts as a technology service provider. We provide an interface for you to access the DeFi ecosystem - primarily in Decentralized Protocols (DEXs) on the public Blockchain. In specific cases where we use partner liquidity aggregators to ensure better rates, the operation continues to follow the non-custodial principle: settlement is direct to your wallet.

We understand that regulation has come - and very timely - to mitigate risks associated with financial institutions and exchanges (counterparty risk, insolvency, commingling, etc.). At Picnic, since your funds are not under our custody and we do not perform intermediation, the typical prudential rules and risks do not apply to our software architecture.

  • We work with partners for fund entry/exit to the traditional financial market. Our partners are regulated Virtual Asset Service Providers, but the difference is that they make the exchange and send the stablecoins directly to your self-custody at Picnic. Everything that touches the traditional financial market is regulated - our technology operates on top of these regulated institutions to ensure that the final possession of your assets is yours.

 

4. Reports

Many users ask us: "Does Picnic send my data and balances to the IRS, like traditional brokerages do?"

Picnic, as a non-custodial software provider and under current legislation, does not report to the IRS. However, incoming transactions (Pix) are processed by regulated partners in Brazil who comply with current regulations.

This is not a matter of choice, but a consequence of our technological architecture and current legislation (RFB Normative Instruction No. 2291/2025). Understand why:

Under current legislation, specifically Art. 5º, II, b, of IN 2291/2025, reporting operations carried out on decentralized platforms not based in Brazil is the obligation of the individual or entity resident and domiciled in Brazil.

Since PICNIC does not hold custody, does not process transactions centrally, and is not based in Brazil, we understand that we do not fall under the reporting obligations applicable to traditional exchanges. Thus, fiscal transparency before the Brazilian IRS is the direct and individual responsibility of each user. 

"But do you have my CPF?" Yes, we store your registration data (such as CPF and email). We do this for two practical reasons of User Experience (UX) and functionality:

  1. Connection with partners: For you to acquire virtual assets with Pix (via our partner BRLA) or issue your Debit Card (via Gnosis Pay), these partner financial institutions require your identification.
  2. Ease of access: We store your data so you don't have to fill out complex forms every time you open the app.
  • In summary: To process your payments in Reais (Pix), we use regulated partners in Brazil who comply with applicable regulations. Article 5º (II) of IN RFB 2291/2025 establishes the rule that: when operations are carried out on decentralized platforms (DeFi) located outside Brazil, the obligation to report these movements falls on the user (you).

5. Why are Smart Contracts Secure?

You may have heard that Picnic operates via smart contracts. But what does this mean for the security of your money?

A smart contract is a self-executing software. It's a computer program that lives on the Blockchain and follows an unbreakable mathematical logic:

"IF [condition X happens] → THEN [action Y is executed]"

To understand the security of this, imagine a vending machine:

  1. "IF you insert $5.00 and press button A1 → THEN the machine dispenses the soda."
  2. You don't need to trust that a vendor will take your money and give you the product. You don't need to say "please." The machine is programmed to do only that. It can't take your money and say "not today."

At Picnic, we use this same logic.

In the traditional system, when you make a transfer, you rely on an intermediary institution, like a bank or brokerage. With Smart Contracts, the operation is:

  • Deterministic: If you have a balance and sign the transaction with your key, the transfer happens. There's no "maybe." It's pure mathematics.
  • Impartial: The code doesn't know who you are, has no biases, and doesn't get tired. It treats everyone equally at all times.
  • Auditable: The rules of the game are public. Anyone in the world can read the code and verify that it does exactly what it promises to do.

Picnic connects you to the most tested and audited smart contracts in the world. These are protocols that process billions of dollars daily for years, without failures. We build the interface so you can use this infrastructure.

  • Transparency requires us to be direct: Although in the smart contracts we use, failures are events of rare occurrence and technical complexity, code risks are possible in any technological system. Therefore, some type of failure may occur.
  • Therefore, at Picnic, security is not a finished product but a continuous process. We work tirelessly monitoring updates, following global audits, and reviewing protocols to ensure the integrity of your assets is always protected.

6. Risk Awareness Statement

By opting for self-custody, you eliminate the risk of the institution going bankrupt and taking your funds, but you assume full responsibility for the security of your access. It is essential that you understand the following points:

  1. Impossibility of password recovery: Since Picnic does not have access to your private key, we do not have the technical ability to recover your funds or reset your password if you lose access to your device or your backup credentials (seed phrase/recovery keys).
  2. Irreversibility of transactions: Transactions on the Blockchain are immutable. Once you sign an operation (send funds), it cannot be undone, canceled, or reversed by Picnic.
  3. Device security: The protection of your assets ultimately resides in the security of your device. Although the key is protected by external security modules (Magic), the final decryption step occurs locally. Therefore, if your hardware is compromised by malware or accessed by third parties, the security barrier is broken. The integrity of your access environment and understanding of the risks associated with this architecture are your sole responsibility.

 

7. What happens if Picnic ceases to exist?

This is the ultimate proof of our non-custodial nature. If PICNIC went offline today, your funds would remain protected on the blockchain, as they are not with us, but in a smart contract under your exclusive control.

  • To access them, you would use your private key in any interface that supports smart wallets (like Safe). By connecting your key, you regain full control over your assets and can transfer them wherever you wish. PICNIC is just the gateway; the key and the vault are yours.

We do not touch your funds. And, therefore, your assets remain under your absolute control.

  • Attention: transactions on the blockchain are irreversible

8. The Picnic Card: real economy and cutting-edge technology

The Picnic Card is not just a payment method; it's a tool for financial efficiency and freedom. It was designed to solve two problems: the abusive fees of international travel and the lack of control over one's own assets in traditional prepaid cards.

A. Cost efficiency and operational structure

One of the main questions from our users is about the cost composition when using Picnic for international travel. The efficiency of our model is based on the legal nature of the assets we use.

Understand what you are acquiring: When loading your balance on Picnic, you are performing a purchase operation of Virtual Assets (like USDC or USDT), supported by Law 14.478/2022 (Legal Framework for Cryptoassets).

  • In the traditional model: When you acquire foreign currency (dollar or euro) in banks, a foreign exchange operation occurs on which the IOF-Exchange is levied.
  • In the Picnic model: The acquisition of stablecoins is legally treated as the purchase of a digital asset. It is the purchase of a digital asset, not foreign fiat currency.

The Practical Result: By using blockchain technology to transact your assets globally, you access an optimized cost structure. Your purchasing power is preserved because the technology allows you to use your digital assets directly.

B. A Self-Custodial Card

The Picnic Card is built on the principle of self-custody.

You remain in full control of your funds — before, during, and after each transaction. Unlike brokerages that require custody, Picnic, via Gnosis Pay, allows you to spend directly from your personal wallet (Smart Wallet).

What does this mean in practice?

  • Only you access and approve the funds. 
  • Your funds are never touched by Picnic. 
  • All transactions are recorded on the network (on-chain) and can be independently verified.

C. How the Technology Works

To allow a Blockchain wallet to pass a Visa card, we use Smart Contracts that apply security modules to your wallet:

  • Roles Module: It acts as a shield for your account. It authorizes the card system to move only a specific token to a single, secure destination. Thus, the card operates in an "isolated corridor," without any power over the rest of your assets.
  • Delay Module: To ensure security and accuracy of balances on the blockchain, transactions outside card use have a 3-minute interval. This time is essential to avoid processing conflicts (double spending) and maintain the total integrity of your smart wallet.

Security Tip: We recommend using your Picnic wallet as a "Spending Vault". Keep only the amount you intend to use daily or while traveling, managing it independently from your long-term savings.

D. If the card is decentralized, why do we ask for KYC (Documents)?

Although your wallet is self-custodial and decentralized, the Picnic Card, via Gnosis Pay, connects this new world to the Visa network, which is a traditional and regulated financial system. For Visa to accept processing your payments in millions of establishments worldwide, it is mandatory to comply with KYC (Know Your Customer) and anti-money laundering regulations.

We ask for your data only to issue the card and meet this requirement of the brand, but this does not give us the power to control or confiscate your assets on the Blockchain.

 

 

Attention: at Picnic, you operate with digital dollars (USDC), a stablecoin backed by US dollars. The exchange rate may vary, and the final valid value is always the one displayed on the confirmation screen at the time of the transaction.
About Picnic: we are a software interface for self-custody of digital assets. This means your account is self-managed: you are solely responsible for your assets and for protecting your credentials and understanding the financial products you use.
Past performance does not guarantee future results. Picnic does not provide investment advice.
Picnic only communicates through the @usepicnic.com domain. If you receive communication from another domain or channel requesting any action related to your account, treat it as a fraud attempt and report it to oi@usepicnic.com.
Transactions on the blockchain are irreversible.

Related articles