Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Brex's privacy policy explaining how the company collects and uses your personal and financial data when you use Brex corporate cards, expense management tools, or business banking services. The most important thing to know is that Brex collects extensive financial and behavioral data including your transaction history, bank account details, device information, and data from third-party sources like credit bureaus, and shares it with partners, service providers, and financial institutions. California residents have the right to request access to or deletion of their personal data by contacting Brex's privacy team at privacy@brex.com.
This document is Brex's Privacy Policy governing the collection, use, sharing, and retention of personal and financial data across Brex's business financial services platform, including corporate cards, expense management, and banking products, with its legal basis rooted in contractual necessity, legitimate interests, legal obligations, and consent depending on jurisdiction. The policy states Brex collects a broad range of data including identity information, financial account data, transaction records, device and usage data, and information from third-party data sources such as credit bureaus and identity verification providers, and the terms authorize use of this data for product delivery, fraud prevention, marketing, and analytics. The policy permits sharing of personal data with affiliates, service providers, financial institution partners, and third parties for compliance and business purposes, and asserts broad data use rights for internal analytics and product improvement that, while common in financial services, warrant review under applicable consumer financial privacy frameworks. The policy engages CCPA/CPRA for California residents, Gramm-Leach-Bliley Act (GLBA) obligations applicable to financial data, and GDPR-adjacent considerations for any EU-based users, with enforcement oversight from the CFPB and FTC given Brex's financial services context. Material compliance considerations include the adequacy of consent mechanisms for marketing communications, the scope of data sharing with financial institution partners, and the robustness of the data subject rights infrastructure for California residents.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Brex has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Financial Data Collection Scope (GLBA-Covered Information) and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.