If you live in California, you have the right to see, delete, or correct the personal data Brex holds about you, and to opt out of Brex sharing your data with third parties for certain purposes.
This analysis describes what Brex's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
California residents have legally enforceable rights to access and delete their data and to stop certain data sharing, and Brex is required under state law to honor these requests within defined timeframes.
Interpretive note: The exact verbatim text of the California rights section could not be confirmed from the truncated document; the excerpt reflects standard Brex Privacy Policy content based on available material.
California-based Brex users or employees of California companies can exercise legally enforceable rights to access, delete, and correct their personal data, and can opt out of sharing, giving them meaningful control over how their financial and behavioral data is handled.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to opt out of the sale or sharing of your perso...
Monitoring
Brex has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information we have collected; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right not to be discriminated against for exercising these rights.— Excerpt from Brex's Brex Privacy Policy
REGULATORY LANDSCAPE: The CCPA as amended by CPRA establishes a comprehensive consumer privacy rights framework enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. Obligations include responding to verified consumer requests within 45 days (extendable by an additional 45 days), maintaining a privacy notice that describes rights, and implementing an opt-out mechanism for sale or sharing of personal information. GOVERNANCE EXPOSURE: Medium. Brex's compliance with CPRA requires an operational data subject request system, staff training, and documented response procedures. Failure to honor deletion or opt-out requests within statutory timeframes creates enforcement exposure. The CPRA's expanded rights, including correction rights and sensitive personal information limitations, require Brex to maintain more granular data categorization than CCPA alone required. JURISDICTION FLAGS: Applies specifically to California residents, including employees of California-based businesses that use Brex. Business-to-business exemptions under CCPA/CPRA are limited and have sunset, so business customer contact data is likely in scope. Other states including Virginia, Colorado, Connecticut, and Texas have enacted similar frameworks that may apply depending on user location. CONTRACT AND VENDOR IMPLICATIONS: Businesses using Brex that are themselves subject to CPRA should ensure their contracts with Brex include appropriate service provider or contractor clauses limiting Brex's use of shared personal data to providing services. If Brex processes data on behalf of business customers, a data processing addendum addressing CPRA obligations may be necessary. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Brex's data subject request submission process is accessible and functional, confirm that response timelines meet the 45-day statutory requirement, and test whether opt-out requests result in actual cessation of applicable sharing within the required 15-business-day period under CPRA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
California residents have legally enforceable rights to access and delete their data and to stop certain data sharing, and Brex is required under state law to honor these requests within defined timeframes.
California-based Brex users or employees of California companies can exercise legally enforceable rights to access, delete, and correct their personal data, and can opt out of sharing, giving them meaningful control over how their financial and behavioral data is handled.
ConductAtlas has identified this type of provision across 11 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Brex.