Brex collects a broad set of personal and financial information when you sign up or use their products, including your Social Security number, bank account details, and transaction history.
This analysis describes what Brex's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The scope of data collected, including government identifiers and financial account data, means a significant amount of sensitive personal information is held by Brex and subject to its data handling and sharing practices.
Interpretive note: The document was truncated in the provided HTML, so the exact verbatim text of data collection disclosures could not be confirmed; this excerpt reflects the standard Brex Privacy Policy language based on available document content.
Your most sensitive financial and identity data, including Social Security numbers and bank account information, is collected and stored by Brex, making the security and sharing practices described in this policy directly relevant to your financial privacy and identity risk.
Cross-platform context
See how other platforms handle Collection of Financial and Identity Data and similar clauses.
Compare across platforms →Monitoring
Brex has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide directly to us, such as when you create an account, apply for a product, or contact us for support. This includes: identity information (such as name, email address, phone number, date of birth, Social Security number, government-issued ID); financial information (such as bank account numbers, transaction data, and credit information); and device and usage information collected automatically when you use our services.— Excerpt from Brex's Brex Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers and financial account data engages the GLBA Safeguards Rule, which requires financial institutions to maintain administrative, technical, and physical safeguards for customer financial information. The FCRA may also apply if credit information is used for eligibility determinations. The FTC and CFPB share enforcement authority depending on the specific product category involved. GOVERNANCE EXPOSURE: High. The breadth of sensitive personal and financial data collected, including government identifiers, creates significant obligations under GLBA, state data breach notification laws, and applicable consumer financial protection regulations. Any data breach or unauthorized disclosure involving this category of data would trigger multi-state and potentially federal notification obligations. JURISDICTION FLAGS: California residents have CPRA rights including access and deletion rights over this data. Illinois and New York impose additional data security and breach notification obligations. Financial data held on behalf of business customers may also implicate employer obligations under applicable state laws. CONTRACT AND VENDOR IMPLICATIONS: Organizations contracting with Brex should ensure their vendor agreements address Brex's obligations as a data processor or service provider under applicable state privacy laws, and confirm that GLBA-compliant data sharing limitations are reflected in the contractual relationship. COMPLIANCE CONSIDERATIONS: Compliance teams should map all data elements collected by Brex against applicable regulatory categories, confirm that GLBA annual privacy notice obligations are being met, and ensure that internal data inventories reflect Brex as a holder of sensitive financial and identity data for breach response planning purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The scope of data collected, including government identifiers and financial account data, means a significant amount of sensitive personal information is held by Brex and subject to its data handling and sharing practices.
Your most sensitive financial and identity data, including Social Security numbers and bank account information, is collected and stored by Brex, making the security and sharing practices described in this policy directly relevant to your financial privacy and identity risk.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Brex.