Brex shares your personal and financial data with affiliated companies, outside vendors, and the banks or financial institutions that power its products.
This analysis describes what Brex's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sharing with financial institution partners means your data may flow to third-party banks and payment networks, expanding the number of entities that hold your sensitive financial information beyond Brex itself.
Interpretive note: The document was truncated; exact partner categories and opt-out mechanisms described in the full policy could not be fully verified from available text.
Your transaction data, identity information, and financial account details may be shared with multiple external parties including banks, payment processors, and service vendors, each of which maintains its own data practices and security posture.
Cross-platform context
See how other platforms handle Sharing with Third Parties and Financial Institution Partners and similar clauses.
Compare across platforms →Monitoring
Brex has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information with: our affiliates and subsidiaries; service providers that perform services on our behalf; financial institution partners in connection with the products and services we offer; and other third parties as required by law or to protect our rights.— Excerpt from Brex's Brex Privacy Policy
REGULATORY LANDSCAPE: Sharing of nonpublic personal financial information with third parties is regulated under the GLBA Privacy Rule, which requires financial institutions to provide notice and, for certain sharing with non-affiliated third parties, an opt-out right. The FTC enforces GLBA against non-bank financial service providers. CPRA additionally grants California residents the right to opt out of the sale or sharing of personal information. GOVERNANCE EXPOSURE: High. The breadth of permitted sharing, particularly with financial institution partners and service providers, creates obligations to maintain contractual data protection requirements with each recipient and to ensure that downstream use limitations are enforced. Failure to maintain adequate contractual controls with service providers can expose Brex and its business customers to regulatory liability. JURISDICTION FLAGS: California CPRA opt-out rights for sharing of personal information apply. EU/EEA users would require adequate transfer mechanisms for any cross-border data flows. GLBA obligations apply nationally for financial data sharing. CONTRACT AND VENDOR IMPLICATIONS: Business customers should confirm whether their agreements with Brex characterize Brex as a data processor, service provider, or controller, as this affects the scope of data protection obligations and indemnification rights. Procurement teams should request Brex's sub-processor list and data processing addendum. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether Brex's data sharing disclosures satisfy GLBA annual privacy notice content requirements, whether opt-out mechanisms are available and functional, and whether the list of financial institution partners and service providers is disclosed with sufficient specificity for downstream data mapping.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sharing with financial institution partners means your data may flow to third-party banks and payment networks, expanding the number of entities that hold your sensitive financial information beyond Brex itself.
Your transaction data, identity information, and financial account details may be shared with multiple external parties including banks, payment processors, and service vendors, each of which maintains its own data practices and security posture.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Brex.