California residents can ask Mercury what data it holds about them, request that data be deleted, and opt out of having their data sold or shared with third parties for advertising, without facing retaliation for doing so.
This analysis describes what Mercury's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These are legally enforceable rights under California law, meaning Mercury is required to honor them within defined response timelines, giving California-based business owners meaningful control over their data.
Interpretive note: The scope of CCPA rights applicable to Mercury may be partially limited by the GLBA exemption for data collected in connection with financial products, and the precise boundary of that exemption requires case-by-case analysis.
California-resident business owners and individuals associated with Mercury accounts can exercise access, deletion, and opt-out rights under CCPA, including opting out of data sharing for cross-context behavioral advertising, which provides a concrete mechanism to limit how Mercury uses and shares personal data.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to opt out of the sale or sharing of your perso...
If you are a California resident, you have the right to know what personal information we collect about you, the right to delete personal information we have collected from you, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of your personal informa...
Monitoring
Mercury has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, use, disclose, and sell, the right to request deletion of your personal information, the right to opt out of the sale or sharing of your personal information, and the right not to be discriminated against for exercising your privacy rights.— Excerpt from Mercury's Mercury Privacy Policy
REGULATORY LANDSCAPE: The California Consumer Privacy Act as amended by the California Privacy Rights Act grants California residents enumerated rights including access, deletion, correction, portability, and opt-out of sale or sharing of personal information. Mercury as a financial services platform must evaluate the interaction between CCPA and GLBA, as data collected and used primarily for financial services purposes may qualify for the GLBA exemption under CCPA, though this exemption is entity-level and data-specific and requires careful mapping. The California Privacy Protection Agency enforces CPRA, and violations may result in civil penalties. GOVERNANCE EXPOSURE: High. The interaction between GLBA and CCPA for financial services companies is a complex compliance area. Where data falls outside the GLBA exemption, full CCPA rights apply. Mercury must maintain operational capability to respond to access, deletion, correction, and opt-out requests within CCPA's statutory timelines, currently 45 days with one 45-day extension. JURISDICTION FLAGS: These rights apply specifically to California residents. Other states including Colorado, Virginia, Texas, and others have enacted comparable privacy laws that may create similar obligations for Mercury with respect to residents of those states, though the specific rights and timelines vary by jurisdiction. CONTRACT AND VENDOR IMPLICATIONS: Mercury's service provider and third-party data sharing agreements must be structured to allow Mercury to fulfill deletion and correction requests downstream. Vendors who receive personal data from Mercury must be contractually obligated to cooperate with data subject requests within statutory timelines. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Mercury's data subject request intake, verification, and fulfillment workflows meet CCPA's technical requirements, that opt-out signals including Global Privacy Control are recognized where required, and that the GLBA/CCPA exemption analysis is documented and current. Annual CCPA compliance reviews should include audit of request response timelines and rates.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These are legally enforceable rights under California law, meaning Mercury is required to honor them within defined response timelines, giving California-based business owners meaningful control over their data.
California-resident business owners and individuals associated with Mercury accounts can exercise access, deletion, and opt-out rights under CCPA, including opting out of data sharing for cross-context behavioral advertising, which provides a concrete mechanism to limit how Mercury uses and shares personal data.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mercury.