When a business opens a Mercury account, personal information about the business's owners and other authorized individuals is also collected and processed, even if those individuals are not the primary account applicant.
This analysis describes what Mercury's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Individual employees, owners, and signatories associated with a Mercury business account have their personal data collected and governed by this policy, which may not be obvious to those individuals who did not themselves sign up for Mercury.
Interpretive note: The precise scope of individual data subject rights for beneficial owners and authorized users under Mercury's policy is not fully detailed in the available document text.
Business owners and authorized users who are associated with a Mercury account have their personal identity and financial data collected under this policy, potentially without independent notice or consent as individuals.
Cross-platform context
See how other platforms handle Collection of Beneficial Owner and Authorized User Data and similar clauses.
Compare across platforms →Monitoring
Mercury has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you open a business account with us, we collect information about the beneficial owners and authorized signatories of your business, including personal identifiers, identity verification information, and financial information. Individuals associated with your account may also be subject to this Privacy Policy.— Excerpt from Mercury's Mercury Privacy Policy
REGULATORY LANDSCAPE: Collection of personal data from beneficial owners and authorized users at account opening is required under FinCEN's Customer Due Diligence Rule for financial institutions, which mandates collection of beneficial ownership information. However, using or sharing that data beyond CDD purposes may engage additional legal bases. CCPA rights apply to California-resident beneficial owners and authorized users as individual data subjects, not just to the business entity, which creates operational complexity in honoring data subject requests. GOVERNANCE EXPOSURE: Medium. The data rights of beneficial owners and authorized users as individuals are distinct from the rights of the business entity. Compliance teams at Mercury and at customer organizations should assess whether these individuals receive appropriate privacy notices and whether their data subject rights are operationally accessible. JURISDICTION FLAGS: California-resident beneficial owners and authorized users have CCPA rights including access, deletion, and correction rights as individual data subjects. Financial institutions in New York may face additional requirements under DFS regulations regarding individual data collected during business account onboarding. CONTRACT AND VENDOR IMPLICATIONS: Organizations onboarding Mercury should disclose to their own employees and beneficial owners that personal data will be submitted to Mercury and processed under Mercury's privacy policy. Failure to do so may create internal privacy compliance gaps, particularly for companies with EU/EEA employees whose data is submitted during account setup. COMPLIANCE CONSIDERATIONS: Mercury's compliance team should ensure that individual data subjects whose data is collected as part of business account onboarding receive adequate privacy notice, even if that notice is delivered through the business account applicant. Data subject request workflows should be capable of handling requests from individuals who are not the primary account holder.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Individual employees, owners, and signatories associated with a Mercury business account have their personal data collected and governed by this policy, which may not be obvious to those individuals who did not themselves sign up for Mercury.
Business owners and authorized users who are associated with a Mercury account have their personal identity and financial data collected under this policy, potentially without independent notice or consent as individuals.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mercury.