Mercury collects your full identity information and detailed financial data including Social Security numbers, account numbers, transaction history, and balances when you open and use an account.
This analysis describes what Mercury's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This is the core data Mercury holds about you and your business, and its breadth means a wide range of sensitive financial and identity information is within Mercury's data environment.
Interpretive note: The full verbatim text of this provision was not entirely recoverable from the truncated HTML source; the excerpt reflects the policy's described scope based on available document text.
Mercury collects highly sensitive personal and financial identifiers including Social Security numbers and full transaction histories, which means account holders should understand that detailed financial profiles are created and retained under this policy.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Mercury has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide directly to us, such as when you create an account, make a transaction, or contact us for support. This includes personal identifiers such as your name, address, date of birth, Social Security number, employer identification number, email address, and phone number, as well as financial information such as bank account numbers, transaction history, account balances, and credit information.— Excerpt from Mercury's Mercury Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers, financial account data, and transaction history by a financial services platform implicates the Gramm-Leach-Bliley Act's Safeguards Rule, which requires financial institutions to implement reasonable security programs protecting customer financial information. The FTC enforces the Safeguards Rule against non-bank financial institutions, and the CFPB may have supervisory authority depending on Mercury's product structure. Collection of this data from California residents also engages CCPA's definition of sensitive personal information for Social Security numbers and financial account data, which carries heightened disclosure and opt-out obligations under CPRA. GOVERNANCE EXPOSURE: High. The collection of Social Security numbers, EINs, and full financial account data creates significant data security and regulatory obligations. A breach or unauthorized disclosure of this category of data would trigger notification obligations under state breach notification laws in virtually all U.S. jurisdictions, and could attract FTC and CFPB scrutiny under unfair or deceptive practices authority. JURISDICTION FLAGS: California residents have CCPA rights specifically applicable to Social Security numbers and financial account data as sensitive personal information under CPRA. New York's SHIELD Act and Illinois Personal Information Protection Act also impose security requirements on entities holding this data. Financial services entities in New York may face additional DFS cybersecurity regulation applicability. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or service provider receiving this data category must be covered by a data processing agreement that meets GLBA Safeguards Rule requirements and, for California data, CCPA contractor restrictions. Procurement teams should verify that Mercury's data processing agreements with downstream recipients address this data category specifically. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that data minimization practices are applied to sensitive identifiers such as SSNs and EINs, that access controls and encryption standards meet Safeguards Rule requirements, and that breach response procedures are current and tested. Data retention schedules for this category should be reviewed against applicable regulatory minimum and maximum retention periods.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This is the core data Mercury holds about you and your business, and its breadth means a wide range of sensitive financial and identity information is within Mercury's data environment.
Mercury collects highly sensitive personal and financial identifiers including Social Security numbers and full transaction histories, which means account holders should understand that detailed financial profiles are created and retained under this policy.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mercury.