Mercury collects your full identity information and detailed financial data including Social Security numbers, account numbers, transaction history, and balances when you open and use an account.
This analysis describes what Mercury's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This is the core data Mercury holds about you and your business, and its breadth means a wide range of sensitive financial and identity information is within Mercury's data environment.
Interpretive note: The full verbatim text of this provision was not entirely recoverable from the truncated HTML source; the excerpt reflects the policy's described scope based on available document text.
Mercury collects highly sensitive personal and financial identifiers including Social Security numbers and full transaction histories, which means account holders should understand that detailed financial profiles are created and retained under this policy.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Mercury has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide directly to us, such as when you create an account, make a transaction, or contact us for support. This includes personal identifiers such as your name, address, date of birth, Social Security number, employer identification number, email address, and phone number, as well as financial information such as bank account numbers, transaction history, account balances, and credit information.— Excerpt from Mercury's Mercury Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers, financial account data, and transaction history by a financial services platform implicates the Gramm-Leach-Bliley Act's Safeguards Rule, which requires financial institutions to implement reasonable security programs protecting customer financial information. The FTC enforces the Safeguards Rule against non-bank financial institutions, and the CFPB may have supervisory authority depending on Mercury's product structure. Collection of this data from California residents also engages CCPA's definition of sensitive personal information for Social Security numbers and financial account data, which carries heightened disclosure and opt-out obligations under CPRA. GOVERNANCE EXPOSURE: High. The collection of Social Security numbers, EINs, and full financial account data creates significant data security and regulatory obligations. A breach or unauthorized disclosure of this category of data would trigger notification obligations under state breach notification laws in virtually all U.S. jurisdictions, and could attract FTC and CFPB scrutiny under unfair or deceptive practices authority. JURISDICTION FLAGS: California residents have CCPA rights specifically applicable to Social Security numbers and financial account data as sensitive personal information under CPRA. New York's SHIELD Act and Illinois Personal Information Protection Act also impose security requirements on entities holding this data. Financial services entities in New York may face additional DFS cybersecurity regulation applicability. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or service provider receiving this data category must be covered by a data processing agreement that meets GLBA Safeguards Rule requirements and, for California data, CCPA contractor restrictions. Procurement teams should verify that Mercury's data processing agreements with downstream recipients address this data category specifically. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that data minimization practices are applied to sensitive identifiers such as SSNs and EINs, that access controls and encryption standards meet Safeguards Rule requirements, and that breach response procedures are current and tested. Data retention schedules for this category should be reviewed against applicable regulatory minimum and maximum retention periods.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This is the core data Mercury holds about you and your business, and its breadth means a wide range of sensitive financial and identity information is within Mercury's data environment.
Mercury collects highly sensitive personal and financial identifiers including Social Security numbers and full transaction histories, which means account holders should understand that detailed financial profiles are created and retained under this policy.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mercury.