[go: up one dir, main page]
Mercury logoThe logo for Mercury, featuring a circular emblem with abstract, interconnected swirling lines on the left, and the word "MERCURY" in clean, uppercase letters to the right.

Mercury Privacy Policy

Notice at Collection

Last Updated

April 6, 2026

At Mercury, we’re building radically different financial products for businesses and individuals alike, and trust is the gravity that holds it all together. We know that earning your trust starts with respecting your privacy. The information you share with us powers your accounts, your transactions, and your financial life. That’s why we’re committed to handling your Personal Information thoughtfully and transparently. 

This Mercury Privacy Policy ("Privacy Policy") describes how Mercury Technologies, Inc., together with its affiliates and subsidiaries (collectively “Mercury,” “we,” “our,” or “us”) collects, uses, discloses, and protects your Personal Information, and the rights you have regarding it.

Key Takeaways

Here’s the short version:

  • We collect Personal Information to open and operate accounts, verify identity, process transactions, prevent fraud, comply with law, improve Mercury, and communicate with you.
  • We may collect information directly from you, automatically through your use of our Services, and from trusted third parties such as identity verification providers, credit bureaus, financial institutions, marketing partners, and integration providers.
  • We may disclose information to affiliates, service providers, business partners, credit bureaus, advertising and analytics providers, regulators, and others as required or permitted by law. We do not sell Personal Information for money, but some advertising-related data sharing may be considered “sale” or “sharing” under certain U.S. laws.
  • We retain information as long as necessary to provide our Services, comply with legal and regulatory obligations, prevent fraud, resolve disputes, and enforce our agreements.
  • We use security safeguards designed to protect your information, though no system can be guaranteed 100% secure.
  • Depending on where you live, you may have rights to access, correct, delete, restrict, or opt out of certain uses of your Personal Information.

For full details, continue reading below. 

1. Scope

This Privacy Policy applies wherever Mercury meets you: Mercury’s websites, mobile applications, and financial products or other Mercury programs (collectively, the “Services”), as well as when you participate at in-person or online events, or otherwise communicate or interact with Mercury, including through emails, social media, referrals, or other marketing activities we may conduct.

“Personal Information” in this Privacy Policy means information that relates to an identified or identifiable individual or household, or that is linked or linkable to them. Personal Information does not include:

  • Publicly available information
  • De-identified or aggregated information that cannot reasonably identify you

Certain Mercury financial products may also have separate privacy disclosures. For Mercury Personal Banking, please refer to the Mercury Consumer Financial Privacy Notice to learn more about how we treat your Personal Information.

2. Personal Information We Collect

2.1. Categories of Personal Information We Collect

We collect information necessary to operate our business and provide you with our Services, including the following categories of Personal Information:

  • Contact information and personal identifiers, such as your full name, email address, phone number, mailing address, date of birth, government-issued identifiers (e.g., social security number or tax ID), and other unique personal identifiers (e.g., IP address). 
  • Financial and commercial information, such as bank account details, transaction history, account balances, ownership information, and business formation documents.
  • Professional or employment information, such as company name, job title, company affiliation, ownership percentage, and business role. 
  • Biometric information, such as voiceprint, facial scan, and biometrics extracted from a photograph or image.
  • Demographic information, such as your age, gender, veteran status, citizenship, and marital status.
  • Internet or other electronic network activity information, such as browser characteristics, device IDs and characteristics, operating system version information, browsing history, cookies, and similar tracking technologies.
  • Geolocation data, such as approximate location derived from IP address.
  • Inferences drawn from any information identified in this section to create a profile about you, reflecting your preferences and characteristics.
  • Audio and/or Video Recordings, such as recording your voice and image during sales, support, research, and customer feedback calls or meetings unless you opt-out or do not provide consent.
  • Sensitive Personal Information. Under California law, certain information we collect may be considered Sensitive Personal Information, including:
    • Government-issued identifiers, such as your driver’s license, passport, state identification card, or social security number
    • Financial account numbers (including credit and debit card number or details)
    • Account login credentials, such as username and password
    • Biometric information for the purposes of uniquely identifying a California resident
    • We only use or share Sensitive Personal Information as allowed by law.
  • Other Personal Information you choose to provide, such as information you provide when you contact us for assistance with our Services, information you enter into a survey or chat, or any other information you may provide when using or interacting with Mercury.

2.2 Personal Information We Process on Behalf of Businesses and Through Integrations

If you use Mercury for business purposes, we may process Personal Information about individuals connected to your business. This may include:

  • Employees
  • Contractors
  • Authorized Users
  • Vendors
  • Customers
  • Other third parties you transact with through the Services 

We may collect this information when you provide it to us directly or when it is transmitted through your use of the Services.

If you choose to use third-party integrations like external bank accounts, accounting system integrations, e-commerce platforms, payment processors, HR systems, and workplace integrations, we may receive information made available through those integrations at your direction.

We use this information to:

  • Provide and operate our Services
  • Enable authorized users to access accounts
  • Process transactions
  • Detect and prevent fraud
  • Support integrations you choose to enable
  • Communicate about our Services

Where we process Personal Information on behalf of a business customer, we do so in accordance with our agreements with that customer and applicable law. In those situations, the business customer is responsible for ensuring it has a lawful basis to provide Personal Information to Mercury.

3. Sources of Personal Information

Information reaches us in three primary ways: from you, from your activity, and from trusted partners. We collect this information as described further below:

Directly From You

Information you provide when you:

  • Apply for or open an account
  • Use our Services
  • Communicate with us
  • Enable integrations
  • Refer individuals to Mercury

Automatically Through Your Use of the Services

We collect information automatically through cookies, device identifiers, log files, and similar technologies when you interact with our website or applications.

From Third Parties

We may receive Personal Information about you from: 

  • Affiliates and Subsidiaries for operational and administrative purposes.
  • Business Partners and Service Providers, including identity verification providers, fraud partners, financial institutions, payment networks, and integration providers to offer and provide our products and services, and to support our core business functions.
  • Credit Bureau and Agencies to obtain third-party information, including consumer and/or commercial credit reports, to assess creditworthiness, determine risk and fraud profiles, and support underwriting decisions. 
  • Marketing and Analytics Partners, which may include, data providers, referral partners, and advertising networks, where permitted by law. 
  • Publicly Available Sources, including corporate registries, government databases, and other publicly accessible information.

4. How We Use Information 

Your information keeps our Services running securely, responsibly, and in compliance with law. We may use some or all of the Personal Information we collect from and about you to: 

  • Provide, operate, and maintain our products and Services. For example, we may use your information to process your application, complete transactions, verify identity, service or manage your account, and communicate with you about your account or our products and Services. 
  • Provide customer service, such as fulfilling orders, communicating with you, and responding to customer requests. 
  • Detect, prevent, and respond to fraud and security incidents. For example, we may use your information for authentication, to maintain the safety and security of our business, manage risk, investigate suspicious activity, and detect, prevent and defend against potential security incidents, fraudulent transactions or breach of agreements. 
  • Market or advertise to you, in compliance with law. We may use your information to develop, send, and measure advertising, direct marketing, and communications about our existing, new, or updated products and Services. 
  • Communicate with you. For example, to participate in surveys or ask for feedback on our Services, and send you notices or updates. 
  • Improve and develop products and features, like making innovative features as useful as possible to our customers and customizing your experience, research and analysis, and troubleshooting issues with the Services, including debugging to identify and repair errors that impair functionality.
  • Develop de-identified, aggregated, and/or anonymized information through techniques that do not allow us to identify you. Once the information is modified, we may use and share it to improve our products, understand trends, and operate our business. 
  • Comply with applicable laws and regulations, and as otherwise permitted by law. 
  • Process requests at your direction, such as connecting your account to a third-party service or fulfilling requests.
  • Process information with notice and your consent where we may otherwise use information we collect after providing you with notice and obtaining your consent. Where we rely on consent, you may withdraw it at any time with respect to future processing.

5. Data Retention

We retain Personal Information only as long as necessary, and use the following factors to determine the retention period:

  • Provide and maintain our Services
  • Comply with legal and regulatory obligations
  • Meet tax, accounting, and financial reporting requirements
  • Prevent fraud and maintain security
  • Resolve disputes and enforce our agreements
  • Establish, exercise or defend our legal rights

Because Mercury operates in a regulated financial environment, certain information may be retained for extended periods as required by law or industry standards. 

6. How We Disclose Personal Information

Bringing you radically different financial tools takes collaboration, and when we disclose Personal Information, it’s for clear and defined purposes. We may disclose your Personal Information with:

  • Affiliates and Subsidiaries that support our core business functions to provide you with the Services, offer you additional products or Services, and to operate the Mercury Customer Referral Program.
  • Service Providers that provide services to us, or to you on our behalf. Service providers support our operations such as those processing payments and orders, maintaining databases, identity verification, billing, providing credit, complying with governmental or quasi-governmental reporting, collection services, email delivery, marketing, or customer service.
  • Merchants with whom we do business for the purpose of delivering gift cards to you or other people or entities.
  • Business Partners, such as those companies offering joint promotions with us or our partner banks. 
  • Credit Bureaus and Agencies.
  • Social/advertising networks and data analytics providers, to conduct analytics and place advertisements on our behalf on third-party websites and services.
  • Parties involved in a corporate transaction, such as a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in bankruptcy or similar proceedings). 
  • Regulators, law enforcement, or other government entities where required by law or if we have a good faith belief that such action is necessary or appropriate. For example, to respond to a court order or subpoena, protect ourselves, enforce our terms and conditions, and investigate suspicious or potentially fraudulent activity.
  • Other third parties based on your request or authorization.

We may work with advertising partners, social platforms, and analytics providers to help people discover Mercury and to understand how our Services perform. We do not sell Personal Information in exchange for money. However, like many online companies, we use cookies and similar technologies that may be considered a “sale” or “sharing” under certain U.S. privacy laws because they involve information used for advertising purposes. We do not knowingly share or sell Personal Information of minors under 16 years of age. 

We may share information that has been aggregated, anonymized, and/or deidentified such that it cannot reasonably be linked to you. This type of information helps us conduct research, analyze trends, improve our Services, and better understand how Mercury is used. We do not attempt to re-identify de-identified information, except as permitted or required by law.

In the past 12 months, we have disclosed the following categories of Personal Information as shown in the chart below for our business purposes.

Category of Personal Information
Category of Third Parties Disclosed To
Contact Information Personal Identifiers
  • Affiliates and Subsidiaries
  • Service Providers
  • Merchants
  • Business Partners
  • Credit Bureaus and Agencies
  • Social/Advertising Networks and Analytics Providers
  • Regulators, Law Enforcement, or Government Entities
Financial and Commercial Information
  • Affiliates and Subsidiaries
  • Service Providers
  • Business Partners
  • Regulators, Law Enforcement, or Government Entities
Biometric Information
  • Affiliates and Subsidiaries
  • Service Providers
Demographic Information
  • Affiliates and Subsidiaries
  • Service Providers
  • Business Partners
  • Credit Bureaus and Agencies
  • Regulators, Law Enforcement, or Government Entities
Internet or Other Electronic Network Activity Information
  • Affiliates and Subsidiaries
  • Service Providers
  • Social/Advertising Networks
  • Analytics Providers
Geolocation Data
  • Affiliates and Subsidiaries
  • Service Providers
  • Analytics Providers
  • Regulators, Law Enforcement, or Government Entities
Professional or Employment Information
  • Affiliates and Subsidiaries
  • Service Providers
  • Business Partners
Inferences
  • Affiliates and Subsidiaries
Audio and/or Video Recordings
  • Affiliates and Subsidiaries
  • Service Providers
  • Business Partners
  • Regulators, Law Enforcement, or Government Entities
Sensitive Personal Information
  • Affiliates and Subsidiaries
  • Service Providers
  • Business Partners
  • Regulators, Law Enforcement, or Government Entities
  • Credit Bureaus and Agencies

7. Artificial Intelligence and Machine Learning

7.1. How we use AI

We use artificial intelligence (“AI”) and machine learning technologies to enhance security, streamline operations, and deliver personalized, efficient services for our customers. We may apply these tools to analyze information we collect for purposes such as verifying documents, categorizing businesses, detecting fraud, supporting customer service, evaluating credit applications, categorizing transactions, and other legitimate functions. While AI helps us work faster and smarter, we do not rely on it alone to make decisions that could have legal consequences, financial implications, or otherwise materially affect your rights or access to our services. Such decisions always involve appropriate human oversight. We regularly monitor our AI systems for fairness, accuracy, and security.

7.2. How you use AI

We offer Mercury AI to allow users to analyze their financial data. Since machine learning systems make predictions based on patterns, Mercury AI may occasionally generate information that isn’t accurate. When you use Mercury AI, you should not rely on output from Mercury AI as a single source of truth or fact, and understand that it is not a substitute for professional legal, financial, or tax advice. You must evaluate any output for accuracy and appropriateness before use. 

8. Cookies And Other Tracking Technologies 

We use modern tools to make Mercury fast, secure, and intuitive - not invasive. We, and our third-party partners, use cookies, pixels, log files, and similar technologies (collectively, “Tracking Technologies”) to operate, secure, and improve our Services. These tools help us:

  • Authenticate users
  • Prevent fraud
  • Understand product performance
  • Improve usability
  • Measure communication engagement, and
  • Provide relevant content

Where required by law, we rely on consent for non-essential cookies.

8.1. What are Cookies?

“Cookies” are small text files stored on your browser or device when you visit a website. They help the website recognize your device, remember preferences, and understand how the site is being used. 

We also use similar tools such as pixels, web beacons, and log files. These technologies help us measure performance, improve usability, and understand engagement with our websites, emails, and Services in general.

8.2. The Types of Cookies We Use

We use different types of cookies for different purposes: 

  • Essential Cookies. These are required for Mercury to function properly. They help with things like:
    • Logging you in securely
    • Preventing fraud
    • Maintaining account sessions, and
    • Enabling core features.

 Without these cookies, parts of the Services will not work. 

  • Analytic and Performance Cookies. These help us understand how people use Mercury so we can improve it. For example, they may tell us:
    • Which pages are visited most often
    • How users navigate the site, or
    • If something isn’t working as expected. 

We may use third-party analytics providers (such as Google Analytics) to help us analyze usage patterns. For more information about Google Analytics, please review the site “How Google uses information from sites or apps that use our services,” located at https://google.com/policies/privacy/partners/. To opt out of Google Analytics specifically, please go to https://tools.google.com/dlpage/gaoptout. Please note that by blocking any or all cookies, you may not be able to use the full functionality of our Services.

  • Functional cookies. These remember choices you make - like preferences or settings - so your experience feels consistent and personalized. 
  • Advertising and Interest-Based Cookies. We may work with third-party advertising partners who use cookies and other Tracking Technologies to:
    • Measure the effectiveness of our ads
    • Show Mercury ads on other websites or platforms, and
    • Personalize advertising based on your interactions with our Services. 

This is sometimes called “interest-based” or “cross-context behavioral” advertising, as we may share, or permit third party online advertising networks and other third-party services, to collect, information about your use of our Services over time so that they may display ads that may be relevant to your interests on our Services as well as on other websites or apps, or on other devices you may use. 

Under certain U.S. privacy laws, the use of these technologies may be considered “sharing” or a “sale” of Personal Information, even though we do not exchange your information for money.

You can opt out of certain types of advertising-related tracking through:

Please note that opting out does not mean you will stop seeing ads, just that the ads you see may be less personalized. As many of these options are based on cookies or set at the browser or device level, you may need to separately opt out on other browsers or devices. Likewise if you clear your cookies, you may need to opt out again.

If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at [email protected].

Cookie Name
Provider
Purpose
__tld__
Segment
Analytics
_dd_s
Datadog
Essential
_fbc
Facebook Ads
Advertising
_fbp
Facebook Ads
Advertising
_gid
Google Analytics
Analytics
_uetmsclkid
Bing Ads
Advertising
_uetsid
Bing Ads
Advertising
_uetvid
Bing Ads
Advertising
^_ga.*
Google Analytics
Analytics
^_gac_.*
Google Ads
Advertising
^_gcl.*
Google Analytics
Analytics
^_gd.*
Google Analytics
Analytics
^ab\.storage\.deviceId\..*
Braze
Advertising, Analytics
^ab\.storage\.sessionId\..*
Braze
Advertising, Analytics
^ajs_anonymous_id.*
Segment
Analytics
^amp_.*
Amplitude
Analytics
^amplitude_.*
Amplitude
Analytics
^amplitude_id.*
Amplitude
Analytics
^dd_cookie_test_.*
Datadog
Essential
^dd_site_test_.*
Datadog
Functional
^dmn_chk_.+
PostHog
Analytics
^intercom-id-.*
Intercom
Functional
^intercom-session-.*
Intercom
Functional
^mp_.*_mixpanel$
Mixpanel
Analytics
ajs_user_id
Segment
Analytics
analytics_session_id
Amplitude
Analytics
analytics_session_id.last_access
Amplitude
Analytics
AWSALB
Amazon Web Services (AWS)
Essential
AWSALBCORS
Amazon Web Services (AWS)
Essential
canSeePerks_sandbox
Miscellaneous
Essential
li_adsId
LinkedIn Ads
Advertising
muxData
Mux
Essential
ph_phc_[A-Za-z0-9]+_posthog
PostHog
Analytics
rbuid
Rockerbox
Advertising
tcm
Transcend
Essential
userLoggedIn_sandbox
Miscellaneous
Essential

8.3. ‘Do Not Track’ Signals

Some browsers may offer a “Do Not Track” setting. Because there is no consistent industry standard for how to respond to these signals, we are unable to respond to your browser’s ‘Do Not Track’ signal at this time. 

Where required by applicable law, we honor legally recognized opt-out preference signals, such as the Global Privacy Control (GPC), and rely on consent for the use of non-essential cookies.

To learn more about privacy rights available in certain jurisdictions, please review the Your Privacy Rights and Choices section of this Policy.

8.4. Linking to Other Websites and Services

Our Services may contain links to other third-party websites or services. Those third parties operate independently and have their own privacy policies. We are not responsible for the privacy practices or content of third-party sites, and we encourage you to review their policies before providing Personal Information.

9. Your Privacy Rights and Choices

Here’s how you can control your information, both inside the product and under the law.

Depending on where you live, you may have rights and choices regarding your Personal Information. We’ve outlined them below.

9.1. Everyday Controls

Some things you can manage directly:

  • Account Information. You may update certain profile information and sharing preferences through your account settings. 
  • Device Permissions. You may control our access to your mobile device features (such as location, contacts, camera, or photos) through your device’s system settings. 
  • Marketing Communications. You can opt out of promotional emails at any time by clicking “unsubscribe” in the message. You will continue to receive service-related communications (e.g., account notifications, transactional messages, and security alerts), as these are necessary to operate your account.

9.2. Legal Privacy Rights

If you are located in certain jurisdictions with privacy laws, you may have the following rights:

9.2.1. Right to Know/Access

You may request:

  • The categories and specific pieces of Personal Information we have collected about you
  • The categories of sources from which it was collected
  • The purposes for which it was used
  • The categories of third parties with whom it was shared
  • Information about disclosures or “sales”/“sharing” (as defined by applicable law)

Where required, we will provide this information in a portable format.

9.2.2. Right to Correct

You may request that we correct inaccurate Personal Information. 

9.2.3. Right to Delete

You may request deletion of your Personal Information, subject to certain exceptions (for example, where we must retain information to comply with legal obligations or prevent fraud).

9.2.4. Right to Restrict, Object, or Limit Use

In certain circumstances, you may object to or request that we restrict certain processing of your Personal Information. In California, residents have the right to request that we limit the use of Sensitive Personal Information to purposes permitted by law. However, we do not use or disclose Sensitive Personal Information for purposes beyond those permitted by law.

9.2.5. Right to Opt Out of Sale or Sharing

You may have the right to opt out of the “sale” or “sharing” of Personal Information, as defined under applicable law. You may exercise this right by clicking the “Your Privacy Choices” link at the bottom of our page or enabling GPC.  

9.2.6. Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.2.7. Right to Appeal

If we deny your request, you may have the right to appeal our decision, depending on your jurisdiction. You may contact us as indicated below. Please include “Privacy Request Appeal” in the subject line. We will review your appeal and provide a response within the required timeframe.

9.3. How to Exercise Your Rights

To submit a privacy request, please contact us at: [email protected]

To protect your information, we will verify your identity before fulfilling your request. Verification may require:

  • Logging into your account
  • Confirming identifying information 
  • Providing additional documentation where necessary

We will respond within the timeframe required by applicable law.

Please note that certain requests may be denied where permitted by law. For example, for personal accounts, some Personal Information we may process may be subject to federal laws that are exempt from U.S. state privacy laws. As a result, some requests may be denied in part based on the applicability of these exemptions. For more information on personal accounts, please refer to the Mercury Consumer Financial Privacy Notice to learn more about how we treat your Personal Information.

Additionally, Mercury’s Services are available to business customers. The Personal Information in a business account is governed by our agreement with the business.You should direct any questions about Personal Information we are processing on behalf of a business customer directly to that business.

9.4. Authorized Agents

In some jurisdictions, you may designate an authorized agent to submit a request on your behalf.

We may require:

  • Written authorization signed by you
  • Proof of the agent’s identity
  • Verification of your identity

If we cannot verify both the request and the authority of the agent, we may deny the request.

9.5. Complaints (EEA/UK/Canadian Residents)

If you are located in the European Economic Area or the United Kingdom and believe we have not complied with applicable data protections laws, you have the right to lodge a complaint with your local supervisory authority.

For example, UK residents may contact the Information Commissioner’s Office (ICO). A list of EU supervisory authorities is available through the European Data Protection Board.

Canadian residents may file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial commissioner.

10. International Data Transfers

Mercury is headquartered in the United States, and we may store and process Personal Information in the United States or any other country in which we or our affiliates, business partners, or service providers operate. 

Our Services are primarily intended for individuals and businesses operating in the United States. If you are located outside the United States, your Personal Information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. When we transfer Personal Information across borders, we implement safeguards required under applicable law. For example, for transfers from the European Economic Area or United Kingdom, we rely on approved contractual protections (such as Standard Contractual Clauses) and additional technical and organizational safeguards designed to ensure your information remains protected. 

11. How We Protect Your Information

Security is part of the design, not an afterthought. We care about the security of your Personal Information and while we use reasonable efforts to protect your Personal Information from unauthorized access, use, or disclosure, no system can be guaranteed 100% secure.  If we are required by law to notify you of a security incident impacting your Personal Information, we will do so in accordance with applicable law. Please visit our Trust Center to learn more about how we protect your personal information.

12. Children 

Mercury is built for businesses and adults. Our services are not directed at children under 13, and we do not knowingly collect Personal Information from anyone under the age of 13. If you are a parent or guardian and believe that we might have any Personal Information from your minor, please contact us at [email protected].

13. Changes To This Privacy Policy

As Mercury evolves, this Privacy Policy may too. We may update this Privacy Policy from time to time. If changes are material, we will update the ‘Last Updated’ date at the top of this page and provide notice where required. Any changes to this Privacy Policy are effective when posted on our website. 

14. Contact Information

Questions about privacy? Let’s talk.

Contact us at [email protected]

Table of Contents

Disclaimers and footnotes

Mercury is a fintech company, not an FDIC-insured bank. Banking services provided through Choice Financial Group and Column N.A., Members FDIC. Deposit insurance covers the failure of an insured bank.