Revised June 6, 2018
1. Data That Brex Collects
General. We collect Usage Data when you use the Services or our website. Collection of specific Usage Data depends on the manner in which you engage with our website and the Services. For example, we collect Usage Data when you visit our website (such as the IP address or browser type) or provide Personal Data to us through our website (such as providing us your name, email address, or phone number); and we collect transactional information when you access or use, or attempt to access or use the Services (such as using a Card to make a purchase). Usage Data may be personal to you or your Card, while other data may be provided to us by payment networks or other third parties. Collection of Usage Data is described in more detail below.
** Using the Services.** Our Services are contracted for by Companies for use exclusively by Employees. We collect Personal Data from Employees who control or open the Brex Account for the Company, and on specific Employees who will be using the Services (such as collecting the name, email address, or phone number of an Employee who will be issued a Card). Where you do not provide Personal Data when required—or where if it is inaccurate, out-of-date, or unable to be validated—we may prohibit your or Company’s use of the Services.
2. How We Use Data
Improving Our Website, Products, and Services. We will use Personal Data and Usage Data to improve usability of our website and the Services, and to offer other Services we believe may be of interest to you. We may improve usability of the website and the Services by analyzing how you interact with our website and the Services (such as analyzing how you use tools made available to you or which links you click).
Providing the Services. We will use Personal Data to provide the Services the Company or its Employees request from us. This may require us to share Personal Data with third parties to complete or evaluate the risk of transactions initiated using products or services we provide. We may also share Personal Data with Third-Party Service Providers as directed by a Company or Employees.
Understanding Usage of the Services and Fraud Detection. We will use Personal Data and Usage Data to understand how Company or Employees are using the Services, and use this data to improve or change user experience. Usage Data may include location or mobile data used to service legitimate transactions, to detect potentially fraudulent or unauthorized transactions, or for internal reporting or analysis.
Reporting, Analyzing Performance, and Auditing. We or Third-Party Service Providers acting on our behalf will use Personal Data and Usage Data for reporting, analyzing performance, and performing audits that may be limited to specific Personal Data or Usage Data, or that may be aggregated. This may be done by using Personal Data or Usage Data on its own or in combination with Third-Party Data.
3. Sharing Data
We share Personal Data with Third-Party Service Providers or as requested by a Company or its Employees. We also share Personal Data with regulators, law enforcement, financial services providers, or other authorized third parties as required by law.
We may reasonably transform Personal Data into De-identified Data by anonymizing it or by aggregating or combining it with other data to mask its relation to particular individuals. De-Identified Data is no longer Personal Data and we may use De-Identified Data and share it publicly or with third parties without your permission.
5. International Users and Personal Data Export
Our Services are operated from and directed toward Companies in the United States, for exclusive use by Employees. Any Personal Data we collect may be transferred to, processed, used, handled, and stored in the United States or other countries through our service providers. Personal Data protection laws in the United States may differ from those of the country you are located in and your Personal Data may be subject government requests or subpoenas, court orders, or law enforcement according to United States law.
5. Other Important Information About Data Usage
Security. We use organizational, technical, and administrative measures to protect Personal Data and Usage Data; however, no data security program is entirely secure. Please contact us immediately if you believe that your Personal Data, Usage Data or any other data provided to us is not secure or has been lost or stolen.
Use by Minors. We do not direct any of our Services to children under 13 years of age. Please do not provide any children’s Personal Data to us.
6. Contacting Us
If you have any questions about how Brex uses Personal Data or Usage Data, please contact us. If you prefer physical mail you can reach us at Brex Inc., Attn: Legal, 115 Sansome Street, Suite 1200, San Francisco, CA 94104.
##7. Defined Terms
- Brex Account means the corporate account maintained by Company to use Services and manage Cards.
- Cards means physical or virtual payment cards issued by a bank issuer and managed through your Brex Account.
- Company means a company that applies for the Services, opens a Brex Account, and that authorizes Users to access and use Services.
- De-Identified Data means data derived from Personal Data that has been anonymized or aggregated with other data and that can no longer be used to identify a specific individual.
- Employees means the employees, contractors, and agents of a Company.
- Services means the expense and corporate card management services, Cards and other services provided through your Brex Account.
- "Third-Party Data means data provided by financial services providers, identity verification services, data aggregators, or other Third-Party Service Providers.
- Third-Party Services means services provided a Third-Party Service Provider.
- Third-Party Service Provider means an affiliate or other third party that that assists us in providing the Services to you, that supports our internal operations, or that provides other services related or connected to, or provided through the Services and a Brex Account.
- Usage Data means information we collect when you visit our website and use the Services, and may contain Personal Data.