[cosn]

> What protections are in place to protect customers financial transaction information and will that information be sold, lent, or shared with any outside parties?

[I work at Brex]

Data privacy is something we’re really passionate about. We’ve had strong stance internally since we launched the Brex card, and a few weeks ago we made that publicly available, in a very transparent way (https://brex.com/privacy). Tl;dr: we do not and will not sell any personal information.

You can read more about it here: https://brex.com/blog/privacy-policy-update/

[otterley]

> Tl;dr: we do not and will not sell any personal information.

Ok, you won't sell it; but will you give it to third parties (even without payment) without the consent of the subject beyond the extent required by law?

(BTW, this was the weasel-language used by Facebook. They didn't sell information to Cambridge Analytica, but they conveyed it to them anyway, where it was misused.)

[cosn]

> Ok, you won't sell it; but will you give it to third parties (even without payment) without the consent of the subject beyond the extent required by law?

[I work at Brex, and I’m not a lawyer :)]

Yes, you’re right in that we work with a small number of 3rd party systems which go through a rigorous screening, much of it focused on how they store and secure data. These systems are either for internal monitoring (e.g., system logging), or for running the business (e.g., KYC).

[justincarrao]

[I also work at Brex]

One more thing worth mentioning about 3rd parties: our contracts explicitly do not allow them to use your personal information for their own purposes or for marketing.

[all_blue_chucks]

What is your Infosec budget and how big is your Infosec team?

[JaimeThompson]

Thank you for the response!