CA-C-002264
Square β€” Square Privacy Notice
Entity
Date detected
May 22, 2026
Severity
Changes
−217 sentences removed · 2 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch Square Get alerts when this policy changes.
Watch β€” Free

Event Summary

Square updated their Square Privacy Notice on May 22, 2026. Change detected: 217 sentence(s) removed, 2 sentence(s) modified. Document contained 68 sentences after update.

UNKNOWN

Consumer Impact

Impact assessment pending documentation review.

Governance Analysis

Institutional analysis pending. This change has been verified and documented.

These clauses may change again. Get alerted when they do. Watch Square β€” Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
f2057841ee1584f119ed39d7578f56e7c47566a35e3d8d4f616783bc8def602d
May 5, 2026 06:10 UTC
✓ Verified
Current Version
8d2837a10ddd180aac3c2ca56d6ccd4c039b94eea68720d05bf065e6dde7add1
May 22, 2026 00:51 UTC
✓ Verified
Change Detected
May 22, 2026 00:51 UTC
Analysis Methodology
Citation Record
Entity: Square
Document: Square Privacy Notice
Record ID: CA-C-002264
Captured: 2026-05-22 00:51:53 UTC
URL: https://conductatlas.com/change/2026-05-22-square-square-privacy-notice-2264/
Accessed: July 8, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Clause-Level Changes

New Provisions Added
Collection of Payment and Financial Data
High

This addition explicitly discloses sensitive financial data collection practices, directly replacing the vague previous 'Use of Financial and Transaction Data' provision with concrete details about payment card and banking information collection.

Full clause text available with Compliance. See Compliance β†’
Identity Verification and Biometric-Adjacent Data Collection
High

This new provision discloses the collection of sensitive identity documents and biometric data, addressing a significant privacy practice not explicitly covered in the previous version.

Full clause text available with Compliance. See Compliance β†’
GDPR Rights for EEA and UK Users
Medium

This addition establishes compliance transparency for European users under GDPR/CPRA, representing an expansion of user rights disclosures beyond the US-only CCPA provisions in the previous version.

Full clause text available with Compliance. See Compliance β†’
Automatic Collection of Device and Behavioral Data
Medium

This detailed addition transparently discloses automatic tracking practices including device fingerprinting and cross-site behavioral monitoring, which was previously covered only vaguely under 'Targeted Advertising and Profiling.'

Full clause text available with Compliance. See Compliance β†’
Provisions Removed
Targeted Advertising and Profiling
High

This provision was replaced by more specific provisions on 'Sharing Data with Advertising and Analytics Partners' and 'Automatic Collection of Device and Behavioral Data,' providing greater transparency through disaggregation.

Removed clause text available with Compliance. See Compliance β†’
Right to Access, Delete, and Correct Personal Data
Medium

This generic provision was superseded by jurisdiction-specific rights provisions ('California Consumer Privacy Rights' and 'GDPR Rights'), offering clearer disclosure of applicable rights based on user location.

Removed clause text available with Compliance. See Compliance β†’
Use of Financial and Transaction Data
Medium

This vague provision was replaced by the more explicit 'Collection of Payment and Financial Data' provision, providing users with specific details about what financial information is collected.

Removed clause text available with Compliance. See Compliance β†’
Sensitive Personal Information Collection and Use
High

This provision was broken into more specific disclosures ('Collection of Payment and Financial Data' and 'Identity Verification and Biometric-Adjacent Data Collection'), providing granular transparency about sensitive data practices.

Removed clause text available with Compliance. See Compliance β†’
Marketing Communications and Opt-Out
Low

This provision was removed without explicit replacement, potentially reducing transparency about marketing communication practices and user opt-out mechanisms.

Removed clause text available with Compliance. See Compliance β†’
Provisions Modified
Sharing Data with Advertising and Analytics Partners
High

Previous version had empty excerpt for 'Third-Party Data Sharing'; current version provides detailed excerpt specifying advertising partners and analytics providers.

Before/after clause text available with Compliance. See Compliance β†’
California Consumer Privacy Rights (CCPA/CPRA)
Medium

Previous version 'CCPA Opt-Out of Data Sale and Sharing' had empty excerpt; current version provides comprehensive excerpt covering all California consumer rights including access, deletion, opt-out, correction, and sensitive data limitations.

Before/after clause text available with Compliance. See Compliance β†’
Data Retention
Low

Previous version 'Data Retention After Account Closure' had empty excerpt; current version provides detailed excerpt clarifying retention duration based on service necessity and legal obligations without specific mention of post-closure scenarios.

Before/after clause text available with Compliance. See Compliance β†’
Data Sharing with Affiliates and Service Providers
Medium

Previous version 'Third-Party Data Sharing' had empty excerpt; current version provides detailed excerpt specifying affiliates and service providers with enumerated service categories.

Before/after clause text available with Compliance. See Compliance β†’

Cross-platform context

See how other platforms handle similar provisions across the ConductAtlas archive.

Compare across platforms → Browse regulations →

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff β€” Monitor

Document Context

Version history β†’ Policy drift analysis β†’ Document page β†’
Document
Square Privacy Notice
Entity
Square
Captured
May 22, 2026
Source URL
https://squareup.com/us/en/legal/general/privacy
Other changes to Square Privacy Notice
Previous change May 5, 2026
Square reorganized the list of links to its various legal documents and service terms in the footer of its Privacy …
Low Neutral
Next change May 30, 2026
Square updated its Privacy Notice on May 30, 2026, substantially expanding the document with 217 new sentences and modifying 2 …
Low Neutral
View full version history →
More from Square
Jun 9, 2026 Low
Square Privacy Notice

Square reorganized the reference list of related legal documents in their Privacy Notice on June 9, 2026. The document previously …

Jun 9, 2026 Low
Square Terms of Service

Square reordered a reference list of related terms and policies that follows its main waiver clause in the Terms of …

Jun 2, 2026 Unknown
Square Privacy Notice
Related Analysis
Privacy · April 29, 2026
What 38 AI Companies Actually Say About Your Data (2026)

We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…

Track Square policy changes

Get alerted when this policy changes again β€” including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.