Square updated their Square Privacy Notice on May 22, 2026. Change detected: 217 sentence(s) removed, 2 sentence(s) modified. Document contained 68 sentences after update.
Impact assessment pending documentation review.
Institutional analysis pending. This change has been verified and documented.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This addition explicitly discloses sensitive financial data collection practices, directly replacing the vague previous 'Use of Financial and Transaction Data' provision with concrete details about payment card and banking information collection.
This new provision discloses the collection of sensitive identity documents and biometric data, addressing a significant privacy practice not explicitly covered in the previous version.
This addition establishes compliance transparency for European users under GDPR/CPRA, representing an expansion of user rights disclosures beyond the US-only CCPA provisions in the previous version.
This detailed addition transparently discloses automatic tracking practices including device fingerprinting and cross-site behavioral monitoring, which was previously covered only vaguely under 'Targeted Advertising and Profiling.'
This provision was replaced by more specific provisions on 'Sharing Data with Advertising and Analytics Partners' and 'Automatic Collection of Device and Behavioral Data,' providing greater transparency through disaggregation.
This generic provision was superseded by jurisdiction-specific rights provisions ('California Consumer Privacy Rights' and 'GDPR Rights'), offering clearer disclosure of applicable rights based on user location.
This vague provision was replaced by the more explicit 'Collection of Payment and Financial Data' provision, providing users with specific details about what financial information is collected.
This provision was broken into more specific disclosures ('Collection of Payment and Financial Data' and 'Identity Verification and Biometric-Adjacent Data Collection'), providing granular transparency about sensitive data practices.
This provision was removed without explicit replacement, potentially reducing transparency about marketing communication practices and user opt-out mechanisms.
Previous version had empty excerpt for 'Third-Party Data Sharing'; current version provides detailed excerpt specifying advertising partners and analytics providers.
Previous version 'CCPA Opt-Out of Data Sale and Sharing' had empty excerpt; current version provides comprehensive excerpt covering all California consumer rights including access, deletion, opt-out, correction, and sensitive data limitations.
Previous version 'Data Retention After Account Closure' had empty excerpt; current version provides detailed excerpt clarifying retention duration based on service necessity and legal obligations without specific mention of post-closure scenarios.
Previous version 'Third-Party Data Sharing' had empty excerpt; current version provides detailed excerpt specifying affiliates and service providers with enumerated service categories.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff β MonitorSquare reorganized the reference list of related legal documents in their Privacy Notice on June 9, 2026. The document previously β¦
Square reordered a reference list of related terms and policies that follows its main waiver clause in the Terms of β¦
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liaβ¦
Get alerted when this policy changes again β including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.