What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy operates across multiple regulatory frameworks simultaneously. For EU and EEA users, GDPR applies, requiring a lawful basis for each processing purpose, data subject rights fulfillment, and data transfer safeguards for transfers outside the EEA. For UK users, UK GDPR and the Data Protection Act 2018 govern. For California residents, CCPA and CPRA apply, including rights to know, delete, correct, and opt out of sale or sharing of personal information for cross-c…

How does GOAT's GOAT Privacy Policy affect users?

The policy establishes that GOAT collects purchase history, device data, geolocation, and behavioral inferences, and authorizes sharing this information with third-party business partners for their own marketing purposes. Users may submit requests for data access, deletion, or opt-out through GOAT's designated privacy request process. California residents and EU users may exercise additional rights to opt out of the sale or sharing of personal information for cross-context behavioral advertisin…

How often is GOAT's GOAT Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when GOAT updates this document?

Yes. Monitor subscribers ($19/month) can add GOAT to their watchlist and receive same-day email alerts whenever this document or any other GOAT document changes.

CA-D-000736

GOAT Privacy Policy

GOAT

Last change detected May 9, 2026 Privacy policy

SHA-256: 0787144e6e94c8f94e2… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at GOAT ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

7 Medium severity

0 Low severity

Summary

This document establishes GOAT's data collection and processing practices for users of its sneaker and apparel marketplace platform. The policy authorizes GOAT to collect personal information including name, address, payment details, device identifiers, geolocation data, and behavioral inferences, and permits sharing this information with third-party business partners for their marketing and advertising purposes. The policy establishes data subject rights for California residents and EU users, including mechanisms to request access to, deletion of, or opt-out from certain data processing activities.

Technical / Legal Breakdown

This document is GOAT's Privacy Policy, governing the collection, use, and sharing of personal information across GOAT's global platform for sneakers, apparel, and accessories, with stated applicability to users in the US, EU, UK, Canada, Australia, and other jurisdictions. The policy states that GOAT collects a broad range of personal data including identifiers, commercial transaction data, device and usage information, geolocation data, payment information, and inferences drawn from user behavior, and the terms authorize use of this data for purposes including marketing, advertising, analytics, and sharing with third-party business partners and service providers. The policy's authorization to share data with 'business partners' for their own marketing purposes, and to derive behavioral inferences from user activity, represents a scope of secondary data use that consumers may not anticipate from a retail platform, though applicable law in various jurisdictions may constrain how broadly these authorizations can be exercised in practice. The policy engages GDPR and UK GDPR for EU and UK residents, the California Consumer Privacy Act and California Privacy Rights Act for California residents, and general FTC Act consumer protection standards; rights afforded vary materially by jurisdiction, with EU and California users receiving more substantive access, deletion, and opt-out entitlements than users in other regions. Compliance teams should note the policy's simultaneous operation across multiple regulatory regimes, the inclusion of targeted advertising opt-out mechanisms, and the broad framing of 'business partners' as data recipients, each of which warrants careful mapping against applicable legal obligations.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 9, 2026

low

What changed GOAT updated its privacy policy to clarify how it shares your phone number and other contact information with shipping partners for delivery notifications. The policy now explicitly states that shipping carriers may send you text messages with tracking updates, delivery scheduling, and confirmations directly on GOAT's behalf. The update also specifies that message rates may apply, message frequency varies based on order activity, and you can opt out of delivery texts without affecting security-related messages like authentication codes.

Why this matters The updated policy establishes clearer disclosure of how GOAT handles phone number sharing with shipping partners. Under the revised terms, your phone number and order information may be shared with shipping carriers so they can send you delivery-related text messages, including tracking updates, delivery scheduling, and confirmations. The policy now specifies that message and data rates may apply and that message frequency varies based on your order activity. You can opt out of delivery-related text messages by replying STOP or clicking unsubscribe links, though this does not affect security-related messages such as multifactor authentication codes.

View full change record →

High — 1 provision

Third-Party Business Partner Data Sharing for Marketing Compare →

GOAT can share your personal data with business partners who may use it for their own marketing, meaning companies outside GOAT could receive your information and use it to target you with their own ads or promotions.

Added May 10, 2026 Standard Seen across 252 platforms

Medium — 7 provisions

Behavioral Inference Collection and Use Compare →

GOAT builds a profile of your interests and preferences based on how you use the platform, including what you search for, browse, and buy, and uses these inferences to inform how it markets to you.

Added May 10, 2026 Standard Seen across 284 platforms
California Opt-Out Rights (Sale and Sharing) Compare →

California users have the legal right to stop GOAT from selling or sharing their personal data for targeted advertising, and can do so by clicking a designated link on the platform.

Added May 10, 2026 Standard Seen across 284 platforms
Geolocation Data Collection Compare →

GOAT may collect your precise location data when you use the app or website, and uses it for both service delivery and other purposes including those described elsewhere in the policy such as advertising and analytics.

Added May 10, 2026 Standard Seen across 284 platforms
Children's Privacy Restriction Compare →

GOAT does not intend its platform for users under 18 and states it will delete any personal information it discovers was collected from someone under 18.

Added May 10, 2026 Standard Seen across 284 platforms
Cookie and Tracking Technology Use Compare →

GOAT uses a range of tracking tools including cookies and pixels to monitor how you use its website and app, collecting technical identifiers and behavioral data about your browsing patterns.

Added May 10, 2026 Common Seen across 170 platforms
Data Retention Compare →

GOAT keeps your personal data for as long as it considers necessary for business and legal purposes, without specifying a fixed retention period for most data types.

Added May 10, 2026 Standard Seen across 284 platforms
GDPR and UK User Rights Compare →

EU and UK users have specific legal rights over their personal data held by GOAT, including the right to access it, correct it, have it deleted, limit how it is used, and receive a copy in a portable format.

Added May 10, 2026 Standard Seen across 284 platforms