Square automatically collects technical data about your device and browsing behavior, including information from third-party websites, even without you actively entering it.
This analysis describes what Square's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automatic collection of behavioral data across third-party websites enables cross-site tracking and profiling, which is the foundation for targeted advertising and may engage stricter consent requirements in some jurisdictions.
This detailed addition transparently discloses automatic tracking practices including device fingerprinting and cross-site behavioral monitoring, which was previously covered only vaguely under 'Targeted Advertising and Profiling.'
View full change record →Your browsing behavior, device fingerprint, and IP address are collected automatically by Square even when visiting third-party sites that use Square tools, which may result in a profile of your online activity being built without your active knowledge.
How other platforms handle this
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Square has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We automatically collect certain information when you use our Services or visit our websites, including device identifiers, IP address, browser type, operating system, referring URLs, device settings, and information about your usage of and actions on our Services and third-party websites and applications.— Excerpt from Square's Square Privacy Notice
REGULATORY LANDSCAPE: Automatic collection of device identifiers and behavioral data across third-party sites engages the ePrivacy Directive in the EU (as implemented nationally) and its requirement for prior consent for cookies and similar tracking technologies. Under GDPR, this data may constitute personal data requiring a lawful basis. The FTC has taken action against companies for undisclosed cross-site tracking. California's CPRA treats certain device identifiers and inferences as personal information subject to opt-out rights. GOVERNANCE EXPOSURE: Medium. The breadth of automatic collection is standard for large digital platforms but creates compliance risk if the technical implementation of consent mechanisms (cookie banners, opt-out tools) does not align with the disclosed practices. The reference to data collected from third-party websites is particularly notable as it suggests tracking beyond Square's own properties. JURISDICTION FLAGS: EU ePrivacy Directive requirements apply in all EU member states and are being replaced by the forthcoming ePrivacy Regulation. UK PECR governs cookie consent in the United Kingdom. California CPRA's opt-out of sharing applies to behavioral advertising data derived from tracking. Illinois, Texas, and other states may have additional considerations if device fingerprinting is treated as a biometric identifier. CONTRACT AND VENDOR IMPLICATIONS: Merchants embedding Square payment widgets on their websites should be aware that Square's automatic collection may occur on their sites, creating potential joint controller arrangements and transparency obligations to their own customers under GDPR and CCPA. COMPLIANCE CONSIDERATIONS: The cookie consent management platform used by Square should be audited to confirm that non-essential tracking is disabled prior to consent in EU/UK contexts. Merchants using Square SDKs should assess their own disclosure obligations to end consumers regarding Square's automatic data collection. Data mapping should account for data collected from third-party sites as a distinct flow.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automatic collection of behavioral data across third-party websites enables cross-site tracking and profiling, which is the foundation for targeted advertising and may engage stricter consent requirements in some jurisdictions.
Your browsing behavior, device fingerprint, and IP address are collected automatically by Square even when visiting third-party sites that use Square tools, which may result in a profile of your online activity being built without your active knowledge.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Square.