California residents have legally enforceable rights to know what data Square has collected, to request deletion, to opt out of data sales and sharing, to correct errors, and to restrict use of sensitive data.
This analysis describes what Square's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are backed by California law and are enforceable against Square; exercising them can materially limit how your personal information is used for advertising and profiling purposes.
Previous version 'CCPA Opt-Out of Data Sale and Sharing' had empty excerpt; current version provides comprehensive excerpt covering all California consumer rights including access, deletion, opt-out, correction, and sensitive data limitations.
View full change record →California residents can submit requests to Square to access, delete, correct, or opt out of the sharing of their personal information, including sensitive data categories like financial information and biometrics, and Square is legally required to honor these requests within statutory timeframes.
How other platforms handle this
We may also collect your personal data from other people or companies.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Monitoring
Square has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a California resident, you have certain rights with respect to your personal information, including the right to know about personal information collected, disclosed, or sold; the right to delete personal information we have collected from you; the right to opt-out of the sale or sharing of your personal information; the right to correct inaccurate personal information; and the right to limit the use and disclosure of sensitive personal information.— Excerpt from Square's Square Privacy Notice
REGULATORY LANDSCAPE: This provision implements CCPA as amended by CPRA, enforced by the California Privacy Protection Agency and the California Attorney General. Square's obligations include responding to verified consumer requests within 45 days (extendable by an additional 45 days with notice), maintaining a Do Not Sell or Share link, and not discriminating against consumers who exercise their rights. Non-compliance can result in civil penalties and enforcement actions. GOVERNANCE EXPOSURE: Medium. Square's disclosure of these rights is a positive compliance indicator. The primary compliance risk lies in the operational implementation: whether request verification processes are frictionless, whether opt-out mechanisms are technically effective, and whether all data flows to third parties are accurately captured in the disclosure. Failure in any of these areas creates enforcement risk. JURISDICTION FLAGS: CPRA rights apply exclusively to California residents. However, similar rights exist under Colorado CPA, Virginia VCDPA, Connecticut CTDPA, and other state laws. Businesses should avoid treating CPRA compliance as the ceiling of obligation and assess applicability across all US states where Square operates and users reside. CONTRACT AND VENDOR IMPLICATIONS: Square's service provider agreements should include CPRA-compliant contractual provisions limiting downstream use of personal information by vendors. Merchants using Square should assess whether they share personal information with Square in a manner that creates their own independent CPRA obligations as businesses. COMPLIANCE CONSIDERATIONS: Legal teams should verify that Square's identity verification mechanism for consumer rights requests meets the CPRA standard without being unduly burdensome. The policy should be reviewed to confirm that the opt-out of sale and sharing is technically implemented via a clear and conspicuous link. Sensitive personal information limitations should be mapped against Square's actual data use practices to confirm consistency.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are backed by California law and are enforceable against Square; exercising them can materially limit how your personal information is used for advertising and profiling purposes.
California residents can submit requests to Square to access, delete, correct, or opt out of the sharing of their personal information, including sensitive data categories like financial information and biometrics, and Square is legally required to honor these requests within statutory timeframes.
ConductAtlas has identified this type of provision across 13 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Square.