Square · Square Privacy Notice · View original document ↗

Data Sharing with Affiliates and Service Providers

Medium severity High confidence Explicitdocumentlanguage Rare · 1 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Square recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Square Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Square shares your personal data with its related companies and outside vendors who help it run its business, including for payment processing, marketing, and fraud detection.

This analysis describes what Square's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Data sharing with affiliates and a broad range of service providers means your personal information moves beyond Square to a potentially large ecosystem of companies, each with their own data handling practices.

Clause Stability Stable

0
Changes
3
Months Monitored
May 11, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 1153 other provisions on other platforms.

Change history

modified May 22, 2026

Previous version 'Third-Party Data Sharing' had empty excerpt; current version provides detailed excerpt specifying affiliates and service providers with enumerated service categories.

View full change record →

Consumer impact (what this means for users)

Your personal data is shared with Square's affiliated companies and various third-party vendors involved in marketing, analytics, fraud prevention, and payment processing, meaning multiple organizations may hold copies of your information under different contractual terms.

How other platforms handle this

MetaMask Medium

We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.

Bumble Medium

We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.

Betterment Medium

We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...

See all platforms with this clause type →

Monitoring

Square has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We may share your personal information with our affiliates, subsidiaries, and related companies for the purposes described in this Privacy Notice. We also share personal information with third-party service providers that perform services on our behalf, such as payment processing, data analysis, marketing, customer service, and fraud prevention.

— Excerpt from Square's Square Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Under GDPR Article 28, sharing personal data with service providers acting as processors requires written data processing agreements specifying the scope and nature of processing. CCPA/CPRA distinguishes between service providers (who receive data under contractual restrictions) and third parties (to whom data is sold or shared); the policy's categorization of recipients affects which opt-out rights apply. GLBA Safeguards Rule requires financial institutions to oversee service provider arrangements involving customer financial data. GOVERNANCE EXPOSURE: Medium. The breadth of affiliate and service provider sharing is standard for a large fintech company but requires robust contractual controls and ongoing vendor management. The lack of a comprehensive list of affiliate entities or service provider categories in the public-facing policy creates some opacity about the actual scope of data flows. JURISDICTION FLAGS: GDPR requires that international transfers to service providers outside the EEA be covered by Standard Contractual Clauses or equivalent mechanisms. CPRA requires that service provider contracts prohibit use of personal information for purposes beyond the service agreement. State-level financial privacy laws in California (CCFIPA) may impose additional notice requirements for sharing with affiliates. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers should request Square's sub-processor list and data processing agreements to assess the scope of downstream data sharing. Any B2B contract with Square should clarify the customer's status as a business versus a consumer and the applicable data handling obligations that flow from that classification. COMPLIANCE CONSIDERATIONS: Compliance teams should map all affiliate and service provider relationships in Square's ecosystem and assess whether contractual controls meet GDPR Article 28, CPRA service provider requirements, and GLBA vendor management standards. Periodic vendor assessments and audit rights should be confirmed in applicable agreements.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over data sharing practices that are unfair, deceptive, or inconsistent with disclosed privacy practices under Section 5 of the FTC Act.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FCRA
United States Federal
FTC Act Section 5
United States Federal
GLBA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Square Privacy Notice
Entity
Square
Document last updated
May 5, 2026
Tracking information
First tracked
May 11, 2026
Last verified
May 11, 2026
Record ID
CA-P-010459
Document ID
CA-D-00363
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
0289c6d8cb5faae7f0a22b62297d5eb529db7cfcc001f60a8fa38563c167ffc3
Analysis generated
May 11, 2026 06:14 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Square
Document: Square Privacy Notice
Record ID: CA-P-010459
Captured: 2026-05-11 06:14:10 UTC
SHA-256: 0289c6d8cb5faae7…
URL: https://conductatlas.com/platform/square/square-privacy-notice/data-sharing-with-affiliates-and-service-providers/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Square's Data Sharing with Affiliates and Service Providers clause do?

Data sharing with affiliates and a broad range of service providers means your personal information moves beyond Square to a potentially large ecosystem of companies, each with their own data handling practices.

How does this clause affect you?

Your personal data is shared with Square's affiliated companies and various third-party vendors involved in marketing, analytics, fraud prevention, and payment processing, meaning multiple organizations may hold copies of your information under different contractual terms.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Square?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Square.