Square shares your personal data with its related companies and outside vendors who help it run its business, including for payment processing, marketing, and fraud detection.
This analysis describes what Square's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data sharing with affiliates and a broad range of service providers means your personal information moves beyond Square to a potentially large ecosystem of companies, each with their own data handling practices.
Your personal data is shared with Square's affiliated companies and various third-party vendors involved in marketing, analytics, fraud prevention, and payment processing, meaning multiple organizations may hold copies of your information under different contractual terms.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Google có thể cần cung cấp thông tin cá nhân của bạn, chẳng hạn như tên và địa chỉ email của bạn, cho Nhà cung cấp để xử lý giao dịch của bạn hoặc cung cấp Nội dung cho bạn. Các Nhà cung cấp đồng ý sử dụng thông tin này theo chính sách bảo mật của họ.
Monitoring
Square has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information with our affiliates, subsidiaries, and related companies for the purposes described in this Privacy Notice. We also share personal information with third-party service providers that perform services on our behalf, such as payment processing, data analysis, marketing, customer service, and fraud prevention.— Excerpt from Square's Square Privacy Notice
REGULATORY LANDSCAPE: Under GDPR Article 28, sharing personal data with service providers acting as processors requires written data processing agreements specifying the scope and nature of processing. CCPA/CPRA distinguishes between service providers (who receive data under contractual restrictions) and third parties (to whom data is sold or shared); the policy's categorization of recipients affects which opt-out rights apply. GLBA Safeguards Rule requires financial institutions to oversee service provider arrangements involving customer financial data. GOVERNANCE EXPOSURE: Medium. The breadth of affiliate and service provider sharing is standard for a large fintech company but requires robust contractual controls and ongoing vendor management. The lack of a comprehensive list of affiliate entities or service provider categories in the public-facing policy creates some opacity about the actual scope of data flows. JURISDICTION FLAGS: GDPR requires that international transfers to service providers outside the EEA be covered by Standard Contractual Clauses or equivalent mechanisms. CPRA requires that service provider contracts prohibit use of personal information for purposes beyond the service agreement. State-level financial privacy laws in California (CCFIPA) may impose additional notice requirements for sharing with affiliates. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers should request Square's sub-processor list and data processing agreements to assess the scope of downstream data sharing. Any B2B contract with Square should clarify the customer's status as a business versus a consumer and the applicable data handling obligations that flow from that classification. COMPLIANCE CONSIDERATIONS: Compliance teams should map all affiliate and service provider relationships in Square's ecosystem and assess whether contractual controls meet GDPR Article 28, CPRA service provider requirements, and GLBA vendor management standards. Periodic vendor assessments and audit rights should be confirmed in applicable agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data sharing with affiliates and a broad range of service providers means your personal information moves beyond Square to a potentially large ecosystem of companies, each with their own data handling practices.
Your personal data is shared with Square's affiliated companies and various third-party vendors involved in marketing, analytics, fraud prevention, and payment processing, meaning multiple organizations may hold copies of your information under different contractual terms.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Square.