Square limits its financial responsibility if the service fails, is unavailable, or is hacked. Users cannot seek indirect or consequential damages from Square, even if a service outage or security breach causes real financial harm.
This analysis describes what Square's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The limitation establishes the scope of damages for which Square and related entities may be held liable in disputes. By excluding certain categories of damages, the provision defines the financial exposure Square accepts under the agreement and affects the range of remedies available in dispute resolution.
Interpretive note: Enforceability of liability exclusions for security breaches may be constrained by applicable state data security law or regulatory standards independent of this contract's terms.
Merchants cannot recover consequential or indirect damages from Square for service failures or security incidents, which means that lost sales revenue, reputational harm, or costs of notifying customers after a breach would typically not be recoverable under this agreement.
How other platforms handle this
In no event will either party's aggregate liability arising out of or related to this Agreement exceed the total fees paid or payable by Customer in the twelve (12) months preceding the claim. In no event will either party be liable for any indirect, incidental, special, consequential, or punitive d...
IN NO EVENT WILL DEEPSEEK OR ITS AFFILIATES BE LIABLE UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT, NEGLIGENCE, PRODUCTS LIABILITY, OR OTHERWISE, FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES OR LOST PROFITS, EVEN IF DEEPSEEK OR ITS AFFILIATES HAVE ...
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL PERPLEXITY, ITS AFFILIATES, LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, OR DIRECTORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS O...
Monitoring
Square has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"IN NO EVENT WILL SQUARE, ITS PROCESSORS, SUPPLIERS OR LICENSORS (OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, AGENTS AND EMPLOYEES) BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF, IN CONNECTION WITH, OR RELATING TO THIS AGREEMENT OR THE SERVICES, INCLUDING WITHOUT LIMITATION THE USE OF, INABILITY TO USE, OR UNAVAILABILITY OF THE SERVICES. UNDER NO CIRCUMSTANCES WILL ANY OF SUCH PERSONS OR ENTITIES BE RESPONSIBLE FOR ANY DAMAGE, LOSS, OR INJURY RESULTING FROM HACKING, TAMPERING, OR OTHER UNAUTHORIZED ACCESS OR USE OF THE SERVICES OR YOUR SQUARE ACCOUNT.— Excerpt from Square's Square Terms of Service
REGULATORY LANDSCAPE: Limitation of liability clauses are generally enforceable under California law, which governs this agreement, subject to limitations where gross negligence or willful misconduct is involved. The FTC has examined limitation of liability clauses in consumer-facing agreements as potential unfair practices where they prevent recovery for harms the company had reasonable ability to prevent. State data breach notification laws may impose obligations on Square independent of this contractual limitation. GOVERNANCE EXPOSURE: Medium. The exclusion of liability for hacking and unauthorized access is notable given that payment processors handle sensitive financial data and are frequent targets of cyberattacks. The clause asserts that Square bears no responsibility for losses resulting from hacking, which may be in tension with regulatory expectations around data security obligations for payment processors under PCI DSS and applicable state law. JURISDICTION FLAGS: California's Consumer Legal Remedies Act and other state consumer protection statutes may limit the enforceability of liability exclusions where they apply to consumer-facing harms. EU and UK users benefit from GDPR and PSD2 provisions that impose liability on payment service providers for certain data breaches and unauthorized transactions, which may supersede this contractual limitation for those users. CONTRACT AND VENDOR IMPLICATIONS: Merchants relying on Square for critical payment infrastructure should assess whether their own business interruption insurance or cyber liability policies provide coverage for losses that this clause would otherwise leave unrecoverable from Square. B2B agreements that incorporate Square's services should address the liability gap this clause creates. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the exclusion of liability for security incidents is consistent with regulatory expectations for payment facilitators under PCI DSS and state data security laws. Compliance programs should include contingency planning for service outages and security incidents given that contractual recovery from Square is limited.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The limitation establishes the scope of damages for which Square and related entities may be held liable in disputes. By excluding certain categories of damages, the provision defines the financial exposure Square accepts under the agreement and affects the range of remedies available in dispute resolution.
Merchants cannot recover consequential or indirect damages from Square for service failures or security incidents, which means that lost sales revenue, reputational harm, or costs of notifying customers after a breach would typically not be recoverable under this agreement.
ConductAtlas has identified this type of provision across 227 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Square.