What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This notice explicitly engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, disclosing consumer rights to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information. The California Privacy Protection Agency and the California Attorney General share enforcement authority under the CPRA. The notice also references Washington State privacy law applicability for Washington residents, engaging t…

How does Starbucks's Starbucks Privacy Policy affect users?

Starbucks collects a broad range of personal data including precise geolocation, purchase history, payment information, device identifiers, and voice recordings, and uses this data for targeted advertising, loyalty program administration, and building consumer profiles. The notice discloses that personal information is shared with advertising partners and social media platforms in ways that qualify as a sale or sharing of personal information under California law, meaning your data may be used …

How often is Starbucks's Starbucks Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Starbucks updates this document?

Yes. Watcher subscribers ($9.99/month) can add Starbucks to their watchlist and receive same-day email alerts whenever this document or any other Starbucks document changes.

CA-D-000625

Starbucks Privacy Policy

Starbucks

Last change detected May 5, 2026 Privacy policy

SHA-256: d5e55caca30087576ff… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Starbucks ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

6 Medium severity

2 Low severity

Summary

This is Starbucks' privacy policy, explaining what personal information the company collects when you use its app, website, in-store services, or Rewards program, and how that information is used and shared. The most important thing to know is that Starbucks collects a wide range of data about you, including your precise location, purchase history, payment details, and voice recordings from customer service calls, and shares this data with advertising and analytics partners in ways that California law classifies as a 'sale' or 'sharing' of personal information. If you are a California resident, you can opt out of the sale or sharing of your personal information by visiting Starbucks' 'Do Not Sell or Share My Personal Information' link on their website.

Technical / Legal Breakdown

This document is Starbucks' Privacy Notice governing the collection, use, and sharing of personal information across its websites, mobile applications, in-store services, and Starbucks Rewards program, with stated legal basis rooted in consent, contractual necessity, and legitimate business interests. The notice states that Starbucks collects identifiable data including name, email, phone, payment card details, precise geolocation, purchase and transaction history, device identifiers, voice and audio data from customer service interactions, and inferences drawn from consumer behavior to build profiles used for personalized marketing, loyalty program administration, and analytics. The notice authorizes sharing of personal data with a broad range of third parties including advertising partners, data analytics vendors, social media platforms, and business partners for cross-context behavioral advertising purposes, and discloses the sale or sharing of personal information as defined under California law, which triggers specific opt-out rights; the breadth of inference and profiling activities, combined with sharing for advertising purposes, represents a notable scope of data monetization relative to what a retail food-and-beverage consumer might reasonably anticipate. The notice explicitly engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, citing rights to know, delete, correct, opt out of sale or sharing, and limit sensitive personal information use, and references compliance with Washington State privacy law for Washington residents; the document is primarily US-focused with no substantive GDPR or UK GDPR framework described, which may create gaps for any EU or UK customer interactions. Compliance teams should note that the notice discloses collection of precise geolocation, voice and audio data, and inferences as categories of sensitive or functionally sensitive data, each carrying heightened regulatory attention under the CPRA and emerging state privacy statutes, and that the disclosed advertising-partner data-sharing model warrants ongoing assessment under FTC unfair or deceptive practices authority.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 6 provisions

Sale or Sharing of Personal Information for Advertising Compare →

Starbucks shares your personal data with advertising companies and social media platforms to show you targeted ads, and California law classifies this as a 'sale' or 'sharing' of your data, giving you the right to opt out.

Added May 9, 2026 Standard Seen across 189 platforms
Precise Geolocation Data Collection Compare →

Starbucks can collect your precise GPS location, including when the app runs in the background, and uses it for store-finding, analytics, and targeted marketing.

Added May 7, 2026 Standard Seen across 251 platforms
Voice and Audio Data Collection Compare →

When you call Starbucks customer service, your voice and the conversation may be recorded, and by making the call you are considered to have consented to this recording.

Added May 7, 2026 Standard Seen across 251 platforms
Inference and Consumer Profiling

Starbucks uses your purchase history and behavioral data to build a detailed profile about your preferences and characteristics, which is then used to target you with personalized marketing.

Added May 9, 2026 Rare
Starbucks Rewards Program Data Collection Compare →

When you use the Starbucks Rewards program, the company builds a detailed record of everything you buy, how often you visit, which stores you go to, and how you pay, and uses this to personalize offers and marketing.

Added May 9, 2026 Standard Seen across 251 platforms
Third-Party Analytics and Advertising Cookies Compare →

Starbucks and its advertising partners use cookies and tracking pixels on its website and app to monitor what you browse and click, and to serve you targeted ads based on that behavior.

Added May 9, 2026 Standard Seen across 189 platforms

Low — 2 provisions

California and Washington Resident Privacy Rights Compare →

California residents have legally enforceable rights to access, delete, correct, and opt out of the sale of their data, and to limit how sensitive information is used. Washington residents have additional rights under Washington state law.

Added May 9, 2026 Standard Seen across 262 platforms
Data Retention Compare →

Starbucks keeps your personal data for as long as it considers necessary for business, legal, or reporting purposes, without specifying fixed retention periods for most data categories.

Added May 7, 2026 Standard Seen across 223 platforms