When you use the Starbucks Rewards program, the company builds a detailed record of everything you buy, how often you visit, which stores you go to, and how you pay, and uses this to personalize offers and marketing.
This analysis describes what Starbucks's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The Rewards program creates a persistent, longitudinal record of your consumer behavior that is directly linked to your identity, making it one of the most data-rich components of the Starbucks customer relationship and the foundation for the profiling and advertising activities described elsewhere in the notice.
Enrolling in Starbucks Rewards means your purchase history, payment methods, and store visits are continuously recorded and linked to your identity, forming the core dataset used for personalized marketing and behavioral profiling. If you prefer not to have this data collected, you would need to make purchases without using the Rewards program.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Starbucks has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you join the Starbucks Rewards program, we collect information about your transactions, including your purchase history, the products you buy, how frequently you make purchases, the stores you visit, and the payment methods you use. We use this information to administer the Rewards program, personalize your experience, and provide you with targeted offers and marketing communications.— Excerpt from Starbucks's Starbucks Privacy Policy
(1) REGULATORY LANDSCAPE: Purchase transaction data linked to an identified individual constitutes personal information under the CPRA, COPPA if minors are involved, and analogous state statutes. The use of loyalty program data for profiling and targeted advertising implicates CPRA's requirements around data minimization, purpose limitation, and the right to limit use of sensitive personal information where sensitive categories are implicated by purchase data. The FTC Act applies to any representations about how Rewards data is used that may deviate from actual practice. (2) GOVERNANCE EXPOSURE: Medium. Loyalty program data collection for program administration and personalized marketing is standard industry practice. The governance exposure arises from the breadth of downstream uses (profiling, advertising partner sharing) and the longitudinal depth of the dataset, which amplifies the impact of any data breach or unauthorized access. (3) JURISDICTION FLAGS: California CPRA rights apply to Rewards program data. If minors participate in the Rewards program, COPPA and state minor privacy protections engage. The Rewards program's linkage of purchase behavior to payment method creates a dataset that intersects financial and behavioral data, which may attract CFPB attention if used in credit-adjacent contexts. (4) CONTRACT AND VENDOR IMPLICATIONS: Third-party partners who receive Rewards data for co-branded or promotional purposes should be assessed for compliance with data use restrictions. The notice's reference to sharing with business partners for marketing purposes warrants review of whether those partners are operating as service providers or as independent data controllers. (5) COMPLIANCE CONSIDERATIONS: Data retention policies for Rewards transaction history should be documented and aligned with deletion request obligations. If the Rewards program is accessible to minors, age verification and COPPA compliance should be audited. Purpose limitation documentation should confirm that Rewards data is not used for purposes materially beyond those disclosed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The Rewards program creates a persistent, longitudinal record of your consumer behavior that is directly linked to your identity, making it one of the most data-rich components of the Starbucks customer relationship and the foundation for the profiling and advertising activities described elsewhere in the notice.
Enrolling in Starbucks Rewards means your purchase history, payment methods, and store visits are continuously recorded and linked to your identity, forming the core dataset used for personalized marketing and behavioral profiling. If you prefer not to have this data collected, you would need to make purchases without using the Rewards program.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Starbucks.