What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), consumer privacy statutes in Colorado, Connecticut, Virginia, Utah, and Texas, the Illinois Biometric Information Privacy Act (BIPA), and the FTC Act governing unfair or deceptive trade practices. The collection of face geometry data from beauty try-on features directly implicates BIPA and analogous biometric privacy statutes in Texas (CUBI) and Washington, wh…

How does Target's Target Privacy Policy affect users?

The agreement establishes that Target collects a broad range of personal information including biometric identifiers, precise geolocation, inferences about preferences, and sensitive personal information, and authorizes sharing this data with advertising partners, analytics providers, marketplace sellers, and loyalty program partners. Under these terms, consumers who use beauty try-on features provide biometric face geometry data subject to collection and retention practices disclosed in the po…

How often is Target's Target Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Target updates this document?

Yes. Monitor subscribers ($19/month) can add Target to their watchlist and receive same-day email alerts whenever this document or any other Target document changes.

CA-D-000260

Target Privacy Policy

Target

Last change detected May 16, 2026 Privacy policy

SHA-256: 9b69ef16f12c45f0ccc… 12 versions captured 12 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Target ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

2 High severity

8 Medium severity

0 Low severity

Summary

Target's privacy policy describes how Target collects and uses personal information across its stores, website, mobile app, Target Circle loyalty program, Target Plus marketplace, and RedCard financial products. The policy states that Target collects identifiers, payment information, biometric data including face geometry from beauty try-on tools, precise geolocation, browsing activity, purchase history, and inferences about consumer preferences, and authorizes sharing this data with advertising and analytics partners, marketplace sellers, and loyalty program partners. California residents and residents of several other states are granted specific rights to access, correct, delete, or opt out of the sale or sharing of their personal information through mechanisms described in the policy.

Technical / Legal Breakdown

This document is Target Corporation's privacy policy governing the collection, use, sharing, and retention of personal information across Target's retail, digital, and loyalty program ecosystems, with stated legal bases including consent, contractual necessity, and compliance with applicable law. The policy states that Target collects identifiers, contact information, payment card data, biometric identifiers (including face geometry data from beauty try-on features), precise geolocation, browsing and search history, purchase history, inferences drawn from personal information, and sensitive personal information such as health-related data; the terms authorize sharing of this data with advertising partners, analytics providers, data brokers operating as service providers, Target Plus marketplace sellers, and loyalty program partners including Ulta Beauty and Marriott. Notably, the policy discloses the collection of biometric identifiers and face geometry data in connection with augmented reality beauty features, which engages state biometric privacy statutes (including the Illinois Biometric Information Privacy Act and similar laws in Texas and Washington) that impose consent, retention, and destruction obligations that may constrain how the terms apply in practice. The policy engages the California Consumer Privacy Act as amended by CPRA, state consumer protection statutes, and the FTC Act; California residents receive enumerated rights including the right to know, correct, delete, opt out of sale or sharing, and limit use of sensitive personal information, while residents of additional states including Colorado, Connecticut, Virginia, and others receive analogous state-law rights under frameworks the policy acknowledges by reference to a state privacy rights table.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

12 important changes detected

12 versions captured · Last updated: May 2026

May 16, 2026

low

What changed Target updated its privacy policy on May 16, 2026, by modifying footer navigation and promotional content. The previous version included links to 'Gift Ideas for Mom', 'Last update: March 5, 2026', and references to updated privacy categories and retention information. The updated version replaces these with different promotional categories including 'Gift Ideas for Dad' and 'Back to School', and removes the explicit update date reference and summary of what was changed. This appears to be a navigation and content reorganization rather than a substantive change to Target's privacy rights, practices, or obligations.

Why this matters This change is a formatting and navigation update to Target's privacy policy footer and does not modify the substantive privacy rights, data collection practices, or consumer obligations stated in the policy. The removal of the 'Last update: March 5, 2026' date reference means the policy footer no longer explicitly displays when the document was last revised, though the policy content itself remains operative. The reorganization of promotional categories in the footer has no effect on how Target collects, uses, or protects consumer data.

View full change record →

May 11, 2026

low

What changed Target's privacy policy homepage was updated on May 11, 2026 to add a timestamp and navigation links. The policy now displays 'Last update: March 5, 2026' and includes explicit references to updated categories of information collected, state-specific privacy information, and retention information, with a 'Back to Top' navigation option. This change appears to be a transparency and navigation update rather than a material change to substantive privacy rights or data handling practices.

Why this matters The updated policy homepage now displays a last-updated timestamp and provides clearer navigation to sections describing what information Target collects, state-specific privacy rights, and data retention practices. This is a structural and transparency change to the policy document itself rather than a change to data handling practices or user rights. You can access these sections directly through the new navigation links provided on the policy page.

View full change record →

May 6, 2026 low

Target's privacy policy was updated on May 6, 2026 with minor changes to webpage content and formatting. One sentence was added and one was modified in the policy document. These …

View change record →

May 2, 2026 low

Target's privacy policy was updated on May 2, 2026 with minor editorial changes: one sentence was removed and one sentence was modified. The document now contains 290 sentences. Based on …

View change record →

April 19, 2026 low

Target updated the promotional content examples in their privacy policy's introductory section on April 19, 2026. The change replaced references to 'Easter Basket Ideas' and 'Health & Wellness' with 'Gift …

View change record →

April 13, 2026 low

Target modified one sentence in its privacy policy on April 13, 2026. The specific language change was not detailed in the change summary provided. Without visibility into the exact text …

View change record →

April 8, 2026 low

Target removed the word 'Health &' from a navigation menu in their privacy policy on April 8, 2026. The section previously read 'Health & Wellness' and now reads 'Wellness'. This …

View change record →

April 7, 2026 low

Target removed two promotional gift-idea categories (Easter Basket Ideas and Gift Ideas for Grads) from the navigation menu in their privacy policy document. This appears to be a formatting or …

View change record →

April 6, 2026 low

Target's privacy policy navigation menu was updated on April 6, 2026 to include a new shopping category link for 'Gift Ideas for Grads' in the page header. This is a …

View change record →

April 1, 2026 low

Target's privacy policy was updated on April 1, 2026, but the detected change appears to be a formatting or navigation element addition rather than a substantive policy modification. The update …

View change record →

March 20, 2026 low

Target's privacy policy update on March 20, 2026 involved removing a line of unrelated marketing content (Easter, Gift Ideas, Deals promotions) and modifying how sponsored content appears in the document. …

View change record →

March 19, 2026 low

Target's privacy policy was updated on March 19, 2026 with minor editorial changes to the policy interface. One sentence was removed from a 'Loading' placeholder section, and new content describing …

View change record →

High — 2 provisions

Biometric Identifier Collection Compare →

The policy states that Target collects biometric information, specifically face geometry scans, when consumers use the virtual beauty try-on feature on Target's digital platforms.

Added May 21, 2026 Standard Seen across 284 platforms
Sale and Sharing of Personal Information for Advertising Compare →

The policy states that Target shares personal information including identifiers, browsing activity, and purchase history with advertising and social media companies, and acknowledges this activity may constitute a 'sale' or 'sharing' under state privacy laws, with an opt-out right provided.

Added May 21, 2026 Standard Seen across 252 platforms

Medium — 8 provisions

Precise Geolocation Collection Compare →

The policy states that Target collects precise geolocation data from consumers' mobile devices, described as requiring device-level permission, and categorizes this as sensitive personal information under applicable state privacy laws.

Added May 10, 2026 Standard Seen across 284 platforms
California and Multi-State Privacy Rights Compare →

The policy enumerates six specific rights for California residents under CCPA/CPRA and states that residents of additional states including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others receive analogous rights under applicable state statutes, with a consolidated state rights table referenced.

Added May 21, 2026 Standard Seen across 284 platforms
Target Plus Marketplace Seller Data Sharing Compare →

The policy states that when consumers purchase from third-party sellers on the Target Plus marketplace, Target shares the consumer's name, address, and items purchased with those sellers as needed to fulfill the order.

Added May 21, 2026 Standard Seen across 252 platforms
Loyalty and Partner Program Data Sharing Compare →

The policy states that Target shares personal information with loyalty and partner program companies, including Ulta Beauty and Marriott, in connection with program participation.

Added May 21, 2026 Standard Seen across 252 platforms
Inferences and Sensitive Personal Information Collection Compare →

The policy states that Target collects and retains inferences derived from personal information to build consumer profiles reflecting preferences, psychological trends, predispositions, behaviors, attitudes, intelligence, abilities, and aptitudes.

Added May 21, 2026 Standard Seen across 284 platforms
Children's Privacy Compare →

The policy states that Target's digital properties are not directed to children under 13 and that Target does not knowingly collect personal information from children under 13 without parental consent.

Added May 21, 2026 Standard Seen across 284 platforms
RedCard Financial Product Data Practices Compare →

The policy states that Target shares personal information with financial partners to operate the Target RedCard program, which includes credit and debit card products.

Added May 21, 2026 Standard Seen across 252 platforms
Global Privacy Control (GPC) Recognition Compare →

The policy states that Target processes Global Privacy Control browser signals as valid opt-out requests from consumers for the sale or sharing of personal information.

Added May 8, 2026 Standard Seen across 284 platforms