Target · Target Privacy Policy

Data Retention

Medium severity
Share 𝕏 Share in Share

What it is

Target retains your personal information for as long as necessary to fulfill the purposes described in the policy, which may include ongoing business, legal, and compliance needs.

Why it matters

Open-ended retention periods mean Target may hold your data indefinitely, which increases the risk of data breach exposure and limits your ability to ensure your information is no longer in use.

Institutional analysis (Compliance & legal intelligence)

Vague data retention language may create compliance exposure under CCPA/CPRA, which requires businesses to disclose retention periods or the criteria used to determine them; legal teams should assess whether Target's retention schedules satisfy regulatory specificity requirements and whether retention limits are technically enforced.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Target collects a wide range of personal data including your precise location, purchase history, browsing behavior, and inferences about your preferences, which it uses for targeted advertising and shares with third-party partners. This means your shopping behavior may be used to build a detailed profile that influences the ads you see across the internet. You can opt out of the sale or sharing of your personal information by visiting Target's privacy preference center at https://www.target.com/c/target-privacy-policy/-/N-4sr7p.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 45 days
    Submit a data deletion request through Target's privacy request portal to request that your personal information be deleted. Note that some data may be retained for legal compliance reasons even after your request.

Applicable agencies

  • State AG
    State privacy law enforcement authorities, including the California Privacy Protection Agency, may scrutinize vague or non-specific data retention disclosures under CCPA/CPRA requirements.
    File a complaint →

Provision details

Document information
Document
Target Privacy Policy
Entity
Target
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00260008
Document ID
CA-D-00260
Evidence Provenance
Source URL
https://www.target.com/spot/privacy-policy
Wayback Machine
View archived versions →
SHA-256
bdcbe25435345dddf71b6fa039c4ba118b53be072fa3747ca132f1e64ec42103
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Target | Document: Target Privacy Policy | Record: CA-P-00260008
Captured: 2026-03-20 11:26:23 UTC | SHA-256: bdcbe25435345ddd…
URL: https://conductatlas.com/platform/target/target-privacy-policy/data-retention/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Data sharing Liability

Other provisions in this document