Target · Target Privacy Policy

Sensitive Personal Information Collection

High severity
Share 𝕏 Share in Share

Why it matters

Sensitive personal information carries heightened legal protections under CPRA and analogous state laws, and Target's collection of health-adjacent purchase inferences and precise location data creates significant privacy risks if used for profiling or shared with third parties.

Consumer impact

Target collects a broad range of personal data — including purchase history, precise location, device identifiers, inferred interests, and financial information — and shares this data with third-party advertising partners through its Roundel retail media network, which goes beyond what many consumers would expect from a standard retail privacy policy. Consumers enrolled in Target Circle are subject to heightened behavioral profiling, as loyalty program data is explicitly used to build audience segments for targeted advertising both on and off Target platforms. You can submit a privacy rights request — including opt-out of sale/sharing, deletion, or data access — at https://www.target.com/c/target-privacy-policy/-/N-4sr7p or by calling 1-800-440-0680.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Visit Target's privacy rights portal and select 'Limit Use of Sensitive Personal Information' (California residents) or submit a general opt-out/deletion request to limit use of geolocation and health-adjacent data.

Applicable agencies

  • FTC
    The FTC has enforcement authority over misuse of sensitive personal data including health information and precise geolocation under FTC Act Section 5 and its health breach notification policy.
    File a complaint →
  • State AG
    California CPPA and AG, Washington AG (under WMHMDA), and other state attorneys general have enforcement authority over sensitive data collection and use violations.
    File a complaint →

Provision details

Document information
Document
Target Privacy Policy
Entity
Target
Document last updated
March 24, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001373
Document ID
CA-D-00260
Evidence Provenance
Source URL
https://www.target.com/spot/privacy-policy
Wayback Machine
View archived versions →
SHA-256
4c256b742e59459a6a9892660bd1b31f2e78313f4037434ab183025e35a0a5f0
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Target | Document: Target Privacy Policy | Record: CA-P-001373
Captured: 2026-04-01 14:18:33 UTC | SHA-256: 4c256b742e59459a…
URL: https://conductatlas.com/platform/target/target-privacy-policy/sensitive-personal-information-collection/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Data collection

Other provisions in this document