Skip to Content
Square
No items in your cart
Square
  • Pricing
  • Business types
  • Products
  • Resources
Discover
Types
Discover
Types
Discover
Types
Discover
Types
Discover
Discover
Discover
No items in your cart
Contact sales
Get started

General

Data Processing Terms

Effective Date: 26 May 2026

How These Terms Apply

These Data Processing Terms form part of and are incorporated into the Square General Terms of Service ("General Terms") and apply whenever Square processes personal data on your behalf in connection with the Services. By accepting the General Terms or using the Services, you agree to be bound by these Terms.

If there is any conflict between these Terms and the General Terms, these Terms will prevail in relation to the processing of Seller Data.

For clarity:

  • You act as the controller of Seller Data. For the purposes of applicable Data Protection Legislation, this means you determine the purposes and means of processing such personal data.
  • Square acts as processor when processing Seller Data on your behalf in connection with the Services.
  • These Terms only apply where Square processes Seller Data as a processor on your behalf and do not apply to processing activities where Square acts as a controller under applicable Data Protection Legislation. Information about Square's processing as a controller is set out in our Privacy Notice.

Definitions

"Data Protection Legislation" means all applicable laws and regulations relating to the processing of personal data, including:

  • The EU Regulation 2016/679 ("EU GDPR");
  • The EU GDPR as incorporated into UK law ("UK GDPR");
  • The UK Data Protection Act 2018;
  • The ePrivacy Directive and applicable national implementing laws;
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003 ("PECR"); and
  • Any successor legislation.

"Seller Data" means any personal data that Square processes on your behalf as a processor in connection with providing the Services to you.

The terms "controller", "processor", "data subject", "processing", "personal data", "personal data breach" and "appropriate technical and organisational measures" have the meanings given under applicable Data Protection Legislation.

Capitalised terms not defined here have the meanings given in the General Terms.

Description of Processing

Square processes Seller Data for the purpose of providing the Services in accordance with the General Terms and these Data Processing Terms.

Seller Data may include personal data relating to:

  • Your customers and prospective customers; and
  • Your employees, contractors or representatives (where applicable).

Depending on the Services you use, Seller Data may include:

  • Contact details (such as name, address, email, phone number);
  • Transaction data and item level purchase information;
  • Payment information;
  • Device and usage information;
  • Location data (where collected through the Services and enabled);
  • Identification information; and
  • Any other personal data you choose to upload or input into the Services.

Square processes Seller Data for the duration of the Services, unless retention is required by applicable law.

You agree that, in the course of providing the Services, Square may de-identify Seller Data ("Deidentified Data") and use such Deidentified Data for the purpose of research, benchmarking, improving Square's offerings generally or for another business purpose authorised by applicable Data Protection Legislation. In such cases, Square will implement safeguards designed to prevent the re-identification of that Deidentified Data.

Your Responsibilities

You are responsible for:

  • Ensuring you have a lawful basis for processing Seller Data; and
  • Providing appropriate information to data subjects as required under applicable Data Protection Legislation.

Sub-Processors

You provide general authorisation for Square to engage sub-processors in connection with providing the Services.

Square will:

  • Ensure any sub-processor is subject to written obligations that provide a level of data protection no less protective than those set out in these Terms; and
  • Remain responsible for the performance of its sub-processors in accordance with applicable Data Protection Legislation.

International Transfers

Seller Data may be transferred outside the European Economic Area or the United Kingdom.

Where Square transfers Seller Data outside the EEA or UK on your behalf, Square will implement appropriate safeguards as required under applicable Data Protection Legislation.

Where applicable, information about Square's transfer safeguards (including standard contractual clauses and other recognised transfer mechanisms) is available upon reasonable written request by emailing privacy-eu@squareup.com.

Square's Obligations as Processor

When processing Seller Data, Square will:

  • Process Seller Data as necessary to provide the Services and in accordance with these Data Processing Terms, unless required to do otherwise by applicable law;
  • Ensure that persons authorised to process Seller Data are subject to appropriate confidentiality obligations;
  • Implement and maintain appropriate technical and organisational measures to protect Seller Data, taking into account the requirements of applicable Data Protection Legislation;
  • Taking into account the nature of the processing and the functionality of the Services, Square will provide reasonable assistance to enable you to respond to requests from data subjects exercising their rights under applicable Data Protection Legislation;
  • Taking into account the nature of the processing and the information available to Square, provide reasonable assistance to support your compliance with obligations relating to security of processing, personal data breaches, data protection impact assessments, and prior consultation with supervisory authorities, where required under applicable Data Protection Legislation;
  • Notify you without undue delay after becoming aware of a personal data breach affecting Seller Data;
  • At your choice, delete or return Seller Data at the end of the provision of the Services, unless retention is required by applicable law; and
  • Make available information reasonably necessary to demonstrate compliance with these Data Processing Terms and allow for and contribute to audits or inspections conducted by you or an auditor mandated by you, subject to reasonable prior notice and appropriate confidentiality safeguards.

Audits are intended to verify compliance with these Data Processing Terms and must be conducted in a manner that does not unreasonably interfere with Square's operations or compromise security or confidentiality. Square may satisfy its audit obligations by providing relevant documentation or independent third-party certifications where appropriate.

Liability

Nothing in these Data Processing Terms limits either party's liability where such limitation is not permitted under applicable Data Protection Legislation.