Most privacy policies and terms of service—especially with payments companies—are indeed about privacy. The company’s privacy, meaning that they want to keep their customers from knowing it to the extent possible. To that end, most are filled with legalese, are overly long and used the smallest and most difficult to read font as possible.
“These updates provide additional clarity and transparency, making our terms easier to read and understand. We encourage you to review the sections that apply to you, depending on how you engage with Square,” Square said in a Tuesday e-mail blast to customers. One document, for example, deals only with those who have applied for a Square account (overwhelmingly merchants) as opposed to consumers. Sometimes, though, a consumer is a direct Square customer but is not acting as a merchant (such as person-to-person transactions transferring money from consumers to consumers, and sometimes a consumer temporarily acts as a merchant (for perhaps a garage sale).
That raises the prospect that this could prove more complicated because it will require people to read more documents.
Speaking of the actual policies, when we spoke with Square on Tuesday, it wasn’t clear if any policies had changed. A spokesperson would only say that there were “no material changes” and that the update was “largely a reorganization.” In short, they seemed to have gone out of their way to avoid saying that there were no changes in policy.
It added that Square “will provide you with reasonable prior notice of substantial changes in how we use your information, including by email at the email address you provide. Where these changes would cause material detriment to you, you may of course cancel your account at any time.” How generous. They have given their customers permission to cancel.
When it comes to information-sharing, merchants take note of this one. Under the area for listing what retail information they may share with others, it lists “inventory, pricing and other data” as well as information about “appointment(s), staffing availability, employee, payroll and contact data” plus the “hours worked and other timecard data” of employees if the merchant is using Square Payroll.
“We collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions,” it said, adding that geolocation data may also be retained.
For how long will this data be kept on file? Quite long, it seems. “Even after you deactivate your Square account, we may retain archived copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our General Terms or other applicable agreements or policies, or to take any other actions consistent with applicable law.”
And that’s all for after you stop being a customer.
Here’s a nice one for your merchants’ consumer customers. “We may use information you provide to connect you with people you already know. For example, you may upload contact information from your address book through the Square Cash mobile application. We will match the contact information you provide to the information provided by other users of Square Cash in order to provide and improve the Square Cash Service, including making it easier to find contacts to whom you may send or request payments using Square Cash.” Sure, there’s no way that that could possibly have nasty unintended consequences.
In case the earlier reference to data retention after someone cuts off Square wasn’t enough, Square stated it more emphatically. If a Square account is terminated or suspended for any reason, “we may—but have no obligation to—delete your information and account data stored on our servers and we will not be liable to you or any third party for compensation, reimbursement, or damages for any termination or suspension of the Services, or for deletion of your information or account data.”
This one is more typical, but it’s still always a delight: “Square does not warrant or guarantee that the services are accurate, reliable or correct; that the services will meet your requirements; that the services will be available at any particular time or location, uninterrupted, error-free, without defect or secure; that any defects or errors will be corrected; or that the services are free of viruses or other harmful components. Under no circumstances will Square be responsible for any damage, loss, or injury resulting from hacking, tampering, or other unauthorized access or use of the services or your square account, or the information contained therein.” Maybe they should say that on their homepage?
Just in case the arbitration clause isn’t enough to protect Square, it has decided ahead of time—why waste time?—how much they’ll give if they ruin your business. “To the maximum extent permitted by applicable law, the total liability of Square is limited to the greater of (a) the amount of fees earned by us in connection with your use of the services during the three (3) month period immediately preceding the event giving rise to the claim for liability, or (b) $500.”