Skip to content
Legal

Privacy Policy

We collect what the product needs to run: your account email, your store's data, and the conversations your storefront has with its shoppers. Merchants own their store data.

We don't sell personal data. Conversations are processed by the AI provider configured for your store solely to generate responses. Secrets you store with us (API keys, SMTP passwords, payment credentials) are encrypted at rest.

Fraud screening on stores you buy from

When you place an order on a store hosted by SquareUp, that merchant may screen the order for payment fraud. If the merchant connects a screening partner (such as Signifyd, NoFraud, or FraudLabs Pro), the order's email, amount, and your IP address are shared with that partner for the single purpose of scoring that order. The lawful basis is the merchant's legitimate interest in fraud prevention. Never your card number: payments happen on the payment provider's own secure page. Each store's connected partners appear in its data disclosure, and a deletion request to the merchant covers this data too.

When you ask to get in

When you raise your hand to get in, we collect the email you enter, your brand name if you add it, your website if you add it, your phone number if you add it, and the page you came from. We use this only to contact you about access to our invite-only beta. The lawful basis is your consent and our legitimate interest in following up on a request you started. Raising your hand does not subscribe you to marketing; that only happens if you tick the separate opt-in box.

We keep your request for up to 24 months. If you do not become a customer, you can ask us to delete it sooner. You can request access to, correction of, or deletion of your information at any time by emailing hello@joinsquareup.com. We honor Do Not Track signals on this site. The data controller is SquareUp; reach us at hello@joinsquareup.com.

Marketing emails, only if you opt in

We send marketing email only to people who asked for it. There are two streams you can choose: the useful stuff (tips to sell more and keep customers) and Same Store, More Sales, our monthly newsletter. The waitlist checkbox opts you into the tips; the newsletter uses double opt-in, so you also confirm from a link we email you. We never add the people already on our waitlist to marketing without a fresh opt-in.

The lawful basis is your consent where consent is required (the EU, EEA, UK, and India) and our legitimate interest elsewhere, and you can withdraw any time: every email has a one-click unsubscribe, and the preference center lets you turn each stream on or off on its own. We keep a record of when and how you opted in (and out) as proof of consent, even after we erase the rest of your data. Unsubscribing is separate from deleting your data; you can do either. Marketing email is sent from a dedicated sending subdomain through our email provider acting on our behalf, kept apart from your order and account emails.

When you talk to Sage

Sage is the seller on the front of a SquareUp store, and you can chat with it on this site by typing or, if you choose, by voice. If you speak to it, your browser asks your permission for the microphone first, and your audio is sent to our voice partners only to turn your speech into text and to speak the reply back. We do not store your recordings. What you type or say is used only to answer you in the moment; we may keep a short note of what you asked so we can improve the experience. Do not share sensitive personal details in the chat.

How we measure this page

While we are in invite-only beta, we measure how people move through this page so we can improve it: we set a first-party measurement cookie (a random id, not your name or email, up to 12 months, never shared) and, if configured, Google Analytics with your IP anonymized and ad personalization off. It never receives your name or email. In regions with prior-consent rules (the EU, EEA, UK, and India), none of this runs until you say yes; elsewhere it runs by default and you can opt out anytime from the Cookie settings link in the footer. If your browser sends a Do Not Track or Global Privacy Control signal we do not run any of it, for the cookie and Google Analytics alike.

What we record is the page and section you view, how long you spend, and the clicks and choices you make (including the problems you pick, which we use to tailor what this page shows you). If you later give us your email, we connect it to your earlier visits so we can follow up about your interest. The detailed browsing events are kept for up to 365 days and then deleted automatically; your funnel and lead history are kept. Ask us to delete your data at hello@joinsquareup.com and we remove your events and unlink your visit history.

When you try the demo

The live demo sets its own first-party cookie the first time you act in it (a random id, not your name, up to 180 days, never shared). It connects what you do in the demo, the pages, the questions you ask the store, and the moves you make in the console, into one trail. If you give us your email there, we link that trail to it so we can follow up about your interest, and your email is kept in one place. Demo browsing events are kept for up to 365 days and then deleted automatically. Ask us to delete your data at hello@joinsquareup.com and we remove your demo trail and unlink your email.

A complete policy ships before general availability, including data processing terms for merchants who need them.