Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Create an Account and App
Make your First API Call
View the API Logs
Verify the Payment
What's Next
Overview
Build Basics
Versioning
Access Tokens
Frontend and Backend Development
General Development Concepts
TLS and HTTPS
Using the REST API
Handling Errors
Collecting Information
Language Preferences
Working with Dates
Working with Monetary Amounts
Working with Addresses
Custom Attributes
Idempotency
Pagination
Optimistic Concurrency
Clear Object Fields
Square eCommerce APIs
Square API Lifecycle
Developer Console
Square Dashboard
Test in Sandbox
Sandbox Payments
API Explorer
API Logs
Webhook Event Logs
Create a Notification URL
Subscribe to Event Notifications
Verify and Validate an Event Notification
Manage Operations
Move Event Notifications to Production
Webhook Events Reference
Troubleshooting
Authentication
Postman
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Sample Applications
GraphQL Basics
Build your First Query
GraphQL Explorer
Query Examples
Create Redirect URL and Authorization Page URL
Receive Authorization and Manage OAuth Tokens
Refresh and Revoke OAuth Tokens
Token Introspection
OAuth Best Practices
OAuth Walkthrough
Migrate to the Square API OAuth Flow
Move OAuth to Production
Permissions Reference
Webhook Subscriptions
Events
Deprecated Items
v1 Payments API
v1 Refunds API
Square Transactions API
Migrate Employees to Team Members
Migrate from CreateCheckout to CreatePaymentLink
OAuth and Testing
International Payments
Regional Differences for International Development
Compliance with Japan's Tax Invoice System

/

Dev Essentials

/

Build Basics

/

General Development Concepts

Best Practices for Collecting Information

Learn about the best practices for collecting and handling customer information.

Overview
Only collect what you need
Always use opt-in instead of opt-out
Don't persist PII
Don't share PII
Encrypt customer information in transit
Handle customer data responsibly
Link to section

Overview

If you collect, or plan to collect, personal information from users, it's critical that you handle that data responsibly.

Personal identifiable information (PII) includes obvious items such as an email address, phone number, device identifier, physical location, and spending habits. However, even less obvious information such as ZIP codes and typical commute times can be combined to help identify people without their consent.

Link to section

Only collect what you need

Collect the minimum amount of personal information necessary to provide the desired functionality. For example, if you only use email to communicate with site visitors, there's no reason to also collect phone numbers.

Link to section

Always use opt-in instead of opt-out

Let customers consent to sharing their data rather than collecting their data by default. For example, include a checkbox asking for permission to collect contact information and leave it unchecked by default.

Link to section

Don't persist PII

Avoid persistent caching or storage of PII, including in logs. Don't keep the information for longer than needed. The easiest way to avoid unintentionally exposing sensitive information is to delete it when you no longer need it.

Link to section

Don't share PII

Avoid sharing any PII or location information with third parties. When customers give you permission to collect and save their information, there's an expectation that the information is kept safe and not shared with others. Sharing their information with a third party without asking for explicit permission violates those expectations. You might be complicit if a third party handles the information irresponsibly.

Link to section

Encrypt customer information in transit

Secure your website traffic with HTTPS and TLS. If you're unfamiliar with HTTPS and TLS, see TLS and HTTPS for more information.

Link to section

Handle customer data responsibly

If your application uses contact information from a Customer object, be sure to use that information judiciously. The following tips describe how to handle customer data responsibly:

  • Respect customer email preferences. An email_unsubscribed field set to true indicates that the customer has opted out of marketing emails. Don't use their contact information to send marketing communications.
  • Don't store PII such as names, email addresses, and physical addresses without explicit consent.
  • Don't store sensitive or payment information in the note field.
  • Always use secure HTTPS for your own services to protect user information in transit.
Link to section

Additional build basics considerations

There are several other introductory topics provided for a new developer to quickly learn the basics of developing applications with Square. For more information, see Basics of Building Applications with Square.

On this page
OverviewOnly collect what you needAlways use opt-in instead of opt-outDon't persist PIIDon't share PIIEncrypt customer information in transitHandle customer data responsiblyAdditional build basics considerations