Last Updated: January 1, 2023
View in PDF format
English | Español | Français Canada
At Gap Inc., and on behalf of our family of brands (Gap, Old Navy, Banana Republic, and Athleta) and subsidiaries:
We want to inform and empower you to exercise meaningful control over how your personal information is collected and used.
We hope you will use this Notice as a tool when choosing whether to engage with us or to request to limit certain uses of your personal information.
We collect the following types of personal information:
We collect personal information to:
We retain personal information for the length of time needed to fulfill the purposes for collection unless a longer retention period is required or permitted by applicable law.
Request to opt-out of certain uses of your personal information:
We may share personal information with other parties to provide analytics services and serve ads on our behalf targeted to your interests and based on your online activities. Information may be linked to your browser or device (like cookies and similar tracking technologies) and related to you if you have a customer account or interact with us in other ways. These parties may use the information for their own marketing and to offer products and services on our online services.
Your personal information is not shared for money, but certain uses may be deemed the “sale” or “sharing” of personal information under applicable privacy laws.
Click "Do Not Sell or Share My Personal Info" located at the bottom of our websites and within our mobile apps under Customer Service, to opt-out of these uses of your personal information. Users of websites in Canada (with .ca in the website address), please click "Interest Based Ads" located at the bottom of the websites.
The types of personal information we collect about you depend on your interactions with us but typically consist of information you provide to us, we generate and automatically collect on our online services, and we receive from other sources.
Please be aware that if you do not allow us to collect certain personal information, we may not be able to provide certain products and services, and some products and services may not be able to take account of your interests and preferences.
Information you provide to us
Contact and registration information. We collect contact and registration information when you purchase, exchange, or return products, request services, create a customer account, participate in a Loyalty Rewards Program, redeem promotions, or interact with us for other products and services, such as your name, email address, phone number, billing and shipping address, clothing size and fit preferences, and other information you may choose to provide (like your height, weight, interests and activity preferences, partial birthday, social media handle, preferred language, and your age and gender).
Transaction information. We collect transaction information you provide when you purchase, exchange, or return products, request services, or redeem promotions, such as your order and service details and payment information. We may add to or combine information we have collected about you. For example, we may identify the region you live in so we can show you prices for products in your local currency and improve the accuracy of your shipping address.
Communications information. We collect and record communications information and content you provide when you sign-up to receive marketing emails or texts and communicate with us about a customer service issue or to make other inquiries. For example, we collect and record information and content you provide to us over the phone, text, or online chat (you may choose to chat with us anonymously) or when you communicate with us using any other service or communication method. This type of information includes your contact information, the date and time you contacted us, call recordings, the content of your communications, and your communication method.
Customer content. We collect information and content you provide or make available in our public forums (like online message boards, social and wellness community environments, and other forums that do not have a restricted audience) and when you provide feedback or product reviews, respond to surveys, or use features of our services which may require the collection of certain personal information to utilized the features. We also collect information and content when you engage with us on social media (like when you tag us or our products and services or allow us to follow your social media profile). These types of information includes any information and content you choose to provide or make available, such as opinions, feedback, preferences, wellness goals, photos, images, and social media profiles and handles.
Information we generate and automatically collect
Internal customer identifiers and commercial information. We generate internal customer identifiers (like a customer or account ID) to keep track of and manage your transactions and relationships with us and collect commercial information, such as records of products or services purchased, requested, considered, exchanged, or returned, and other purchasing or consuming histories and tendencies. We may draw inferences about you from the other types of information we collect reflecting your interests, preferences, online behaviors, and characteristics.
Internet and network activity information. We use automated information technologies to collect certain internet and network activity information (with your consent, when required by applicable law) when you access or use our online services. This type of information includes:
Identifiers that can be used to recognize you or a device over time and across different services (like browser ID, device ID, IP address, cookies and app tracking technologies, or other forms of persistent or probabilistic identifiers).
Information about your interactions with our online services and advertisements, including browsing activities and data that reflects the content you have accessed, clicked on, or viewed, use of our accessibility features, and information about the websites or apps visited immediately before or after interacting with our online services.
Information about your computer or device, such as the browser version and device model.
Information about your precise location when you permit an online service to access device location
Safety and anti-theft information. In our stores and on our properties, we collect safety and anti-theft information, such as in-store video (like information from Closed-Circuit Television (CCTV)), electronic information from theft-prevention devices (like Radio Frequency Identification (RFID)), and similar information to help ensure your and our employees’ safety and security and to combat theft and other illegal activities.
In-store technologies. We offer Wi-Fi access points in some of our stores. If you choose to connect to our Wi-Fi Services, we will receive information about you and your device, such as your MAC and IP address, received signal strength indicators, and operating system. We may also collect information about the store location and areas of the store you visit, the names and internet addresses of the websites you visit, and the applications you use. We may collect de-identified data from Wi-Fi access points to understand traffic patterns in our stores.
De-identified data. We may generate and use de-identified data (or anonymized or aggregate information) which cannot reasonably be used to identify you. We will maintain and use this data only in a de-identified form and will not attempt to re-identify such data, except as permitted by applicable law.
Information we collect from others
We may collect personal information about you from publicly available and other sources, including:
Service providers and contractors. Service providers and contractors may collect personal information when processing personal information on our behalf for specific business purposes we alone or jointly with other data controllers determine, including information you provide to us and that we generate and automatically collect.
NFT platforms and blockchains. If you participate in a NFT (non-fungible token) program (like Gap Threads), we may collect information from third parties operating and hosting such programs, including digital wallet providers (such as Kukai) and open source blockchain networks (such as Tezos). We may collect NFT ownership information, including digital assets and tokens, and other NFT-related information (such as transfers of NFTs between accounts, the corresponding smart contracts, amounts paid, and metadata describing each NFT and its properties as a digital asset). We may also collect cryptocurrency wallet address and related information, including your digital wallet types, amounts of digital assets you possess, and account balances.
Social media platforms and content distribution channels. When you interact with content or features provided by social media platforms on our online services or our content or ads on social media platforms (like login or sign in features or tools that allow you to share our content with others), we may obtain information from the social media platforms, including your username, user ID, demographic information, and other service-related information, subject to the settings and privacy practices of the relevant social media platform. In addition, when you interact with our content, products, services, or ads available on third-party sites, apps, content distribution channels, or other media (like video sharing and social network websites and apps), we may obtain information from those third-party sources. The information we receive may include information about the content you view or access, your demographic information, and information about your interests.
Other third parties. Third-party data suppliers (such as data aggregators and data resellers) may supply us with internet and network activity information, demographic information, and other information that helps us recognize and learn more about you and other users of our online services. We may also collect information from third-party fraud prevention companies and companies that we allow to make their goods and services available to you on our online services, market and sell our products, or that offer products on a co-branded, co-sponsored, or cross-promotional basis, such as contact, transaction, and automatically collected information.
We have franchise agreements with franchisees in a number of countries around the world. Under these agreements, third parties operate (or will operate) stores, shop-in-shops, and websites that sell apparel and related products under our brand names. We do not share personal information with our franchisees, and they do not share personal information with us. Personal information collected by a franchisee is subject to the franchisee's own privacy policies. Please be sure to review other privacy policies that may apply.
We use personal information we collect to:
Provide products and services. These uses include providing products and services you purchase and request, such as processing transactions and payments, fulfilling orders, maintaining and servicing customer accounts and Loyalty Rewards Programs, and providing promotions, events, and other offers. We also use information to improve and develop new products and services. If you participate in a NFT program (like Gap Threads), we may also use your digital wallet and other related NFT or cryptocurrency information to facilitate your participation in the program and related cryptocurrency transactions.
Communicate with you. These uses include responding to your inquiries, providing customer service and technical support, sending you transactional and related communications about your purchases, Loyalty Rewards Programs, and product and policy changes, and sending you communications about promotions, events, and other offers and products and services we think may be of interest to you.
Operate and improve online services. These uses include operating, troubleshooting, improving, and developing new online services and features, as well as learning how you and other users interact with and respond to our online services and advertisements.
Personalize online content and experiences. These uses include personalizing online content, providing recommendations and reminders, and enhancing the quality and your overall experience with our online services (like retaining your user preferences and presenting content in the most effective manner for the browser or device you use to access our online services). We may try to establish cross-device connections and link the different browsers and devices you use to access or use our online services to help us recognize you as a customer or visitor and provide you with a seamless and consistent personalized experience when interacting with us using different browsers or devices.
Market and advertise. These uses include developing, managing, and conducting advertising and marketing campaigns. We may use personal information to serve targeted ads and analyze and measure the performance and reach of our advertising and marketing efforts (on our online services and elsewhere) based on your online activities and how you interact with our advertising and marketing. We may also use personal information to create and identify audiences that are most likely to respond to ads based on information we have already collected or infer about your interests and preferences.
Maintain safety and security and combat illegal activities. These uses include maintaining safety and security in our stores, preventing, detecting, and investigating security incidents or activities that may violate our polices or be illegal, and helping to ensure the ability of our networks and information systems to detect security incidents that may compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
Comply with legal obligations. These uses include complying with our legal and regulatory obligations (such as maintaining records of your privacy requests, preferences, and choices), protecting our rights and the rights of others, and fulfilling our corporate obligations.
For residents in certain jurisdictions outside the United States, we may process your personal information on the following grounds:
To perform our contractual obligations to you. We process your information to provide you with our online services and other products and services, related content, and to communicate with you. For example, when you make a purchase from us, we process your contact and payment information to fulfill our commercial obligations, communicate with you about your purchases and requested services, and provide customer services you request. Failure to provide requested information could prevent or delay the fulfillment of our contractual obligations.
To comply with our legal obligations and protect our rights. We process and share your information as necessary to comply with our legal obligations and protect our rights and the rights of others. For example, we may be required to collect certain information from you when processing your purchase and payment information for tax, regulatory compliance, or financial reporting reasons.
We may disclose or share the types of personal information we collect with:
Service providers and contractors. We may provide or make available personal information to service providers and contractors to process on our behalf for specific business purposes we alone or jointly with other data controllers determine. For example, service providers and contractors may process personal information on our behalf to process payment card transactions, distribute communications, operate online and other communication methods, manage offers and promotions, and provide services for order fulfillment and logistics, data analytics, computer and cloud-based networks, and fraud prevention.
Advertising and marketing providers. We may share your information with advertisers (such as advertising agencies, networks, and exchanges), marketing businesses, third-party data suppliers (such as data aggregators and data resellers), and other entities that help us to create, deliver, and assess our advertising and marketing campaigns and learn more about you and other users of our online services. These parties may combine your personal information with their own records (and records available from other sources) for their own purposes, including for their own and other third-party marketing. We do not share payment information with these parties.
Social media platforms. If you interact with social media widgets, share content using social media share buttons or access features of our online services that contain content or features provided by social media platforms, the relevant social media platforms may collect or have access to personal information. Please review the privacy policies of the social media platforms you interact with as we are not responsible for their privacy policies.
Participants in public forums or the public. When you participate in our public forums (like online message boards, social and wellness community environments, and other forums that do not have a restricted audience), you may choose to make your personal information available to other participants, such as your opinions, feedback, goals, and personal information that may be considered sensitive. Your personal information can be viewed by other participants, and they may be able to comment on it and collect and store it elsewhere before you have a chance to remove it. We do not control and are not responsible for how others may use your personal information. We urge you not to post or make any information available that can be used to directly identify you (such as your name, age, address, email, and phone number) or you have any concern about being viewed or accessible by other participants or the public.
Our credit card provider. We may provide you with offers to apply for credit from Barclays Bank (our co-branded credit card provider). We may use information from your customer account to facilitate your request to apply, pre-populate your online application, or send you a pre-approved credit offer. This and any other personal information you provide in connection with your application may be provided to Barclays Bank and is subject to Barclays Bank's privacy policies. As part of applying for credit, you may be asked to provide a government identification number, such as your social security number, national identification number, or driver’s license number. We do not retain this information. Please review all applicable terms and conditions.
NFT platform and blockchain participants. If you participate in a NFT (non-fungible token) program (like Gap Threads), by virtue of the public nature of the blockchain, the holdings and transactions associated with your cryptocurrency wallet address will be publicly available and accessible to third parties.
Non-profit groups and programs. If you participate in third-party non-profit programs, we may provide your information to the program providers, administrators, and others when required by the programs. For example, it may be necessary to provide your contact and purchase information to those who run the programs and your purchase information to credit card processors, so part of your purchase may be donated to non-profit organizations or participants. Once your information is provided to these third parties, it is subject to their privacy policies. Please review other privacy policies that may apply.
Other third parties. We may provide your information to other third-party companies that we allow to make their goods and services available to you on our online services, market and sell our products, or offer products on a co-branded, co-sponsored, or cross-promotional basis. These initiatives may be offered on our online services or on other media.
Parties you direct us to share information with. We may share your information with third parties with your consent or at your request.
Others when required by law or as necessary to protect our rights. We may share your information to comply with or enforce the law, legal process, or applicable industry standards (including responding to court orders, warrants, subpoenas, and other requests from public and government authorities) and as we believe is necessary or appropriate to protect, enforce, or defend our legal rights (including with third parties to help us prevent, detect, and investigate security incidents and combat fraud or other illegal activities) and protect individuals’ privacy and safety.
Parties involved in corporate transactions. We reserve the right to transfer any of the information we have about you to proceed with the consideration, negotiation, or completion of a sale or transfer of all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition, or other disposition, or in connection with a bankruptcy reorganization, dissolution, or liquidation.
Depending on where you reside and legal limitations, applicable laws in your jurisdiction may grant you the right to make certain privacy requests. Even if you do not live in one of these jurisdictions, we allow you to make the same requests, and we will take reasonable steps to fulfill them.
You may make a request to:
How to make a request to know, delete, or correct
Click here to make a request using our online Privacy Requests Form. To fulfill your request, we may need to verify your identity. We will send you an email with a link to confirm your email address and may request additional information solely for the purposes of verifying your identity. We only use the information collected through the Privacy Requests Form or otherwise requested to fulfill and maintain records of your request.
Please follow the instructions provided in the communications sent to you, including how to access the fulfillment status and other information related to your request.
You may have an authorized agent make a request on your behalf using the Privacy Requests Form. Your agent will be required to provide written proof that you gave the agent signed permission to submit the request on your behalf. In some cases, we may ask you to verify your identity directly with us or directly confirm that you provided the agent permission to submit the request on your behalf.
You or your authorized agent may also make a request by calling us toll-free at 1-866-237-4007 or writing to us at: Privacy Requests, Legal Department - Gap Inc., 2 Folsom Street, San Francisco CA 94105, United States.
If you are a business contact, please submit your requests by calling our toll-free number or by writing to us using the contact information above.
Notice regarding requests to delete. After submitting a request to delete, your personal information will be deleted, including your online accounts and Loyalty Program Memberships. Deletion removes all related records, including all Loyalty Program Membership rewards, benefits, and available promotions. We are not able to reinstate these after deletion.
Reviewing and correcting personal information. If you have created a customer account, you are able to review and update certain information and user preferences for your account. Please sign in and click "your account" in the top right corner of the website or the account icon in our mobile apps. You may also contact customer service or make a request to delete.
We work to fulfill requests within the time frames provided by applicable law, and, in some cases, fulfillment make take up to 45 days.
Opt-out of sharing for targeted advertising
Your personal information is not shared for money, but certain uses may be deemed the “sale” or “sharing” of personal information under applicable privacy laws. We do not sell or share personal information of individuals we know to be under 16 years of age.
Please click “Do Not Sell or Share My Personal Info” located at the bottom of our sites and within our mobile apps under Customer Service, to opt-out of these uses of your personal information using our Privacy Preference Page and Webform.
If you have a customer account, please sign-in first, before taking the steps on the Privacy Preference Page and Webform, so we can maintain your preference. We only use the information requested to fulfill and maintain records of your request. Your request may take up to 15 business days to process.
Users of websites in Canada (designated with .ca in the website address), please click "Interest Based Ads" located at the bottom of the websites.
Some browsers allow you to enable privacy-controls in the browser's settings to automatically signal your opt-out preference to the websites you visit (like the Global Privacy Control). We honor the Global Privacy Control as a valid request to opt-out of the sharing of information linked to your browser.
You may have an authorized agent submit a request to opt-out on your behalf using the Privacy Preference Page and Webform. Your agent will be required to provide your signed permission to make the request on your behalf. The requirement for your agent to provide signed permission does not apply to requests to opt-out received via the Global Privacy Control.
Please keep in mind:
Opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID. If you’re not signed-in to your customer account or don’t have a customer account, you will need to opt-out on each browser and device you use.
Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.
If you opt-out, you may still see ads online, but these ads will not be based on your inferred interests.
You may also choose to control targeted ads you receive within apps by using the settings and choices made available to you by your device manufacturer. Your device manufacturer will typically have their own privacy settings to block technologies used for targeted advertising or ask for your permission first.
You can read more about targeted adverting and take additional steps to control targeted advertising from many ad networks and exchanges by visiting the Digital Advertising Alliance (www.optout.aboutads.info) or European Interactive Digital Advertising Alliance (www.edaa.eu).
As online environments continue to evolve, additional opt-out mechanisms or privacy settings may become available to you. We encourage you to review the information on opt-outs and settings that browser owners, device manufacturers, technology companies, and industry associations make available to you.
Reasons a request may be denied and exceptions
We may deny your request if we are unable to verify your identity. We use your confirmation of your email address as one way to verify your identity. For example, we may deny your request, if you don’t timely respond to our request to confirm your email address or provide other requested information necessary for us to verify your identity or process your request. We may deny a request from an authorized agent if the agent does not provide required permissions.
If you make a request to delete your personal information, we may not be able to delete certain information if the information is required for us to process your purchase payments or fulfill your orders (exchanges or returns) or requested services.
If you participate in a NFT program (like Gap Threads), smart contracts are employed that collect certain information that is then stored on a blockchain that we do not control. Your information will be cryptographically transmitted and stored on that blockchain, and any deletion or modification of that information (to the extent possible on a blockchain) is governed by the terms of the relevant smart contract associated with the NFT and may not be able to be modified or deleted due to the immutable nature of the blockchain.
We may not be able to honor your request, to the extent it otherwise restricts our ability to comply with applicable law (including cooperating with law enforcement) or our regulatory obligations (like maintaining records of your requests and preferences) or in our good-faith judgment we believe information is necessary to exercise or defend a legal claim or protect our operations and property or the privacy, safety, and property of others.
We do not discriminate against anyone for exercising their privacy rights or making similar requests.
Automated individual decision making
We do not make decisions about you based solely on automated processing of your personal information, including profiling, which produces legal effects or similarly significantly affects you, unless necessary for entering or performance of a contract with you based on your explicit consent or as authorized by applicable law.
You may opt-out of receiving marketing or promotional emails from us by clicking on the “unsubscribe” link contained in such emails. Please keep in mind that if you opt out of receiving marketing or promotional emails, we may still send you transactional communications, such as those relating to your purchases or Loyalty Rewards Program.
Text message marketing
You may opt out of receiving marketing or promotional texts from us by texting the word STOP in response to a text message or following other instructions provided to you when you elected to receive texts. You may have requested texts from more than one list, so you will need to opt-out from each list you are on.
You may request that we stop sending you postal mail offers through the United States post office by writing to us at: Privacy Requests, Legal Department – Gap Inc., 2 Folsom Street, San Francisco, CA 94105, United States.
Co-branded, co-sponsored, or cross-promotional offerings
If you choose to participate in a co-branded, co-sponsored, or cross-promotional offering, the brand, sponsor, or other third party involved in that offering may use your information for their own purposes, including advertising and marketing. You must contact the relevant third party directly to exercise your opt-out choices with respect to the third party’s use of your information.
If an online service enables push notifications on your device, you may review and update your push notification preferences by adjusting the notification settings provided by your device manufacturer. Deactivation may not apply to our in-app notifications and alerts.
If you choose to use our in-store Wi-Fi services, you can opt-out of the auto-reconnect feature by adjusting your mobile device settings provided by your device manufacturer or by visiting www.smart-places.org.
We do not use or disclose sensitive personal information unless it is necessary to provide the goods or perform the services you have requested (such as processing or fulfilling orders and transactions), with your consent, or as otherwise authorized by applicable law (such as to prevent, detect, and investigate security incidents, ensure physical safety, and show non-personalized advertising as part of your current interaction with us).
We do not knowingly collect personal information directly from children under the age of 13 (16 in the United Kingdom or European Union) without parental consent. Our online services are general audience properties and are not specifically targeted to or intended for use by children.
We retain personal information for the length of time needed to fulfill the purposes for collection unless a longer retention period is required or permitted by applicable law.
Our goal is to provide you with safe and convenient experiences when you interact with us. We maintain technical and organizational measures designed to protect you and your personal information. Please note that we will never email you asking for personal information (like your customer account access credentials, date of birth, or credit card information). Additionally, we will never email you with attachments that can be opened. If you receive a suspicious email that appears to be from us, please contact us.
Please also keep in mind that our online services may contain links to other sites and platforms that we do not own or control. We are not responsible for the privacy practices of other sites and platforms. We encourage you to be aware when you leave our online services and to read the privacy policies published by relevant third parties that may apply.
Notice of Financial Incentive. We provide rewards benefits and special offers to customers who participate in our Gap Inc. Loyalty Rewards Programs (like Old Navy Navyist Rewards, Banana Republic Rewards, Athleta Rewards, Gap Good Rewards) (collectively, the "Loyalty Rewards Programs"). We may also provide other program offerings (such as sweepstakes, contests, or promotional campaigns) to customers who sign up to participate or to receive communications from us via email, text, and social media. Personal information is collected when you participate in Loyalty Rewards Programs and other program offerings and may include your contact and transaction information, information we generate and automatically collect, and other information that allows us to tailor our communications and provide offers and products and services we think may be of interest to you.
You can sign up to participate in Loyalty Rewards Programs online or in stores. Please review our Loyalty Rewards Program Terms and Conditions presented to you when you sign up. You can withdraw from Loyalty Rewards Programs at any time by contacting a customer service representative at 1-833-244-5556.
Loyalty Rewards Program benefits and offers and other program offerings are reasonably related to the value of a participant’s data based on our estimate of the value of participant’s data that forms the basis for offering the programs (less expenses to provide such programs). Methods used to calculate the value of a participant’s data include:
Loyalty Rewards Programs. Participants earn points when they purchase products from participating brands that can be used to discount the price of their future purchases with participating brands. We estimated the value of a participant’s data by comparing the amount spent by participants to similarly situated customers who do not participate in the Loyalty Rewards Programs over a 12-month period.
Other special offers. Participants receive special offers when they sign up, and the value of a participant's data varies based on: (i) the special offer provided at the time, (ii) the amount a participant purchases using that special offer, and (iii) the value of future special offers a participant receives from us and uses to make purchases. For example, a 20% discount offer will be valued differently depending on the amount of a participant's purchases.
If you participate in any of our Loyalty Rewards Programs or other program offerings, you will not be treated differently because you exercise a legal right or make a similar request.
If you request deletion of your personal information, deletion includes your online accounts and Loyalty Program Memberships (unless an exception applies) and all related rewards, benefits, and available promotions. We are not able to reinstate these after deletion
Statistics on California consumer privacy requests we receive. The following are statistics on the number of privacy requests we’ve received from California residents.
*Lack of response to identity verification.
Shine the light. California law permits California residents to request certain information regarding and/or opt-out of our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to us at the following address:
Legal Department – Gap Inc.
2 Folsom Street
San Francisco, CA 94105
Minor content removal. If you are a California resident, under 18, and a registered user of our services, you may ask us to remove content or information that you have posted to these services by contacting us. Please note that your request does not ensure complete or comprehensive removal of the content or information. For example, some of your content may have been reposted by another user on other media.
If you are in the United Kingdom, you may write to us at:
c/o Tmf Group, 8th Floor
20 Farringdon Street
If you are in the European Union, you may write to us at:
The DPO Centre Europe Ltd
3 Ballsbridge Park
Dublin, D04C 7H2