Privacy Notice
Last Updated May 15, 2026
This website is owned and operated by Girl Scouts of the USA, a 501(c)(3) nonprofit organization headquartered at 420 5th Ave, New York, NY 10018, USA ("Girl Scouts of the USA," "GSUSA," or "we"). Our online properties include, but are not limited to, all pages found on our main corporate Site (www.girlscouts.org), the Juliette Gordon Low Birthplace Site (www.juliettegordonlowbirthplace.org), USA Girl Scouts Overseas (www.usagso.org), and our official online store (www.girlscoutshop.com). This Privacy Notice applies to any websites and mobile apps that link to this Privacy Notice (collectively referred to below as the "Sites").
GSUSA recognizes the importance of data privacy and is committed to respecting and protecting it. This Privacy Notice describes the types of Personal Data we collect when you use our Sites and discloses how we collect, process, and use it, the purposes for which we use it, the third parties we share it with, and any rights you may have with respect to it. For purposes of this Privacy Notice, "Personal Data" means information that, alone or in conjunction with other information, identifies or can be associated with an individual and is subject to one or more data protection laws. This Privacy Notice applies to Personal Data we receive when we act as a "data controller," meaning we determine the purpose and means of processing the Personal Data. By using the pages on our Sites, you consent to our use of your Personal Data in the manner disclosed in this Privacy Notice and accept the practices described here to protect it. Our practices regarding the collection and processing of Personal Data are updated when necessary to comply with changes in the law, our internal policies, and other requirements. In such cases, a link to a revised Privacy Notice will be added to the applicable Sites.
We collect information to improve your online experience and better assist you in using our Sites. For example, if you order merchandise from girlscoutshop.com or cookies from a "Digital Cookie" Site established by one of our members, we will collect your name, mailing address, phone number, and credit card information along with the details of the items you selected so we can place and fulfill your order. If you visit girlscouts.org or juliettegordonlowbirthplace.org, we will identify and collect the geographic location of the device you are using so we can communicate location-specific notices, and we may collect information about the device you are using to display webpages formatted for your device. In this Privacy Notice, "collection" refers to the gathering of data for processing or use and does not necessarily indicate long-term storage. The Personal Data we collect will be stored only to the extent necessary for the purpose for which it is collected. For example, we will retain your geolocation data only while you interact with our Site; if you sign up to receive a newsletter or other periodic communication, we will maintain your email address until you advise us that you no longer wish to receive that communication.
You may visit our Site without providing any information to us. However, our Sites use automated technologies to collect certain information, which may include Personal Data. For example, when you access a Site, our servers automatically collect data that identifies your geographic location, IP address, and information about the device you are using, such as your operating system and browser type. We also collect data from tracking technologies on our Sites to enhance visitors' user experiences.
If we place a "cookie" in the browser or on a user's mobile device that accesses a Site, information stored in the cookie will be communicated to our servers along with the cookie's unique identifier. We collect data from the cookie to recognize repeat users, track your browsing behavior, and help us identify content likely to be useful to you based on your prior interactions with the Site. If you do not want us to use cookies to record your interactions with our Sites, you can update your browser settings to stop your browser from accepting cookies. However, because many of our applications rely on cookies, changing these permissions in your browser settings may reduce the functionality you experience on the Site. If you accept our cookies, they will be stored on your computer, and the data we collect will be used to help us improve your experience on our Site. We use pixels embedded in the webpages on our Sites to record page URLs, the time you spend on each page, and your interactions with specific pages. These pixels are also used to enable third parties to show you Girl Scouts-related content when you visit their websites. We also use screen recording technologies to capture user mouse movements, enabling us to better analyze user interactions with our Sites.
Universal Opt-Out Mechanisms (UOOMs)
Residents of certain states have the right to opt out of the processing of personal data for targeted advertising through a universal opt-out mechanism. Our website is configured to automatically detect and honor these signals (e.g., Global Privacy Control). Upon detection, we will cease the applicable processing for that browser or device without requiring further action from you. To use a universal opt-out mechanism, you must download a browser or plugin that supports GPC and enable it in your browser or plugin settings. This signal applies to the specific browser or device you are using.
You can visit most of our Sites without creating an account or entering any information. However, certain Sites (e.g., where you register for events) require you to provide your name, birth date, email address, phone number, and mailing address.
The Girl Scouts respects and welcomes people from all backgrounds and abilities. We collect information about our users’ race and ethnicity to help ensure that support and funding for girls are available across communities. We de-identify, aggregate, and analyze this information to help us continue to offer events that appeal to girls in their local communities.
Data We Receive from Third Parties
We may also receive Personal Data updates for existing customers from our service providers, such as decedent updates and USPS National Change of Address (NCOALink) Mail Forwarding changes.
HOW WE USE AND SHARE PERSONAL DATA
We do not sell Personal Data to third parties for monetary or other valuable consideration. Because we do not undertake such activities, we do not provide opt-out request processes for the sale of personal information.
We do not store credit card data or related information, nor do we receive this data from third parties. While some pages on our site enable users to enter credit card data, this information is encrypted and submitted directly to the payment processor, not to GSUSA, to process donations and payments for products and services, and to have the products and merchandise you ordered delivered.
We do not process your personal data for profiling to make solely automated decisions that produce legal or similarly significant effects on consumers.
Regardless of the type of data collected, it will be used or shared only to enable us to highlight events and activities across the Girl Scout Movement that might be of interest to you, to let our third-party partners know you might be interested in our products and services, to process, fulfill, and deliver orders you place for products and merchandise, and to process donations.
We require you to create an account to purchase a Girl Scout membership, attend events, and purchase merchandise. You will typically be required to provide us with Personal Data such as your name, email address, phone number, and mailing address to create a password-protected account to access the system.
When you provide your name, date of birth, and the names and ages of any guests you identify to join you for online and/or in-person events and activities, we will associate that information with the event, and we may use it to invite you to other events, such as age-appropriate activities in your community.
We will also use your name, email address, phone number, and mailing address to process job applications and send you newsletters, marketing materials, emails, and other communications. The credit card data and billing address you provide will be submitted to the system run by the payment processor and used, together with your other Personal Data, to process donations and payments for products and services and to have the products and merchandise you ordered delivered.
Data We Share with Third Parties
Girl Scout councils are independent organizations that deliver Girl Scout programs and services to girls. GSUSA shares Personal Data with Girl Scout councils to enable customers to participate in Girl Scout programs, promotions, and services. Councils can use your Personal Data for their own business purposes and will treat it in accordance with their privacy policies. When you join, volunteer for, or participate in Girl Scouts, you consent to GSUSA sharing your Personal Data with Girl Scout councils. To revoke your consent to GSUSA sharing your Personal Data with councils, please submit a request to delete your Personal Data, as described below.
We use website cookies to direct third parties to display Girl Scout ads and information to you when you visit their websites. For example, a cookie stored on your computer when you visit our page can be used to tell Facebook to display Girl Scout ads when you are logged into your Facebook account. Before this Personal Data is transmitted, it is encrypted so the advertiser can identify the users to whom our ads should be displayed, but the advertiser cannot restore the Personal Data to its original form. Regardless of whether the encrypted Personal Data is useful for identifying individuals who may be receptive to viewing Girl Scout ads, the advertiser promptly deletes it upon completion of this process. To opt out of having your Personal Data processed for purposes of targeted advertising, please contact us via our Girl Scouts Privacy Portal.
We may also share our customers' Personal Data with third parties in the following categories: (i) service providers (e.g., email service providers, shipping services, delivery services, data storage providers, and demographic categorization vendors) in furtherance of our operations or the operation of the Site, or to engage in Girl Scouts fundraising, marketing communications and promotions; (ii) advisors, law enforcement, government agencies, and other entities as necessary to comply with legal processes such as a subpoena or court order or to otherwise protect your or our legal rights; (iii) third-party bakers and other vendors we use to fulfill orders for and deliver cookies and other merchandise you requested; or (iv) other third parties at your direction or for other purposes for which you provided the information.
Your Personal Data is collected, stored, and processed by our vendors or us in the United States of America or other countries that may not be your home country and that might not be deemed to provide protections equivalent to your home country.
Artificial Intelligence (AI) and Automated Systems
Some of our service providers may use automated or artificial intelligence–enabled technologies to help deliver services such as analytics, security, customer support, or operational efficiency. Your personal data is not used to train the service providers’ own AI models, and no decisions that significantly affect you are made solely by automated means. The way these providers process Personal Data is only in accordance with our instructions and applicable law.
The safety and security of your experience is of the utmost concern to us. We take measures to implement reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and ensure the correct use of the information we collect.
We retain your Personal Data for only as long as necessary to achieve the purposes described in this Privacy Notice or any other information provided at the time of collection, considering the applicable statute of limitations and records retention requirements under applicable law. We may retain your Personal Data for a longer period in the event of a complaint, in reasonable anticipation of litigation, and for other legal or accounting requirements.
We use Transport Layer Security (TLS) encryption technology to secure certain communications with our Sites. For example, we use TLS to secure the credit card information you enter on our Site when you make donations to the organization, order merchandise, or register for events. You can verify that your communication to our server is secure by confirming that the URL for our Site begins with "https."
Some browsers also display a padlock icon in the address bar to indicate that your connection to a website is secure and encrypted using TLS. When you order merchandise, we also encrypt your credit card number when we store your order and whenever we transfer that information to our partners, who fulfill and deliver your orders.
STEPS WE TAKE TO PROTECT THE PRIVACY OF CHILDREN
As the safety of children is of paramount importance to us, We are committed to complying with the Children's Online Privacy Act of 1998 (COPPA), which requires us to obtain the consent of the parent or guardian to collect Personal Data from children under the age of 13 and requires us to inform parents and legal guardians about our practices for the collection and use of that Personal Data, other than contact information required to obtain parental consent. We do not knowingly collect Personal Data from children under 13 without first obtaining consent from a parent or legal guardian. With parental consent, we may collect the name, address, email address, birthdate, account information, and user-generated content from children under the age of 13. We encourage children to use an alias (e.g., "Bookworm," "Skater," etc.), first name, nickname, initials, or another alternative to full names or screen names that correspond with an email address for any activities that will involve public posting. Once a parent authorizes collection, we will use the child's Personal Data to fulfill a requested transaction, facilitate participation in programs, keep records, undertake certain marketing activities (in accordance with applicable law and any required consents), and otherwise customize or enhance the website experience for children. Sites that offer parents the option to allow their children to submit Personal Data include processes for obtaining parental or guardian verification.
Parents can revoke their consent at any time and ask us to delete any information we collect from their children. If we learn that we collected Personal Data from a child under 13 without proper consent, we will delete that data ourselves. If you believe we collected Personal Data from your minor child under the age of 13 without having proper consent, you can exercise your right to review and delete the Personal Data collected by contacting us via our Girl Scouts Privacy Portal or by email to Girl Scouts of the USA at info@girlscouts.org. If you submit a deletion request, we will stop collecting, using, processing, or disclosing information from that child and delete the information we have already collected. To process a request to review or delete the Personal Data collected, we must verify the identity of the requesting parent. The requesting parent will receive instructions to verify their identity via email after submitting the request. To respect the privacy of parents, information collected and used solely for obtaining verifiable parental consent or providing notice is not maintained in retrievable form by our Sites if parental consent is not obtained within a reasonable time.
We retain your Personal Data for only as long as it is necessary to achieve the purposes described in this Privacy Notice or any other information provided at the time of collection, considering the applicable statute of limitations and records retention requirements under applicable law. We may retain your Personal Data for a longer period in the event of a complaint, in reasonable anticipation of litigation, and for other legal or accounting requirements.
U.S. State-Specific Data Privacy Information (General)
GSUSA and other nonprofit organizations are exempt from the data privacy laws of most U.S. states. Residents of Colorado, Delaware, Maryland, Minnesota, Montana, New Jersey, and Oregon currently have the following rights with respect to Personal Data collected from you when you visit our Sites:
- Confirm whether GSUSA is processing your Personal Data and, if so, access that Personal Data.
- Rectify/correct any inaccuracies in your Personal Data.
- Ask us to delete any of your Personal Data that is stored in our systems.
- Obtain a copy of the Personal Data we have for you in a format that allows you to transmit it to another data controller (also known as the "Right to Data Portability").
- Opt out of having your Personal Data processed for purposes of targeted advertising.
You have the right to be free from unlawful discrimination for exercising your rights under applicable state law.
In addition to the rights described above, Delaware and Maryland residents have the Right to Obtain a list of categories of third parties to whom we may have disclosed their Personal Data.
In addition to the rights described above, Minnesota and Oregon residents have the right to obtain a list of third parties to whom we may have disclosed their Personal Data (Right to Disclosure).
While we are not currently subject to the data protection laws that provide rights to residents of other U.S. states, we continue to monitor the privacy law landscape and, when necessary, will update our practices and this Notice to remain in compliance with applicable laws.
Additional Information for Those Outside of the United States
Girl Scout programs are delivered to girls living outside of the United States, and our Sites may be available to users in many countries. When you visit a Site from outside the United States, your Personal Data may be transferred to our service providers or us in the United States or other countries with data protection laws that differ from those in your country. The types of Personal Data we collect are the same as those collected from those in the United States, and when your Personal Data is transferred to us, we will protect it as described in this Privacy Notice, including, to the extent required by applicable law, by using a legally valid transfer mechanism or other data transfer safeguards.
We honor many of the principles set forth in data protection applicable outside the U.S., including transparency, purpose limitation, storage limitation, data minimization, and accuracy.
Residents of the European Union and Countries with Similar Data Protection Laws
Users who have rights under foreign laws, such as, for example, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the Swiss Federal Act on Data Protection (FADP), have the following rights regarding their Personal Data:
- Right to Access: You can ask us whether we process your Personal Data, and, if so, to access it.
- Right to Rectification: You can ask us to correct inaccurate or incomplete Personal Data.
- Right to Erasure: You can ask us to delete your Personal Data, subject to legal obligations.
- Right to Restrict Processing: You can limit how we process your Personal Data.
- Right to Data Portability: You can request a copy of your Personal Data in a structured, commonly used format.
- Right to Object: You can object to the processing of your Personal Data for certain or all purposes.
- Right to Withdraw Consent: You can withdraw your consent to the processing of your Personal Data at any time.
We generally attempt to honor requests from residents of other jurisdictions that seek to exercise these rights.
To exercise the rights described above, please contact us via our Girl Scouts Privacy Portal or by email to Girl Scouts of the USA at info@girlscouts.org.
Only you or an adult you designate to act on your behalf (where permitted by law) may make a request related to your Personal Data. A request to exercise any of these rights must identify the right you want to exercise and describe the information to which your request relates in sufficient detail to allow us to understand, evaluate, and respond to your request.
If you make any request related to your Personal Data, we must verify your identity (and, where applicable, your designated agent’s identity) before we can address your request. Before granting a request to correct, delete, or obtain a copy of your Personal Data, we require you to verify your request and identity by providing your full name, email address, postal address, and phone number. We will send you an email with a link to a web page where you can provide your information.
If you choose to use a designated agent, they must provide (i) their full name, email address, and phone number, (ii) proof of their identity and address (e.g., a copy of their driver's license, passport, or other government identification), and (iii) proof of authorization to act on your behalf (e.g., power of attorney, or a notarized letter authorizing them to submit a request on your behalf, signed by you and including your name and address and the name, address, and phone number of your designated agent) when they submit a request on your behalf. If your designated agent cannot provide proof of authorization, please contact us as described below. You will receive an email notifying you that a request was submitted on your behalf. The email will indicate the type of request (correction, deletion, or digital copy) and the email address of the person submitting on your behalf.
We will verify your identity (and your designated agent’s identity) by comparing the information you provide with our records, where applicable. In certain cases, we may need to ask for more information. Any Personal Data we collect from you in connection with your request to verify your identity (or establish the authority of your designated agent) will be used solely to verify your identity (or authorization). We may not be able to respond to your request or provide you with the information you requested if we cannot verify your identity (or establish the authority of your designated agent). This verification process is solely for your protection and is not intended to delay or prevent your request from being responded to.
You may also have the right to appeal a decision we make regarding requests to exercise these rights. To appeal a decision, please follow the instructions provided in our communication regarding the status of your request.
If you no longer wish to receive email communications you have received from GSUSA, you may select the "unsubscribe" link at the bottom of the email to have us remove your email address from the email in question. Please note that if you have signed up for more than one email list or used more than one email address, you must submit a separate opt-out request for each one. Please also visit our SMS Terms and Conditions for more information, including how to opt out.
LINKS TO OTHER WEBSITES AND SERVICES
Our Sites may link to other websites and services that Girl Scouts of the USA does not maintain. Notably, we allow Girl Scout council websites to link to our Sites, and our Sites provide links to scholarship opportunities that may be available to our members. These linked websites have their own privacy policies, which you should review before visiting them. GSUSA is not responsible for linked websites. We provide these links solely for the convenience and information of our users.
If you have any questions about our Privacy Notice, you can contact us via this customer service form. Send us your question, and we will reply as soon as possible. You can also contact us at:
Email: info@girlscouts.org
Phone: (800) GSUSA4U [(800) 478-7248]
Monday-Friday, 8:30 a.m. – 7:30 p.m. ET.
Thank you for visiting our Site.
