Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Squarespace's privacy policy, explaining what personal information the company collects when you use its website-building and e-commerce tools, how it uses that data, and who it shares it with. The most important thing to know is that Squarespace shares your data with third-party advertising and analytics partners, and if you are a visitor to a Squarespace-hosted website rather than a direct Squarespace customer, your data is controlled by the website owner, not Squarespace directly. If you are a California resident or EU user, you have specific rights to access, delete, or opt out of certain uses of your personal data, and you can exercise these rights by submitting a request through Squarespace's privacy request form at squarespace.com/privacy.
This document is Squarespace's privacy policy governing the collection, use, storage, and sharing of personal information from users of Squarespace's website-building platform, e-commerce tools, and related services, with a stated legal basis rooted in contractual necessity, legitimate interests, consent, and legal obligation depending on the processing activity. The policy states that Squarespace collects identifiers such as name, email, and payment information; behavioral data including browsing and usage patterns; device and location data; and content uploaded by users, and the terms authorize sharing this data with service providers, business partners, advertising networks, and in the context of corporate transactions such as mergers or acquisitions. The policy's dual-role structure, in which Squarespace acts as both a data controller for its own users and a data processor for website visitors whose data is handled on behalf of Squarespace customers, is operationally distinct and creates layered compliance obligations that may not be immediately apparent to end users. The policy engages GDPR for EU/EEA users, CCPA and CPRA for California residents, and UK data protection law, with Squarespace identifying Ireland as its EU establishment and offering region-specific rights including access, deletion, portability, and objection; compliance exposure is heightened for EU and California users given the dual-controller/processor structure and the breadth of third-party data sharing described. Squarespace's use of standard contractual clauses for international data transfers and its reliance on opt-out rather than opt-in consent for certain marketing and analytics activities may require evaluation under applicable regulatory guidance, particularly for EU users.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Squarespace has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Dual Controller-Processor Role and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.