If Squarespace is sold, merges with another company, or goes through a major business change, your personal data may be transferred to the new owner as part of that deal.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A change in ownership could result in your personal data being controlled by a different company with different privacy practices, and you may not have advance notice or a meaningful ability to prevent the transfer.
In the event of a corporate transaction such as a sale or merger, your personal data, including account information, usage history, and payment details, may transfer to a new entity whose privacy practices may differ from Squarespace's current policy.
How other platforms handle this
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: Corporate transaction data transfers implicate GDPR Article 6 lawful basis requirements and may require data subjects to be notified of a new controller under Articles 13 and 14. In the US, the FTC has addressed data transfers in M&A contexts through enforcement guidance and in cases where successor entities materially change privacy practices. CCPA and CPRA require that the successor entity honor opt-out rights and existing consumer requests. GOVERNANCE EXPOSURE: Medium. The clause is standard across the industry and contemplates legal compliance, but the phrase 'as permitted by law and/or contract' is broad and does not specify notification timelines or user consent requirements in a transaction scenario. Successor entity privacy posture is inherently uncertain at the time of drafting. JURISDICTION FLAGS: EU and UK users have stronger protections under GDPR, which requires a lawful basis for any transfer to a new controller and may require fresh notification. California users retain CPRA rights against successor entities. Jurisdictions with sector-specific privacy laws may impose additional notification or consent requirements. CONTRACT AND VENDOR IMPLICATIONS: B2B customers using Squarespace should assess whether their agreements with Squarespace contain change-of-control provisions or consent requirements for data transfer to a successor. Due diligence teams evaluating Squarespace as an acquisition target or partner should assess the scope of data assets potentially transferred and applicable regulatory obligations. COMPLIANCE CONSIDERATIONS: Legal teams should monitor for corporate transaction announcements that could trigger notification or consent obligations. Data processing agreements should be reviewed to determine whether they survive corporate transactions and bind successor entities. GDPR Article 14 notification obligations to data subjects of a new controller may apply in an acquisition scenario.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A change in ownership could result in your personal data being controlled by a different company with different privacy practices, and you may not have advance notice or a meaningful ability to prevent the transfer.
In the event of a corporate transaction such as a sale or merger, your personal data, including account information, usage history, and payment details, may transfer to a new entity whose privacy practices may differ from Squarespace's current policy.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.