If Squarespace is sold, merges with another company, or goes through a major business change, your personal data may be transferred to the new owner as part of that deal.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A change in ownership could result in your personal data being controlled by a different company with different privacy practices, and you may not have advance notice or a meaningful ability to prevent the transfer.
In the event of a corporate transaction such as a sale or merger, your personal data, including account information, usage history, and payment details, may transfer to a new entity whose privacy practices may differ from Squarespace's current policy.
How other platforms handle this
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: Corporate transaction data transfers implicate GDPR Article 6 lawful basis requirements and may require data subjects to be notified of a new controller under Articles 13 and 14. In the US, the FTC has addressed data transfers in M&A contexts through enforcement guidance and in cases where successor entities materially change privacy practices. CCPA and CPRA require that the successor entity honor opt-out rights and existing consumer requests. GOVERNANCE EXPOSURE: Medium. The clause is standard across the industry and contemplates legal compliance, but the phrase 'as permitted by law and/or contract' is broad and does not specify notification timelines or user consent requirements in a transaction scenario. Successor entity privacy posture is inherently uncertain at the time of drafting. JURISDICTION FLAGS: EU and UK users have stronger protections under GDPR, which requires a lawful basis for any transfer to a new controller and may require fresh notification. California users retain CPRA rights against successor entities. Jurisdictions with sector-specific privacy laws may impose additional notification or consent requirements. CONTRACT AND VENDOR IMPLICATIONS: B2B customers using Squarespace should assess whether their agreements with Squarespace contain change-of-control provisions or consent requirements for data transfer to a successor. Due diligence teams evaluating Squarespace as an acquisition target or partner should assess the scope of data assets potentially transferred and applicable regulatory obligations. COMPLIANCE CONSIDERATIONS: Legal teams should monitor for corporate transaction announcements that could trigger notification or consent obligations. Data processing agreements should be reviewed to determine whether they survive corporate transactions and bind successor entities. GDPR Article 14 notification obligations to data subjects of a new controller may apply in an acquisition scenario.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A change in ownership could result in your personal data being controlled by a different company with different privacy practices, and you may not have advance notice or a meaningful ability to prevent the transfer.
In the event of a corporate transaction such as a sale or merger, your personal data, including account information, usage history, and payment details, may transfer to a new entity whose privacy practices may differ from Squarespace's current policy.
ConductAtlas has identified this type of provision across 23 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.