Squarespace keeps your personal data for as long as needed to run its services, meet legal requirements, or handle disputes, and may retain data even longer if litigation is anticipated.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
Interpretive note: The policy does not specify retention periods by data category, creating uncertainty about when data is deleted in practice; the litigation hold exception's scope is not defined.
Your personal data may be retained indefinitely where Squarespace anticipates potential legal disputes, and the policy does not specify defined retention periods for different data categories, making it difficult to know when your data will be deleted even after your account is closed.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain your personal information for as long as necessary to provide you with our services, comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain your personal information where we reasonably believe there is a prospect of litigation. If you would like us to delete your information, please contact us at privacy@squarespace.com.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: Data retention practices engage GDPR Article 5(1)(e) on storage limitation, which requires data be kept no longer than necessary for the specified purpose. The Irish DPC and UK ICO have both issued guidance requiring defined retention schedules rather than open-ended retention. CCPA and CPRA do not impose specific retention periods but require disclosure of retention practices. The litigation hold carve-out may conflict with GDPR erasure rights under Article 17 in some circumstances, though legal obligation exceptions under Article 17(3) may apply. GOVERNANCE EXPOSURE: Medium. The absence of specific retention periods by data category is a gap relative to GDPR storage limitation requirements. The litigation hold provision is standard but its open-ended nature may create tension with GDPR erasure rights. Compliance teams should assess whether Squarespace maintains documented retention schedules behind the policy's general language. JURISDICTION FLAGS: EU and UK users face the highest exposure under GDPR and UK GDPR storage limitation principles. California users should note that CPRA requires businesses to disclose how long personal information will be retained, which the policy addresses only generally. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request Squarespace's internal data retention schedules to confirm they satisfy GDPR storage limitation requirements. B2B customers should assess whether their DPAs with Squarespace address retention and deletion obligations for processed data. COMPLIANCE CONSIDERATIONS: Compliance teams should request or assess Squarespace's internal retention schedules to determine whether they are documented and enforceable. The litigation hold carve-out should be evaluated against GDPR Article 17 to confirm that erasure requests are appropriately handled when legal proceedings are not reasonably anticipated. Records of retention decisions should be maintained.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
Your personal data may be retained indefinitely where Squarespace anticipates potential legal disputes, and the policy does not specify defined retention periods for different data categories, making it difficult to know when your data will be deleted even after your account is closed.
ConductAtlas has identified this type of provision across 136 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.