Squarespace keeps your personal data for as long as needed to run its services, meet legal requirements, or handle disputes, and may retain data even longer if litigation is anticipated.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
Interpretive note: The policy does not specify retention periods by data category, creating uncertainty about when data is deleted in practice; the litigation hold exception's scope is not defined.
Your personal data may be retained indefinitely where Squarespace anticipates potential legal disputes, and the policy does not specify defined retention periods for different data categories, making it difficult to know when your data will be deleted even after your account is closed.
How other platforms handle this
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. The criteria used to determine our retention periods include: the length of ...
We may retain de-identified or aggregated information that can no longer be used to identify you for any period of time, including indefinitely.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise permitted or required by applicable law.
Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal information for as long as necessary to provide you with our services, comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain your personal information where we reasonably believe there is a prospect of litigation. If you would like us to delete your information, please contact us at privacy@squarespace.com.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: Data retention practices engage GDPR Article 5(1)(e) on storage limitation, which requires data be kept no longer than necessary for the specified purpose. The Irish DPC and UK ICO have both issued guidance requiring defined retention schedules rather than open-ended retention. CCPA and CPRA do not impose specific retention periods but require disclosure of retention practices. The litigation hold carve-out may conflict with GDPR erasure rights under Article 17 in some circumstances, though legal obligation exceptions under Article 17(3) may apply. GOVERNANCE EXPOSURE: Medium. The absence of specific retention periods by data category is a gap relative to GDPR storage limitation requirements. The litigation hold provision is standard but its open-ended nature may create tension with GDPR erasure rights. Compliance teams should assess whether Squarespace maintains documented retention schedules behind the policy's general language. JURISDICTION FLAGS: EU and UK users face the highest exposure under GDPR and UK GDPR storage limitation principles. California users should note that CPRA requires businesses to disclose how long personal information will be retained, which the policy addresses only generally. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request Squarespace's internal data retention schedules to confirm they satisfy GDPR storage limitation requirements. B2B customers should assess whether their DPAs with Squarespace address retention and deletion obligations for processed data. COMPLIANCE CONSIDERATIONS: Compliance teams should request or assess Squarespace's internal retention schedules to determine whether they are documented and enforceable. The litigation hold carve-out should be evaluated against GDPR Article 17 to confirm that erasure requests are appropriately handled when legal proceedings are not reasonably anticipated. Records of retention decisions should be maintained.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
Your personal data may be retained indefinitely where Squarespace anticipates potential legal disputes, and the policy does not specify defined retention periods for different data categories, making it difficult to know when your data will be deleted even after your account is closed.
ConductAtlas has identified this type of provision across 115 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.