Squarespace plays two different privacy roles: it controls data when you are its direct customer, but when you visit a website that someone else built on Squarespace, the website owner controls your data and Squarespace is just processing it on their behalf.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This distinction determines who is legally responsible for protecting your data and who you can contact to exercise rights like deletion or access, which may not be obvious when visiting a Squarespace-powered site.
If you are a visitor to a third-party website built on Squarespace, your data access and deletion rights must be exercised with the website owner, not Squarespace, which may limit the practical remedies available to you depending on that owner's responsiveness.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When you visit a website built on Squarespace, Squarespace acts as a service provider or data processor, meaning that we process your information on behalf of the website owner. In this case, the website owner is responsible for the information they collect through their website and you should contact them about their privacy practices. When we collect information directly from you in order to provide our services to you (such as when you create a Squarespace account or subscribe to a plan), we act as a data controller.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: This dual-role structure directly implicates GDPR Articles 4(7) and 4(8) defining controller and processor, and Article 28 governing processor agreements. The Irish Data Protection Commission serves as Squarespace's lead EU supervisory authority. The structure also engages CCPA and CPRA definitions of business versus service provider. Where this distinction is not clearly communicated to website visitors, it may engage GDPR Articles 13 and 14 transparency obligations at the website-owner level. GOVERNANCE EXPOSURE: High. The operational complexity of a dual controller/processor structure creates downstream compliance obligations for Squarespace's B2B customers, who bear controller responsibility for visitor data but may not have adequate data processing agreements or GDPR-compliant notice mechanisms in place. Squarespace's policy asserts this distinction but enforcement of it depends on whether customer-facing sites implement adequate privacy notices. JURISDICTION FLAGS: Heightened exposure in the EU/EEA and UK, where GDPR and UK GDPR impose strict controller/processor delineation and mandate written data processing agreements. California exposure exists under CPRA, which similarly distinguishes between businesses and service providers. The provision may affect any jurisdiction with statutory definitions of data controller versus processor. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Squarespace to host customer-facing websites should confirm that a compliant data processing agreement is in place with Squarespace, and that their own privacy notices adequately disclose Squarespace's role as a processor. Procurement teams should audit whether existing DPAs address all relevant processing activities, data categories, and sub-processor arrangements. COMPLIANCE CONSIDERATIONS: Compliance teams at organizations using Squarespace should review their own privacy notices to ensure visitors are informed of the controller's identity and data practices. Data mapping exercises should reflect Squarespace as a sub-processor where applicable. Any data subject requests received by Squarespace-hosted site operators should be responded to within GDPR or CCPA timelines, and teams should confirm Squarespace's contractual commitments support this.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This distinction determines who is legally responsible for protecting your data and who you can contact to exercise rights like deletion or access, which may not be obvious when visiting a Squarespace-powered site.
If you are a visitor to a third-party website built on Squarespace, your data access and deletion rights must be exercised with the website owner, not Squarespace, which may limit the practical remedies available to you depending on that owner's responsiveness.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.