EU and UK users have legal rights under GDPR to access, correct, delete, or move their personal data, and can object to certain types of processing, exercisable by contacting Squarespace directly.
This analysis describes what Squarespace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are among the strongest data protection rights globally and are legally enforceable, meaning Squarespace is obligated to respond to valid requests within specific regulatory timeframes.
EU and UK users can formally request a copy of their personal data, ask for corrections or deletion, restrict processing, or object to data use for marketing, with enforceable response obligations on Squarespace under GDPR.
Cross-platform context
See how other platforms handle EU and UK Data Subject Rights and similar clauses.
Compare across platforms →Monitoring
Squarespace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area or the United Kingdom, you have certain rights in relation to your personal information under the General Data Protection Regulation (GDPR) or equivalent laws, including: the right to access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object, and rights in relation to automated decision-making and profiling. To exercise any of these rights, please contact us at privacy@squarespace.com or submit a request through our Privacy Request Form.— Excerpt from Squarespace's Squarespace Privacy Policy
REGULATORY LANDSCAPE: This provision directly implements GDPR Articles 15-22, which establish data subject rights for EU/EEA residents, and equivalent UK GDPR provisions. The Irish Data Protection Commission is the lead supervisory authority given Squarespace's EU establishment in Ireland. GDPR requires responses to data subject requests within one month, extendable by two additional months in complex cases, with notification obligations if requests are denied. GOVERNANCE EXPOSURE: Medium. Squarespace's explicit enumeration of GDPR rights is a positive compliance indicator, but the operational capacity to fulfill rights requests at scale, particularly for erasure and portability, requires robust internal processes. Failure to respond within statutory timeframes or to implement erasure effectively creates regulatory exposure to enforcement by the Irish DPC. JURISDICTION FLAGS: Applies to EU/EEA and UK users. Squarespace's dual controller/processor role means that for visitors to customer-hosted sites, rights must be directed to the website owner rather than Squarespace, which the policy acknowledges but which may not be clear to all users in practice. CONTRACT AND VENDOR IMPLICATIONS: B2B customers using Squarespace should confirm that their DPA with Squarespace obligates Squarespace to assist with data subject requests received by the customer, as required by GDPR Article 28(3)(e). Procurement teams should assess whether Squarespace's data subject request processes integrate with the customer's own workflows. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the Privacy Request Form and email channel for GDPR request intake to confirm identity verification, response tracking, and escalation procedures are in place. Records of rights requests and responses should be maintained. For erasure requests, teams should verify that deletion extends to backup systems and third-party processors within appropriate timeframes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are among the strongest data protection rights globally and are legally enforceable, meaning Squarespace is obligated to respond to valid requests within specific regulatory timeframes.
EU and UK users can formally request a copy of their personal data, ask for corrections or deletion, restrict processing, or object to data use for marketing, with enforceable response obligations on Squarespace under GDPR.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Squarespace.