Effective Date: August 20, 2020
Thanks for visiting Squarespace! Squarespace (“Squarespace”, “we”, “us” or “our”) respects your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we collect, what we do with it and your choices and rights.
If you are in California, the “California Residents” section below provides additional information in accordance with the CCPA.
1. Some key terms
If you are a User, see our Data Processing Addendum to learn more about how we process User Content or other personal information on your instructions or with your permission. Please see Section 3.7 of our Terms of Service to learn more about how we act as a “Service Provider” if you are a “Business” under the CCPA with respect to data of your “Consumers” (as defined under the CCPA) which meets the definition of “Personal Information” under the CCPA.
3. Personal information we collect
We collect various personal information regarding you or your device. This includes the following:
Information you provide to create an Account, specifically email address, first name and last name. If you sign up for Paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card) and we ask you to select your jurisdiction.
Your marketing preferences.
The emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information on public parts of our sites is available to others.
Information you share with us in connection with surveys, contests or promotions.
Information from your use of the Services or Users’ sites. This includes: IP addresses, preferences, web pages you visited prior to coming to our or our Users’ sites, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ sites (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
Information we get from our partners to support our marketing initiatives, improve our Services and better monitor, manage and measure our ad campaigns, such as details about when a partner of ours shows you one of our ads on or via its advertising platform.
Other information you submit to us directly or through Third Party Services if you use a Third Party Service to create an Account (based on your privacy settings with such Third Party Service).
4. How we collect personal information
We obtain personal information from various sources. We do this in three main ways:
You provide some of it directly (such as by registering for an Account).
We record some of it automatically when you use our Services or Users’ sites (including with technologies like cookies).
We receive some of it from third parties (like when you register for an account using a Third Party Service or when you make payments to us using our payment processor or via a mobile app store).
We’ve described this in more detail below.
a. Personal information you provide
When you use our Services, we collect information from you in a number of ways. For instance, we ask you to provide your name and email address to register and manage your Account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. You might also provide us with information in other ways, including by responding to surveys, submitting a form or participating in contests or similar promotions.
Sometimes we require you to provide us with information for contractual or legal reasons. For example: (i) when you register or transfer a domain name through the Services, in order to comply with ICANN, registry, ccTLD or registrar policies, we collect your domain registration information; or (ii) we may ask you to select your jurisdiction when you sign up for Paid Services to determine if, and how much, tax we need to collect from you. We’ll normally let you know when information is required, and the consequences of failing to provide it. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide you with the service or if we are legally required to collect it.
b. Personal information obtained from your use of our Services
When you use our Services, we collect information about your activity on and interaction with the Services, such as your IP address(es), your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our mobile apps.
If you are an End User of our Users’ sites, we also get information about your interactions with their sites, though we use this in anonymous, aggregated or pseudonymized form which does not focus on you individually. We use this data to evaluate, provide, protect or improve our Services (including by developing new products and services).
c. Personal information obtained from other sources
If you use a Third Party Service (such as Google) to register for an Account, the Third Party Service may provide us with your Third Party Service account information on your behalf, such as your name and email address (we don’t collect or store passwords you use to access Third Party Services). Your privacy settings on the Third Party Service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the Third Party Service.
5. How we use your personal information
We use the personal information we obtain about you for the following purposes:
Provision of the Services. Create and manage your Account, provide and personalize our Services, register or transfer your domain names, process payments and respond to your inquiries.
Communicating with you. Communicate with you, including by sending you emails about your transactions and Service-related announcements.
Surveys and contests. Administer surveys, contests and other promotions.
Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs and promotions of Squarespace and our partners and measure the success of those campaigns. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
Advertising. Analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for Paid Services or we may choose to serve you a particular advertisement based on your subscription plan or what we think may interest you based on other information we hold about you.
Improving our Services. Analyze and learn about how the Services are accessed and used, evaluate and improve our Services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most Users of Paid Services use a particular integration or feature, we might wish to expand on that integration or feature.
Security. Ensure the security and integrity of our Services.
Third party relationships. Manage our vendor and partner relationships.
Enforcement. Enforce our Terms of Service and other legal terms and policies.
Protection. Protect our and others’ interests, rights and property (e.g., to protect our Users from abuse).
Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests.
We process your personal information for the above purposes when:
Consent. You have consented to the use of your personal information in a particular way. When you consent, you can change your mind at any time.
Performance of a contract. We need your personal information to provide you with services and products requested by you, or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign in to your Squarespace account.
Legal obligation. We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:
To operate the Squarespace business and provide you with tailored advertising and communications to develop and promote our business.
To analyze and improve the safety and security of our Services – we do this as it is necessary to pursue our legitimate interests in ensuring Squarespace is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam and abuse.
To provide and improve the Services, including any personalized services – we do this as it is necessary to pursue our legitimate interests of providing an innovative and tailored offering to our Users on a sustained basis.
To share your personal information with other Squarespace group companies that help us provide and improve the Services.
To comply with a court order or binding law enforcement request.
To anonymize and subsequently use anonymized information.
Protecting you and others. To protect your vital interests, or those of others.
Others’ legitimate interests. Where necessary for the purposes of a third party’s legitimate interests, such as our partners who have a legitimate interest in delivering tailored advertising to you and monitoring and measuring its effectiveness or our Users who have a legitimate interest in having their sites function properly and securely and analyzing the usage of their sites so they can understand trends and improve their services.
6. How we share your personal information
We share personal information in the following ways:
Affiliates. We share personal information with our affiliates when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the services we or they provide.
Users. We share with our Users data regarding usage by End Users of their sites. For example, we provide a User with information about what web page the End User visited before coming to their site and how their End Users interacted with their site. This is so Users can analyze the usage of their sites and improve their services.
Domain registration partners. If required to comply with ICANN, registry, ccTLD or registrar policies, we share your domain registration information with such domain registration partners.
Business partners. We may share personal information with business partners. For example, we may share your personal information when our Services are integrated with their Third Party Services, but only when you have been informed or would otherwise expect such sharing.
Third Party Plugins and Social Networks. We may share personal information with website plugins, social media platforms or similar Third Party Services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a Third Party Service to create or log in to your Account, we may share your personal information with that Third Party Service.
Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.
Process payments. We transmit your personal information via an encrypted connection to our payment processor.
Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property or interests (such as enforcing our Terms of Service) or prevent fraud or abuse of Squarespace or our Users or End Users. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
Advertising. We share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness. For example, we may share your pseudonymized email address with a third party social media platform on which we advertise to avoid serving Squarespace ads to people who already use Squarespace.
Business transfers. If we’re involved in a reorganization, merger, acquisition or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals.
7. Your rights and choices
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete personal information.
You can access, update, change or delete personal information (or that of your End Users) either directly in your Account or by contacting us at firstname.lastname@example.org to request the required changes. You can exercise your other rights (including deleting your Account) by contacting us via your Account or at the same email address. Please note that we may need to verify your identity in connection with your requests, and such verification process may, if you do not have access to your Account, require you to provide us with additional information (e.g., government identification). Even if you have access to your Account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request.
You can also elect not to receive marketing communications by changing your preferences in your Account or by following the unsubscribe instructions in such communications.
Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes or enforce our legal terms or policies, to the extent permitted under applicable law.
You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to EU data protection laws, we suggest you lodge any such complaints with our lead supervisory authority:
Irish Data Protection Commissioner
Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 57 868 4757
Fax: +353 57 868 4757
Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.
If you are an End User of one of our User’s sites, you should contact them to exercise your rights with respect to any information they hold about you.
8. How we protect your personal information
While no service is completely secure, we have a security team dedicated to keeping personal information safe. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, of the personal information in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
9. How we retain your personal information
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your Account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.
As Users may have a seasonal site or come back to us after an Account becomes inactive, we don’t immediately delete your personal information when your trial expires or you cancel all Paid Services. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.
Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.
10. Data transfers
Personal information that you submit through the Services may be transferred to countries other than where you live, such as, for example, to our servers in the U.S. We also store personal information locally on the devices you use to access the Services.
Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information.
We rely upon a number of means to transfer personal information which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR. These include:
Standard data protection clauses. We transfer, in accordance with Article 46 of the GDPR, personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.
Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding, enforceable commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.
You can find out more information about these transfer mechanisms here or you can request a copy from us.
11. Privacy Shield
While Squarespace no longer relies upon the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”) to provide a legal basis for transfers to the US, Squarespace, Inc. has certified its compliance to the Privacy Shield, which continues to apply.
Squarespace is committed to treating personal information received from the European Economic Area, Switzerland and the United Kingdom pursuant to the Privacy Shield in accordance with the applicable Principles. You can find our certification here and you can learn more about the Privacy Shield and Principles by visiting https://www.privacyshield.gov/.
If you have a question or complaint you believe to be within the scope of our Privacy Shield certification, please contact us first at email@example.com, or using the contact details in the “How to contact us” section below. We’ll respond within 45 days.
For any complaints that we can’t resolve directly, JAMS is the independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance. You can contact JAMS free of charge at https://www.jamsadr.com/eu-us-privacy-shield. JAMS is an alternative dispute resolution provider based in the U.S.
If your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under the Privacy Shield Principles. For purposes of enforcing compliance with the Privacy Shield, Squarespace, Inc. is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
Nothing in Privacy Shield affects your rights as a data subject under any European Commission approved standard data protection clauses we use for transfers to the US.
12. End Users’ personal information
Our customers who have created a site using Squarespace are responsible for what they do with the personal information they collect, directly or through Squarespace, about their End Users. This Section 12 is directed to such customers.
a. Your relationship with End Users
You’re solely responsible for complying with any laws and regulations that apply to your collection and use of your End Users’ information, including personal information you collect about them from us or using Squarespace functionality or cookies or similar technologies.
You must publish your own privacy and cookie policies and comply with them.
We’re not liable for your relationship with your End Users or how you collect and use personal information about them (even if you collect it from us or using Squarespace functionality or cookies or similar technologies) and we won’t provide you with any legal advice regarding such matters.
b. End User payment information
Your End Users’ payment information may be processed via third party eCommerce Payment Processors with which you integrate your Account, in accordance with such eCommerce Payment Processors’ terms and policies. We transmit your End Users’ complete payment information when they initially provide or update it only so that we can pass it along to the eCommerce Payment Processors you agree to use. We don’t collect or store your End Users’ payment information.
13. California Residents
This Section 13 is only applicable to you if you are a resident of the state of California in the US (“California Residents”) and only applies to personal information for which Squarespace is a “Business” (as defined in the CCPA), but does not apply to personal information we collect from you in the course of our provision of services to you where you are an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. It applies to personal information we collect from California Residents on or through our Services and through other means (such as information collected offline or in person). With respect to personal information for which you are a “Business” and Squarespace is a “Service Provider,” please see Section 3.7 of our Terms of Service.
a. Categories, business and commercial purposes, sources and third parties
Identifiers, such as your name and email address.
Commercial information, such as transaction data.
Financial data, such as partial payment information we receive from our payment processor.
Internet or other network or device activity, such as browsing history.
Location information, such as general information inferred from an IP address.
Sensory information, such as recordings of support calls.
Other information that identifies or can be reasonably associated with you.
We collect personal information directly from you (either directly or through a Third Party Service), automatically through your use of the services, and from third parties such as business partners, service providers, and payment processors.
We collect personal information for the following business purposes: (i) providing the Services (including without limitation maintaining your Account, processing and fulfilling orders, and administering surveys and contests); (ii) providing customer support for the Services; (iii) operating the Services (including without limitation managing third party relationships and enabling usage of our service providers); (iv) communicating with you; (v) customizing the Services; (vi) securing and protecting the Services (including without limitation auditing the Services, bug and fraud detection, debugging and repair of errors and the detection, protection and prosecution of security incidents or illegal activity); (vii) enforcing our terms and policies; (viii) complying with law; (ix) verifying your identity; and (x) other business purposes about which we may notify you from time to time.
We collect personal information for uses that advance our commercial or economic interests such as: (i) promoting surveys and contests; (ii) promoting and advertising the Services; (iii) customizing the Services; (iv) improving our Services; (v) communicating with you about relevant offers from third parties; and (vi) other commercial purposes about which we may notify you from time to time.
b. Your requests
Subject to certain exceptions and restrictions, the CCPA provides California Residents the right to submit requests to a business which has collected their personal information: (i) to provide them with access to the specific pieces and categories of personal information collected by the business about such California Resident, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of third parties with which such information was shared; and (ii) to delete such personal information (each, a “California Request”). We need certain types of information so that we can provide our Services to you. If you ask us to delete some or all of your information, you may no longer be able to access or use the Services.
If you are a California Resident, please follow the instructions in the “Your rights and choices” section above to submit California Requests and please make sure you note that you are a California Resident when you do so. California Residents may designate an authorized agent to make California Requests on their behalf. In order to designate an authorized agent to make a California Request on your behalf, you or your agent must provide proof that the agent has been authorized by you to act on your behalf, such as written authorization signed by you authorizing that agent to act on your behalf. We reserve the right to request additional information from you and/or individuals purporting to be authorized agents, such as when we suspect fraud.
c. Do not sell my personal information
California residents may opt out of the “sale” of their personal information. The CCPA broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookie identifiers, IP addresses and/or browsing behavior to add to a profile about your device, browser or you. Such profiles may enable delivery of interest-based advertising by such third parties within their platform or on other sites.
Depending on how you use the Services, we may share the following categories of information for such interest-based advertising which may be considered a sale (as defined by the CCPA): identification and demographics; device information and identifiers, such as IP address and unique advertising identifiers and cookies; connection and usage information, such as browsing history or app usage; and inference data.
If you would like to opt out of Squarespace’s use of your information for such purposes (to the extent this is considered a sale), you may do so within the Services.
d. We do not discriminate against you
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Squarespace does not discriminate against California Residents for exercising their rights.
15. Who is Squarespace?
When we say “Squarespace” (or “we”, “us” or “our”), we mean: (a) Squarespace, Inc. if you are a resident of or have your principal place of business in the United States of America or any of its territories or possessions (the “US”); or (b) Squarespace Ireland Limited, in any other case.
If your place of residence or principal place of business changes, the Squarespace entity that controls your personal information will be determined by your new residence or principal place of business from the date it changes.
16. How to contact us
If you are a resident of or have your principal place of business in the US:
Attention: Legal – Privacy
225 Varick Street, 12th Floor
New York, NY 10014 United States
If you are a resident of or have your principal place of business anywhere other than the US:
Squarespace Ireland Limited
Attention: Legal – Privacy
Le Pole House
Ship Street Great
Dublin 8, D08N12C