Every Squarespace website that collects personal data needs its own privacy policy. Squarespace's platform privacy policy only covers Squarespace itself, not your individual site. If you use Squarespace Analytics, form blocks, Commerce, email campaigns, member areas, or any third-party integrations, you must disclose this data collection to your visitors under GDPR and CCPA.
What Squarespace Collects By Default
Data collection that happens on every Squarespace site, even without your direct involvement.
Every Squarespace website automatically collects certain data through the platform's built-in services. Even if you never look at your analytics dashboard, Squarespace is recording visitor activity from the moment your site goes live. Understanding the difference between what Squarespace collects as a platform provider and what you collect as a site owner is essential for writing an accurate privacy policy.
Squarespace Analytics is enabled by default on all sites. It tracks page views, unique visitors, traffic sources, popular content, geographic location (by country and region), device type, browser type, and time spent on pages. This data is collected through first-party cookies and server logs. Even a simple one-page portfolio site on Squarespace triggers all of this tracking automatically.
Beyond analytics, Squarespace hosting logs IP addresses, browser information, operating systems, and access timestamps for every visitor. Squarespace also sets cookies for session management, security, and site functionality. Under GDPR, any website that collects personal data from EU residents must provide a clear, accessible privacy policy. Since Squarespace sites are accessible globally, both GDPR and CCPA typically apply.
The consequences of operating without a privacy policy can be severe. Learn more about the risks of not having a privacy policy, including fines of up to 20 million euros under GDPR.
Did you know?
Squarespace powers millions of websites worldwide, including businesses, portfolios, and online stores. Despite this scale, Squarespace's Terms of Service place full responsibility for privacy compliance on individual site owners. You are the data controller for any personal information collected through your Squarespace site, not Squarespace.
| Squarespace Service | Data Collected | Collected By | Disclosure Required |
|---|---|---|---|
| Squarespace Analytics | Page views, unique visitors, traffic sources, device info, geographic location | Squarespace (for you) | Yes |
| Squarespace Hosting | IP addresses, browser type, operating system, access timestamps | Squarespace (platform) | Yes |
| Squarespace Cookies | Session identifiers, preferences, security tokens, analytics cookies | Squarespace (platform) | Yes |
| Site Search | Search queries, search result clicks | Squarespace (for you) | Yes |
The key distinction is that Squarespace collects some data as part of its platform infrastructure (hosting logs, security cookies), while other data is collected specifically for your benefit (analytics dashboards, search queries). Your privacy policy must cover both categories because visitors experience both types of collection when they visit your site.
Q: Can I disable Squarespace Analytics to avoid data collection?
You cannot fully disable Squarespace Analytics or platform-level data collection. Squarespace hosting still logs IP addresses and access data for security and performance purposes. Your privacy policy should disclose this baseline data collection regardless of whether you actively use the analytics dashboard.
Q: Is Squarespace Analytics the same as Google Analytics?
No. Squarespace Analytics is Squarespace's own built-in analytics tool that runs on all Squarespace sites. Google Analytics is a separate third-party service that you connect through the integrations panel. If you use both, you must disclose both in your privacy policy.
Squarespace Features That Collect Data
Each Squarespace feature you enable creates additional data collection that must be disclosed.
| Feature | Data Collected | Privacy Impact | Consent Needed |
|---|---|---|---|
| Analytics | Page views, visitors, traffic sources, geography, device data | Medium (tracking cookies) | Yes (GDPR) |
| Forms | Names, emails, phone numbers, custom field data | High (PII collection) | Yes |
| Commerce | Billing info, shipping addresses, order history, payment data | High (financial data) | Yes |
| Email Campaigns | Email addresses, open rates, click rates, subscriber activity | Medium (email tracking) | Yes |
| Member Areas | Account credentials, profile info, login activity, content access | High (account data) | Yes |
| Scheduling (Acuity) | Client names, contact info, appointment details, intake forms | High (PII collection) | Yes |
| Blog Comments | Commenter names, emails, comment content, timestamps | Medium (PII collection) | Yes |
| Acuity Scheduling | Appointment bookings, client history, payment for sessions, custom intake data | High (sensitive data possible) | Yes |
Form Blocks
Squarespace form blocks are one of the most common data collection tools on the platform. Every form submission stores the data in your Squarespace panel, including:
- Contact form submissions (names, emails, phone numbers, messages)
- Newsletter signup email addresses
- Custom form fields (any data you choose to collect)
- Submission timestamps and source pages
Squarespace Commerce
Squarespace Commerce processes transactions through Stripe or PayPal. Your privacy policy must disclose:
- Payment card details (processed by Stripe or PayPal, not stored by you)
- Billing names and addresses
- Shipping addresses and order history
- Abandoned cart tracking and recovery emails
Email Campaigns
Squarespace Email Campaigns is a built-in email marketing tool that collects:
- Subscriber email addresses and names
- Email open rates and click-through tracking
- Subscriber engagement history
- Unsubscribe and bounce data
Member Areas
Squarespace Member Areas creates gated content sections with user accounts, collecting:
- Registration data (name, email, password)
- Membership tier and subscription status
- Content access history and login records
- Payment data for paid memberships
Acuity Scheduling
Acuity Scheduling (now part of Squarespace) collects appointment and client data:
- Client names and contact information
- Appointment dates, times, and service types
- Payment information for paid appointments
- Custom intake form responses (which may include sensitive data)
Blog Comments
If you enable comments on your Squarespace blog, additional data is collected:
- Commenter names and email addresses
- Comment content and posting timestamps
- Website URLs (if provided by commenters)
Third-Party Integrations
External services connected to your Squarespace site that add data collection you must disclose.
Squarespace allows you to connect a wide range of third-party services through its integrations panel and code injection features. Each integration that collects, processes, or shares visitor data must be disclosed in your privacy policy. Here are the most commonly used integrations and what they collect:
| Integration | Data Collected | Purpose | Privacy Impact |
|---|---|---|---|
| Google Analytics | Page views, sessions, demographics, behavior flow, device data | Website analytics | High (cross-site tracking) |
| Mailchimp | Email addresses, names, open/click rates | Email marketing | Medium (consent required) |
| Stripe | Payment card details, billing addresses, transaction data | Payment processing | High (financial data) |
| PayPal | Payment details, email, billing and shipping addresses | Payment processing | High (financial data) |
| Instagram cookies, engagement tracking, embedded content data | Social media display | Low to Medium (cookies) | |
| Pin activity, save button clicks, browsing behavior | Social sharing and ads | Medium (tracking pixels) | |
| Facebook Pixel | Browsing behavior, conversions, device data, IP address | Advertising retargeting | High (cross-site tracking) |
Each of these integrations introduces additional data processing that operates independently of Squarespace's own data collection. When a visitor lands on your site, they may be tracked by Squarespace Analytics, Google Analytics, and Facebook Pixel simultaneously, with each service sending data to different servers in different countries. Your privacy policy must explain all of this to be compliant.
Squarespace also allows you to inject custom code through the Code Injection feature (under Settings). Any tracking scripts, pixels, or analytics tools you add through code injection must also be disclosed. Many Squarespace users add Google Tag Manager, Hotjar, or other tracking tools this way without realizing the privacy implications.
Did you know?
The average Squarespace website with common integrations (Google Analytics, a social media feed, and a payment processor) sends visitor data to at least 4 to 6 different third-party companies. Each of these data transfers must be individually disclosed in your privacy policy under GDPR Article 13, including the identity of each recipient and the purpose of each transfer.
How to Add a Privacy Policy in Squarespace
Step-by-step instructions for placing your policy where visitors and regulators can find it.
Having a privacy policy is only half the requirement. It must also be easily accessible to your visitors. Here is where and how to add your privacy policy to your Squarespace site:
Create a dedicated privacy policy page
In the Squarespace editor, go to Pages and click the plus icon to add a new blank page. Title it 'Privacy Policy' and paste your complete privacy policy content. Set the URL slug to /privacy-policy for clarity. You can place this page in the 'Not Linked' section so it does not appear in your main navigation.
Add a footer link
Go to your site's footer settings (under Design or the footer section editor). Add a navigation link pointing to your privacy policy page. The footer is the most common and expected location for privacy policy links. Visitors and regulators will look here first.
Link from your cookie consent banner
Squarespace includes a built-in cookie banner that you can enable under Settings. Configure it to include a link to your privacy policy page. Visitors should be able to read your full privacy policy directly from the consent banner before accepting cookies.
Add links to all forms
Every form block on your Squarespace site that collects personal data (contact forms, newsletter signups) should include a link to your privacy policy. Add a text block below the form with language like 'By submitting this form, you agree to our Privacy Policy' with a link.
Link from checkout and Commerce pages
If you use Squarespace Commerce, make sure your privacy policy is linked from the checkout flow. Go to Commerce settings and add your privacy policy URL to the legal pages section. Customers should see the link before completing a purchase.
Add to Member Area signup flows
If you use Squarespace Member Areas, ensure your privacy policy is visible during the registration process. Members should agree to your privacy policy before creating an account. Add the link to your signup page or gate page content.
GDPR requires that your privacy policy be accessible "at the time when personal data are obtained." This means visitors must be able to read your policy before submitting any data, not just from a buried footer link. Make sure your policy is prominent and easy to find on every page that collects information.
Q: Should I put my privacy policy in the main navigation or the footer?
The footer is the standard location for legal pages on Squarespace sites. Place the page in the "Not Linked" section of your Pages panel so it does not clutter your main navigation, then add a link in your footer. This keeps your design clean while ensuring accessibility.
Q: Can I use Squarespace's built-in legal page templates?
Squarespace does not provide pre-written privacy policy templates. You need to create your own page and add your custom privacy policy content. A generic template will not accurately reflect your specific data practices, integrations, and compliance requirements.
Common Squarespace Privacy Mistakes
Misconceptions that leave Squarespace site owners exposed to fines and compliance issues.
These are the five most common privacy mistakes Squarespace site owners make. Each one creates a real compliance gap that can lead to regulatory action.
Mistake: "Squarespace handles privacy compliance for me"
Squarespace has its own privacy policy for the Squarespace platform, but this policy covers Squarespace as a company, not your website. You are the data controller for your site and must have your own privacy policy that describes your specific data collection practices, the integrations you use, and how you handle visitor information.
Mistake: "The cookie banner is all I need for GDPR"
Squarespace's built-in cookie banner is only one part of GDPR compliance. You also need a comprehensive privacy policy, proper cookie categorization, the technical ability to block non-essential cookies before consent, and clear documentation of each cookie's purpose. The banner alone does not make you compliant.
Mistake: "I do not collect data, I just have a portfolio site"
Every Squarespace website collects data automatically. Squarespace Analytics tracks page views, session data, and visitor devices. Squarespace hosting logs IP addresses and browser information. Squarespace sets cookies for functionality and session management. Even a simple one-page portfolio site on Squarespace is collecting personal data that must be disclosed.
Mistake: "I only need to disclose Squarespace features, not third-party tools"
Any third-party service you connect to your Squarespace site, whether through the integrations panel or code injection, must be disclosed in your privacy policy. This includes Google Analytics, Facebook Pixel, Mailchimp, Stripe, PayPal, and any tracking scripts. Visitors have the right to know about every service that processes their data.
Mistake: "I copied a privacy policy from another Squarespace site"
Copying another site's privacy policy is both a copyright violation and a compliance risk. Each privacy policy must accurately reflect your specific data practices, the Squarespace features you use, the integrations you have connected, and your business operations. A copied policy will almost certainly be inaccurate. Learn more about why every website needs its own policy.
Did you know?
Many Squarespace users add tracking scripts through the Code Injection feature without updating their privacy policy. A study of Squarespace websites found that over 50% had undisclosed third-party trackers running on their sites. Each undisclosed tracker is a separate GDPR violation that can result in fines of up to 20 million euros.
How to Create a Privacy Policy for Your Squarespace Site
A step-by-step process to generate a compliant privacy policy tailored to your Squarespace website.
Creating a privacy policy for your Squarespace site does not have to be complicated. Follow these six steps to create a policy that covers all your Squarespace-specific data collection and meets GDPR and CCPA requirements.
Audit your Squarespace site's data collection
Go through your Squarespace settings and document every feature you have enabled. Check which features are active: Analytics, form blocks, Commerce, Email Campaigns, Member Areas, Acuity Scheduling, and blog comments. For each one, note what types of data it collects from visitors.
List all third-party integrations
Open your Squarespace integrations panel and review every connected service. Also check the Code Injection section for any manually added tracking scripts. For each integration, identify what visitor data it accesses, collects, or transmits. Pay special attention to analytics tools, payment processors, and social media connections.
Determine which privacy laws apply
Based on where you are located and where your visitors come from, identify your legal obligations. If you have any EU visitors, GDPR applies. If you have California visitors and meet CCPA thresholds, CCPA applies. Most Squarespace sites have a global audience, so both typically apply.
Generate your privacy policy
Use a privacy policy generator to create a document tailored to your Squarespace site. Answer questions about your data practices, features, and integrations. A good generator will produce a policy covering all required sections including data collection, cookies, third-party sharing, user rights, and data retention.
Add the policy to your Squarespace site
Create a dedicated page in the Squarespace editor, paste your privacy policy, and add links from your footer, cookie banner, all forms, checkout pages, and member signup flows. Make sure the policy is accessible before any data collection occurs.
Schedule regular reviews
Set a reminder to review your privacy policy at least annually. Update it immediately whenever you connect or remove integrations, enable new Squarespace features, change payment providers, or modify your data collection practices. Keep the 'last updated' date current.
The entire process should take less than 30 minutes. The most time-consuming part is the initial audit of your Squarespace features and integrations. Once you know what data you collect, the policy generation itself takes under 60 seconds. Compare your approach with other platforms like Webflow or Carrd to see how privacy requirements vary across website builders.
Frequently Asked Questions
Does Squarespace provide a privacy policy for my website?
No. Squarespace has its own privacy policy that covers the Squarespace platform, but it does not cover your individual website. You are responsible for creating and maintaining a privacy policy that describes your own data collection practices, including any Squarespace features and third-party integrations you use.
Is a privacy policy required for a Squarespace website?
Yes. If your Squarespace website collects any personal data, including through Squarespace Analytics, form blocks, Commerce, email campaigns, or member areas, you are legally required to have a privacy policy under GDPR, CCPA, and most other privacy laws. Even a simple portfolio site with built-in analytics enabled is collecting visitor data.
Does Squarespace's cookie banner make my site GDPR compliant?
Not by itself. Squarespace offers a built-in cookie banner, but GDPR compliance requires more than just a banner. You also need a comprehensive privacy policy, proper cookie categorization, the ability to block non-essential cookies until consent is given, and clear descriptions of each cookie's purpose and duration.
How do I add a privacy policy to my Squarespace site?
Create a new page in the Squarespace editor and paste your privacy policy content. Then add a link to this page in your site footer navigation, your cookie consent banner, and any forms that collect personal data. Squarespace also lets you add legal links through the footer settings in your site design panel.
Do third-party integrations need to be disclosed in my Squarespace privacy policy?
Yes. Every third-party service you connect to your Squarespace site that collects or processes visitor data must be disclosed in your privacy policy. This includes Google Analytics, Mailchimp, Stripe, PayPal, Instagram, Pinterest, Facebook Pixel, and any other integration that tracks, stores, or transmits user data.
What happens if my Squarespace site does not have a privacy policy?
Operating a Squarespace site without a privacy policy when you collect personal data can result in GDPR fines of up to 20 million euros or 4% of global annual revenue. CCPA violations carry penalties of $2,500 to $7,500 per violation. Beyond fines, you risk losing customer trust and may violate Squarespace's own terms of service.
Can I copy another Squarespace site's privacy policy?
No. Copying another site's privacy policy is both a copyright violation and a compliance risk. Each privacy policy must accurately reflect your specific data practices, the Squarespace features you use, the integrations you have connected, and your particular business operations. A copied policy will almost certainly be inaccurate for your site.
Generate Your Squarespace Privacy Policy
Create a customized, legally compliant privacy policy for your Squarespace website in under 60 seconds. Covers all Squarespace features and third-party integrations.
Structured around widely accepted GDPR and CCPA requirements. Not legal advice.
Related Resources
Privacy Policy for Websites
General website compliance guide
Privacy Policy for Wix
Wix-specific compliance guide
Privacy Policy for Webflow
Webflow-specific compliance guide
Privacy Policy for Carrd
Carrd-specific compliance guide
Privacy Policy for Weebly
Weebly-specific compliance guide
GDPR Privacy Policy Template
EU compliance template and guide
What Happens Without a Privacy Policy
Risks and penalties explained
Privacy Policy Generator
Generate your policy in 60 seconds