Every Weebly website that collects personal data needs its own privacy policy. Weebly's platform privacy policy only covers Weebly and its parent company Square, not your individual site. If you use Weebly's built-in analytics, contact forms, ecommerce store, membership features, or any third-party integrations, you must disclose this data collection to your visitors under GDPR and CCPA.
What Weebly Collects Automatically
Data collection that happens on every Weebly site, even without your direct involvement.
Every Weebly website automatically collects certain data through the platform's built-in services. Weebly, which is now owned by Square, runs analytics and tracking on all sites hosted on its platform. Even if you never check your Weebly Stats dashboard, visitor data is being recorded from the moment your site goes live.
Many Weebly site owners assume that because they built their site on a managed platform, Weebly handles privacy compliance for them. This is a dangerous misconception. Weebly's own privacy policy covers the Weebly and Square platforms themselves, not your website or your data collection activities. You are the data controller for any information collected through your Weebly site.
Under GDPR, any website that collects personal data from EU residents must provide a clear, accessible privacy policy. Since Weebly sites are accessible globally, both GDPR and CCPA typically apply.
The consequences of operating without a privacy policy can be severe. Learn more about the risks of not having a privacy policy, including fines of up to 20 million euros under GDPR.
| Weebly Service | Data Collected | Collected By | Disclosure Required |
|---|---|---|---|
| Weebly Stats | Page views, unique visitors, referral sources, search terms, geographic location | Weebly (for you) | Yes |
| Weebly Hosting | IP addresses, browser type, operating system, access timestamps | Weebly (platform) | Yes |
| Weebly Cookies | Session identifiers, preferences, login tokens, cart data | Weebly (platform) | Yes |
| Square Tracking | Marketing analytics, conversion tracking, cross-platform identifiers | Square (parent company) | Yes |
The key distinction is that Weebly collects some data as part of its platform infrastructure (hosting logs, security cookies), while other data is collected specifically for your benefit (analytics dashboards, form submissions). Your privacy policy must cover both categories because visitors experience both types of collection when they visit your site.
Did you know?
Square acquired Weebly in 2018 for $365 million. Since the acquisition, Weebly sites are deeply integrated with Square's payment and marketing ecosystem. This means your Weebly site may share data with Square even if you do not explicitly use Square Payments. Square's Terms of Service place full responsibility for privacy compliance on individual site owners.
Weebly Features That Collect Data
Each Weebly feature you enable creates additional data collection that must be disclosed.
Weebly offers a range of built-in features that collect personal data from your visitors. Here is a breakdown of each feature and the data it collects. Your privacy policy must cover every feature you have enabled.
| Feature | Data Collected | Storage Location | Privacy Impact |
|---|---|---|---|
| Analytics (Stats) | Page views, unique visitors, referrers, search terms, device and browser data | Weebly/Square servers | Medium |
| Forms | Names, emails, phone numbers, custom field data, submission timestamps | Weebly dashboard | High |
| Store/Ecommerce | Customer names, emails, shipping/billing addresses, order history, payment data | Weebly + Square | High |
| Blog | Commenter names, email addresses, comment content, timestamps | Weebly servers | Medium |
| Membership | Account credentials, profile data, login activity, access permissions | Weebly servers | High |
| Newsletter | Email addresses, subscription preferences, open/click rates | Weebly/Square Marketing | Medium |
Contact Forms
Weebly's drag-and-drop form builder makes it easy to add contact forms, but every submission stores personal data in your Weebly dashboard:
- Contact form submissions (names, emails, phone numbers, messages)
- RSVP forms and survey responses
- Custom form fields (any data you choose to collect)
- Submission timestamps and source pages
Weebly Store (Ecommerce)
Weebly's ecommerce features collect extensive customer data that requires detailed privacy disclosures:
- Customer names, emails, and shipping addresses
- Order history, product preferences, and cart data
- Payment and billing information (processed through Square)
- Tax calculation data and coupon usage
Weebly Blog
If you run a blog on your Weebly site, additional data is collected through:
- Blog comment author names and email addresses
- Comment content and posting timestamps
- RSS feed subscriber information
Membership Areas
Weebly's membership feature creates user accounts on your site, collecting:
- Registration data (name, email, password)
- Profile information and access levels
- Login history and activity records
- Content access and download history
Newsletter and Email Marketing
Weebly Promote (now integrated with Square Marketing) collects email subscriber data:
- Subscriber email addresses and names
- Email open rates and click-through data
- Subscription preferences and opt-out history
Q: Can I disable Weebly Stats to avoid data collection?
You can limit what Weebly Stats tracks, but you cannot fully disable all platform-level data collection. Weebly hosting still logs IP addresses and access data for security and performance purposes. Your privacy policy should disclose this baseline data collection.
Q: Is Weebly Stats the same as Google Analytics?
No. Weebly Stats is Weebly's own built-in analytics tool that runs on all Weebly sites. Google Analytics is a separate third-party service that you can add through Weebly's settings or embed code. If you use both, you must disclose both in your privacy policy.
Square Integration and Payment Data
How Square's ownership of Weebly affects your privacy obligations.
Weebly is owned by Square (now Block, Inc.), which means your Weebly site is deeply integrated with Square's payment and marketing ecosystem. If you accept payments through your Weebly store, all transactions are processed through Square's payment infrastructure.
This integration has significant privacy implications that many Weebly site owners overlook. Your privacy policy must explicitly disclose that Square processes payment data on your behalf.
What Square Collects Through Weebly
- Payment card details (processed by Square, not stored on your Weebly site)
- Billing names, addresses, and contact information
- Transaction amounts, order details, and purchase history
- Fraud prevention and risk assessment data
- PCI compliance and security verification data
Even if you do not run a Weebly store, Square's integration means certain analytics and marketing data may flow between Weebly and Square's broader ecosystem. Your privacy policy should mention Square as a data processor and link to Square's privacy policy for transparency.
Did you know?
Square processes payments for millions of businesses worldwide. When a customer makes a purchase on your Weebly store, their payment data passes through Square's PCI-compliant infrastructure. While Square handles the security of payment processing, you are still required to disclose this data sharing arrangement in your privacy policy under both GDPR Article 13 and CCPA requirements.
Third-Party Apps and Integrations
Apps and embed codes that add data collection you must disclose.
The Weebly App Center and custom embed codes allow you to add third-party functionality to your site. Each integration that collects, processes, or shares visitor data must be disclosed in your privacy policy. Here are the most commonly used integrations:
| Integration | Data Collected | Purpose | Privacy Impact |
|---|---|---|---|
| Google Analytics | Page views, sessions, demographics, behavior flow, device data | Website analytics | High (cross-site tracking) |
| Mailchimp | Email addresses, names, open/click rates | Email marketing | Medium (consent required) |
| Facebook Pixel | Browsing behavior, conversions, device data, IP address | Advertising retargeting | High (cross-site tracking) |
| Google AdSense | Browsing behavior, ad interaction data, cookies, device identifiers | Display advertising | High (ad tracking) |
| Social Media Widgets | Social cookies, engagement tracking, share data | Social sharing and feeds | Medium (cookies) |
| Live Chat Apps | Chat messages, visitor name, email, browsing pages | Customer support | Medium (conversation data) |
Each of these integrations introduces additional data processing that operates independently of Weebly's own data collection. When a visitor lands on your site, they may be tracked by Weebly Stats, Google Analytics, and Facebook Pixel simultaneously, with each service sending data to different servers in different countries. Your privacy policy must explain all of this to be compliant.
Weebly also allows you to add custom HTML, CSS, and JavaScript through embed code elements. If you use these to add tracking scripts, retargeting pixels, or any other data-collecting code, these must also be disclosed in your privacy policy. Compare how other website builders like Squarespace and Webflow handle third-party integrations.
How to Add a Privacy Policy in Weebly
Step-by-step instructions for placing your policy where visitors and regulators can find it.
Having a privacy policy is only half the requirement. It must also be easily accessible to your visitors. Here is where and how to add your privacy policy to your Weebly site:
Create a dedicated privacy policy page
In the Weebly Editor, click the 'Pages' tab and add a new page titled 'Privacy Policy.' Use a standard page layout and paste your complete privacy policy content. Set the page URL slug to /privacy-policy for clarity.
Add a footer link
Click on your site footer in the Weebly Editor and add a text element with a link to your privacy policy page. The footer is the most common and expected location for privacy policy links. Visitors and regulators look here first.
Link from all contact forms
Every form on your Weebly site that collects personal data should include a link to your privacy policy. Add text below or above the submit button like 'By submitting this form, you agree to our Privacy Policy' with a hyperlink.
Add to newsletter signup areas
If you use Weebly's newsletter or email collection features, include a privacy policy link near the signup field. This is required under GDPR for email marketing consent.
Link from your checkout flow
If you run a Weebly store, make sure your privacy policy is linked from the checkout process. Customers should be able to review your privacy practices before completing a purchase.
Hide from main navigation (optional)
In the Weebly Pages panel, you can toggle the privacy policy page to not appear in the main navigation menu while still being accessible through footer links and direct URLs. This keeps your navigation clean.
GDPR requires that your privacy policy be accessible "at the time when personal data are obtained." This means visitors must be able to read your policy before submitting any data, not just from a buried footer link. Make sure your policy is prominent and easy to find.
Q: Can I use Weebly's built-in text editor for my privacy policy?
Yes. Weebly's text element supports headings, paragraphs, lists, and links, which is sufficient for a privacy policy page. Simply drag a text element onto your privacy policy page and format your content using the built-in editor. For longer policies, consider using multiple text elements with clear section headings.
Q: Should I also have a separate terms page?
Yes. A privacy policy and terms and conditions are two different legal documents that serve different purposes. Your privacy policy explains how you handle data. Your terms and conditions govern the rules for using your site. Both should be separate pages linked from your footer.
GDPR and CCPA Requirements for Weebly Sites
What you need to include in your privacy policy to meet regulatory standards.
Your Weebly privacy policy must meet the requirements of both GDPR and CCPA if you serve visitors from the EU and California. Since Weebly sites are accessible globally, most site owners need to comply with both.
GDPR Requirements for Weebly Sites
- Identity of the data controller (you) and contact details
- Types of personal data collected through Weebly features
- Lawful basis for each type of data processing
- Disclosure of data sharing with Square and third parties
- Data retention periods for each category of data
- User rights (access, rectification, erasure, portability)
CCPA Requirements for Weebly Sites
- Categories of personal information collected
- Categories of sources from which data is collected
- Business purpose for collecting or selling data
- Categories of third parties with whom data is shared
- Right to opt out of the sale of personal information
A common gap for Weebly site owners is failing to disclose the Square integration in their privacy policy. Since Square is both the platform owner and the payment processor, many site owners assume this is implied. However, GDPR Article 13 requires you to explicitly name all recipients of personal data and the purpose of each transfer.
Did you know?
Weebly sites that use the ecommerce features are subject to both privacy regulations and PCI DSS compliance requirements. While Square handles the technical PCI compliance for payment processing, your privacy policy must still explain to customers how their payment data is collected, who processes it, and how long transaction records are retained.
Common Weebly Privacy Mistakes
Misconceptions that leave Weebly site owners exposed to fines and compliance issues.
These are the five most common privacy mistakes Weebly site owners make. Each one creates a real compliance gap that can lead to regulatory action.
Mistake: "Weebly and Square handle privacy for me"
Weebly and Square have their own privacy policies that cover the platform, but these policies do not cover your individual website. You are the data controller for your site and must have your own privacy policy that describes your specific data collection practices, features used, and how you handle visitor information.
Mistake: "I do not mention Square in my privacy policy"
If your Weebly site accepts payments or uses ecommerce features, Square processes transaction data on your behalf. Failing to disclose Square as a data processor violates GDPR Article 13, which requires you to name all recipients of personal data and explain the purpose of each data transfer.
Mistake: "My Weebly template came with legal pages"
Some Weebly templates include placeholder legal pages, but these contain generic or placeholder text that does not reflect your actual data practices. Using template legal pages without customizing them is worse than having no policy because it creates a false sense of compliance.
Mistake: "I do not collect data, I just have a simple Weebly site"
Every Weebly website collects data automatically. Weebly Stats tracks page views, visitor data, and referral sources. Weebly hosting logs IP addresses and browser information. Weebly and Square set cookies for functionality and analytics. Even a simple one-page Weebly site is collecting personal data that must be disclosed.
Mistake: "I only need a privacy policy if I have a Weebly store"
While Weebly ecommerce sites have more extensive data collection, every Weebly site needs a privacy policy regardless of whether it has a store. Contact forms, blog comments, newsletter signups, membership areas, and even basic analytics all trigger the legal requirement for a privacy policy under GDPR and CCPA.
How to Create a Privacy Policy for Your Weebly Site
A step-by-step process to generate a compliant privacy policy tailored to your Weebly website.
Creating a privacy policy for your Weebly site does not have to be complicated. Follow these six steps to create a policy that covers all your Weebly-specific data collection and meets GDPR and CCPA requirements.
Audit your Weebly site's data collection
Go through your Weebly dashboard and document every feature you have enabled. Check which features are active: Weebly Stats, contact forms, ecommerce store, blog comments, membership areas, and newsletter signups. For each one, note what types of data it collects from visitors.
Review your Square integration
If you use Weebly's ecommerce or payment features, document how Square processes payment data on your behalf. Note the types of transaction data collected, where it is stored, and how long it is retained. Check your Square dashboard for additional data processing details.
List all third-party apps and embed codes
Check your Weebly App Center installations and any custom embed codes you have added to your site. For each integration, identify what visitor data it accesses, collects, or transmits. Pay special attention to analytics tools, marketing scripts, and social media widgets.
Determine which privacy laws apply
Based on where you are located and where your visitors come from, identify your legal obligations. If you have any EU visitors, GDPR applies. If you have California visitors and meet CCPA thresholds, CCPA applies. Most Weebly sites have a global audience, so both typically apply.
Generate your privacy policy
Use a privacy policy generator to create a document tailored to your Weebly site. Answer questions about your data practices, features, Square integration, and third-party apps. A good generator will produce a policy covering all required sections including data collection, cookies, third-party sharing, user rights, and data retention.
Add the policy and schedule reviews
Create a dedicated page in the Weebly Editor, paste your privacy policy, and add links from your footer, all forms, newsletter signups, and checkout pages. Set a reminder to review your privacy policy at least annually and update it whenever you add new features or integrations.
The entire process should take less than 30 minutes. The most time-consuming part is the initial audit of your Weebly features and integrations. Once you know what data you collect, the policy generation itself takes under 60 seconds.
Frequently Asked Questions
Does Weebly provide a privacy policy for my website?
No. Weebly (owned by Square) has its own privacy policy that covers the Weebly platform, but it does not cover your individual website. You are responsible for creating and maintaining a privacy policy that describes your own data collection practices, including any Weebly features and third-party integrations you use.
Is a privacy policy required for a Weebly website?
Yes. If your Weebly website collects any personal data, including through Weebly's built-in analytics, contact forms, ecommerce features, or membership areas, you are legally required to have a privacy policy under GDPR, CCPA, and most other privacy laws. Even a basic Weebly site with analytics enabled is collecting visitor data.
How does Square's ownership of Weebly affect my privacy policy?
Since Square acquired Weebly in 2018, Weebly sites that use ecommerce or payment features process transactions through Square's payment infrastructure. Your privacy policy must disclose that payment data is processed by Square, explain what data Square collects, and link to Square's privacy policy. This is especially important for Weebly stores.
How do I add a privacy policy to my Weebly site?
In the Weebly Editor, create a new page and paste your privacy policy content. Then add a link to this page in your site footer using the footer editor. You should also link your privacy policy from any contact forms, newsletter signup areas, and your checkout flow if you run a Weebly store.
Do Weebly App Center apps need to be disclosed in my privacy policy?
Yes. Every third-party app you install from the Weebly App Center that collects or processes visitor data must be disclosed in your privacy policy. This includes apps for analytics, email marketing, live chat, social media feeds, and any other app that tracks, stores, or transmits user data.
What happens if my Weebly site does not have a privacy policy?
Operating a Weebly site without a privacy policy when you collect personal data can result in GDPR fines of up to 20 million euros or 4% of global annual revenue. CCPA violations carry penalties of $2,500 to $7,500 per violation. Beyond fines, you risk losing customer trust and may violate Weebly's own terms of service.
Does Weebly's free plan still require a privacy policy?
Yes. Whether you use Weebly's free plan or a paid plan, if your site collects any personal data, you need a privacy policy. Weebly's built-in analytics and cookies run on all plans, including the free tier. The legal requirement is based on data collection, not on which plan you are using.
Generate Your Weebly Privacy Policy
Create a customized, legally compliant privacy policy for your Weebly website in under 60 seconds. Covers all Weebly features, Square integration, and third-party apps.
Structured around widely accepted GDPR and CCPA requirements. Not legal advice.
Related Resources
Privacy Policy for Websites
General website compliance guide
Privacy Policy for Wix
Wix-specific compliance guide
Privacy Policy for Squarespace
Squarespace compliance guide
Privacy Policy for Webflow
Webflow compliance guide
Privacy Policy for Carrd
Carrd compliance guide
GDPR Privacy Policy Template
EU compliance template and guide
What Happens Without a Privacy Policy
Risks and penalties explained
Privacy Policy Generator
Generate your policy in 60 seconds