1. Core Principles
#1 We don’t sell your personal information to anyone.
#2 We don’t ask for your personal information unless we need it.
#3 We don’t share your personal information unless you’ve specifically allowed it, or for very limited purposes described below.
We appreciate that when you use our Services, you trust us with your information, and we take that responsibility very seriously.
When you use our website we collect the following information, and use it only as described below:
2.1. User Account Information
This may include your name, postal address, email address and contact phone number. We use this information in the ways you would expect, such as to set up your Account or contact you.
2.2. Third Party Account Information
If you use Third Party Services, such as social media or photo-sharing services, we may handle your Third Party Services account information, such as your username. Please note that we don’t store any passwords you use to access Third Party Services.
We transmit, and may store, such account information, only as needed to provide the Services, and only in accordance with the terms and policies of these Third Party Services.
2.3. Payment Information
When you send us emails or other communications, such as complaints or support inquiries, we maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.
2.5. Public Comments on the Services
We retain comments, contributions, discussions or messages submitted to users of the Services, in order to provide the Services.
2.6. Files You Provide Us
When you provide content for our website, we store, process and transmit your Content (such as your photos) and information related to your Content (such as location tags in photos). We process and store such files and information in order to provide the Services.
2.7. Usage Information
This includes information about your activity on and interaction with the Services, such as your IP address, your device or browser type, the webpage you visited before coming to our sites and identifiers associated with your devices. This information enables us to analyze how the website and web services are being accessed and used and monitor its performance.
2.8. Location Information
Your devices (depending on your settings) may transmit location information to the Services. Our providers may use this information to customize, improve and protect the Services. For example, we may use your location information to determine local language preferences, or to geotag a post.
2.9. Cookies and Other Technologies
When you use the Services, we may share your information only as described below:
3.1. Third Parties
You can give third parties access to your and your End Users’ information on the Services. For example, you may wish to integrate Your Sites with a third party newsletter service that requires access to the email addresses you collect from your End Users, in order for that newsletter service to send emails on your behalf and at your direction. Just remember that such third party’s use of this information will be governed by the terms and privacy policies of the third party.
3.2. Legally Binding Requests for Information about Users
We may disclose your information to third parties only if we determine that such disclosure is necessary to comply with the law, protect our rights or prevent fraud or abuse of Squarespace or our users. Should we receive law enforcement or national security requests for information, we strongly believe in privacy and transparency. We scrutinize such requests carefully and challenge vague, overly broad or otherwise potentially unethical or illegal requests. When legally permitted, we will provide our users with notice that their information is being requested. This notice is provided so that you have the opportunity to challenge such requests.
3.3. Third Party Providers
Our technology providers use certain trusted third parties to help us provide, improve, promote and protect the Services.
Third parties also may share with third parties aggregated or anonymized information with the express proviso that that said information does not directly or personally identify Users.
While no service is completely secure, we have a security team dedicated to keeping your information safe.
We employ security measures including the use of firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
Payment information is transmitted using HTTPS encryption, and our payment service providers and physical data storage facilities maintain a PCI DSS certification.
We'll retain your personal information for as long as we need it to provide you with the Services. You can ask for your personal information to be deleted at any time by contacting us via firstname.lastname@example.org.
Please note that there may be a waiting time for the deletion of your personal information from our servers and backup storage, and we may retain some information in order to comply with the law, protect our rights, resolve disputes or enforce our agreements, which you will be informed about should this be necessary.
Information that you submit through the Services may be transferred to countries other than where you live (for example, to servers in the USA).
We also may store information locally on the devices you use to access the Services.
To modify or delete the personal information you have provided to us, please contact us. We may retain certain information as required by law or for necessary business purposes.
On request, we'll provide you with a copy of your personal information that we maintain.
This request may be subject to a fee not exceeding the prescribed fee permitted by law.
We may periodically email you service-related announcements. We'll also send you emails related to your transactions. We may also send you marketing or promotional communications, but you can opt out of receiving subsequent marketing or promotional communications by clicking the link marked unsubscribe (or a similar phrasing) that’s included in those communications.
9. Privacy Shield
Our Technology Service Providers comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union to the United States (“EU Personal Data”).
The services are certified to the Department of Commerce that they adhere to the Privacy Shield Principles and, assuming our certification is approved, you’ll be able to find it here.
You can learn more about Privacy Shield by visiting https://www.privacyshield.gov/.
9.3. Inquiries and Disputes
If you have questions you believe to be within the scope of our Privacy Shield certification, please contact us and we'll respond within 45 days.
For any complaints that we can’t resolve directly, JAMS is the independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance, and you can contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield.
In the event your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under the Privacy Shield Principles. For purposes of enforcing compliance with the Privacy Shield, Squarespace is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.