Squarespace Privacy Compliance: What You Need for CCPA and State Laws
Running a Squarespace site? Here's what privacy compliance requires — from privacy policies to cookie banners to state-specific requirements.
2026-03-04
Squarespace makes it easy to build a beautiful website, but it doesn't handle privacy compliance for you. If your Squarespace site collects visitor data — and it does — you're responsible for complying with CCPA, VCDPA, and the other state privacy laws that apply to your visitors.
What Squarespace Collects
Every Squarespace site collects data, even without any third-party integrations:
- Analytics cookies — Squarespace's built-in analytics track page views, referral sources, and visitor behavior
- Form submissions — contact forms, newsletter signups, and checkout forms collect personal data
- E-commerce data — if you use Squarespace Commerce, you collect names, emails, addresses, and payment information
- Comment data — blog comments include names and potentially emails
Common Squarespace Integrations That Add Tracking
- Google Analytics — adds
_ga,_gidcookies - Facebook Pixel — adds cross-site advertising tracking
- Mailchimp / ConvertKit — add marketing cookies and tracking pixels
- Pinterest, Instagram embeds — may load third-party tracking
- YouTube embeds — Google sets tracking cookies via embedded videos
- Google Maps — sets tracking cookies when embedded
What You Need
1. Privacy Policy
Squarespace includes a "Privacy Policy" page template, but it's blank — you need to write (or generate) the actual content. Your policy must cover:
- What data your Squarespace site collects
- What each integration and third-party service collects
- Who receives the data
- Consumer rights under applicable state laws
- How consumers can submit requests (access, delete, correct, opt out)
- Cookie disclosures
Add it to your footer navigation so it's accessible from every page.
2. Cookie Consent Banner
Squarespace includes a basic cookie banner in Settings > Cookies & Visitor Data, but it has significant limitations:
- It's primarily designed for EU/GDPR compliance
- It may not meet all US state law requirements
- It doesn't automatically block third-party scripts until consent is given
- Limited customization of categories and opt-out mechanisms
For US state law compliance, you may need a more robust cookie consent solution that actually blocks non-essential scripts until the visitor makes a choice.
3. "Do Not Sell" Link
If you use Facebook Pixel, Google Ads, or any advertising tracker, add a "Do Not Sell or Share My Personal Information" link to your footer navigation. Link it to your cookie consent preferences or a dedicated opt-out page.
4. Consumer Request Process
Set up a dedicated email (like [email protected]) and document your process for handling:
- Data access requests (provide a copy of their data)
- Data deletion requests (remove their data from Squarespace and all integrations)
- Data correction requests
- Opt-out requests
Response deadline: 45 days under most state laws.
Squarespace-Specific Tips
- Check your connected accounts — Squarespace's Social Links and Connected Accounts can load third-party scripts
- Review your code injection — any custom code in Settings > Advanced > Code Injection may load trackers
- Embedded content — YouTube videos, Google Maps, and social media embeds all set cookies
- Third-party blocks — Squarespace's block library includes embeds that may load external tracking
Check Your Squarespace Site
ClearConsent scans your Squarespace site and detects every tracker, cookie, and compliance gap — including those from embedded content and integrations. Get a compliance score against all 19 US state privacy laws.
Scan your Squarespace site free — no signup required.