PRIVACY POLICY

 

1.    Core Principles

With regard to personal information we believe in transparency, not surprises. Before we get into the details, we want to share with you a few of our core privacy principles:

#1 We and our technology service providers don’t sell your personal information to anyone.

#2 We and our technology service providers don’t ask for your personal information unless we need it.

#3 We and our technology service providers don’t share your personal information unless you’ve specifically allowed it, or for very limited purposes described below.

We appreciate that when you use our Services, you trust us with your information, and we take that responsibility very seriously.

This Privacy Policy holds us accountable for protecting your rights and your privacy.

2.    Collection

When you use our website, we collect the following information, and use it only as described below:

2.1. User Account Information

This may include your name, postal address, email address and contact phone number. We use this information in the ways you would expect, such as to set up your Account or contact you.

2.2. Third Party Account Information

If you use Third Party Services, such as social media or photo-sharing services, we may handle your Third Party Services account information, such as your username. Please note that we don’t store any passwords you use to access Third Party Services.

We transmit, and may store, such account information, only as needed to provide the Services, and only in accordance with the terms and policies of these Third Party Services.

2.3. Payment Information

When you initially provide or update your payment information, we transmit it via an encrypted connection to our Payment Processor, Stripe. Stripe uses and processes your payment information in accordance with Stripe’s Privacy Policy. We don’t store your payment information, other than your zip code and country, which we require for billing and to comply with tax and other government regulations.

2.4. Communications

When you send us emails or other communications, such as complaints or support inquiries, we maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.

2.5. Public Comments On The Services

We retain comments, contributions, discussions or messages submitted to users of the Services, in order to provide the Services.

2.6. Files You Provide Us

When you provide content for our website, we store, process and transmit your Content (such as your photos) and information related to your Content (such as location tags in photos). We process and store such files and information in order to provide the Services.

2.7. Usage Information

This includes information about your activity on and interaction with the Services, such as your IP address, your device or browser type, the webpage you visited before coming to our sites and identifiers associated with your devices. This information enables us to analyze how the website and web services are being accessed and used and monitor its performance.

2.8. Location Information

Your devices (depending on your settings) may transmit location information to the Services. Our providers may use this information to customize, improve and protect the Services.

For example, we may use your location information to determine local language preferences, or to geotag a post.

2.9. Cookies And Other Technologies

We use these technologies to do things such as remember your preferences, identify malicious use and improve the performance of the website. You can read more about how we use these technologies in our Cookie Policy, which is incorporated by reference into this Privacy Policy.

3.    Sharing

When you use the Services, we may share your information only as described below:

3.1. Third Parties

You can give third parties access to your and your End Users’ information on the Services. For example, you may wish to integrate Your Sites with a third party newsletter service that requires access to the email addresses you collect from your End Users, in order for that newsletter service to send emails on your behalf and at your direction. Just remember that such third party’s use of this information will be governed by the terms and privacy policies of the third party.

3.2. Legally Binding Requests for Information about Users

We may disclose your information to third parties only if we determine that such disclosure is necessary to comply with the law, protect our rights or prevent fraud or abuse of Squarespace or our users. Should we receive law enforcement or national security requests for information, we strongly believe in privacy and transparency. We scrutinize such requests carefully and challenge vague, overly broad or otherwise potentially unethical or illegal requests. When legally permitted, we will provide our users with notice that their information is being requested. This notice is provided so that you have the opportunity to challenge such requests.

3.3. Third Party Providers.

Our technology providers use certain trusted third parties to help us provide, improve, promote and protect the Services.

For example, our providers may use third parties to help us provide customer support, manage advertisement on other sites, or assist with data storage. These third parties may access, process or store your information to perform tasks only for the purposes we’ve authorized, and we require them to provide at least the same level of protection for your information as described in this Privacy Policy.

Third parties also may share with third parties aggregated or anonymized information with the express proviso that that said information does not directly or personally identify Users.

4.    Protection

While no service is completely secure, we have a security team dedicated to keeping your information safe.

We employ security measures including the use of firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.

Payment information is transmitted using HTTPS encryption, and we maintain a PCI DSS certification.

5.    Retention

We'll retain your personal information for as long as we need it to provide you with the Services. You can ask for your personal information to be deleted at any time by contacting us.

Please note that there may be latency in deleting your personal information from our servers and backup storage, and we may retain some information in order to comply with the law, protect our rights, resolve disputes or enforce our agreements, which you will be informed about should this be necessary.

6.    Location

Information that you submit through the Services may be transferred to countries other than where you live (for example, to servers in the USA).

We also may store information locally on the devices you use to access the Services.

We also may transfer information to third parties outside the USA for processing or to support the Services, and we require them to provide at least the same level of protection for your information as described in this Privacy Policy.

7.    Access

To modify or delete the personal information you have provided to us, please contact us. We may retain certain information as required by law or for necessary business purposes.

On request, we'll provide you with a copy of your personal information that we maintain.

This request may be subject to a fee not exceeding the prescribed fee permitted by law.

8.    Communications

We may periodically email you service-related announcements. We'll also send you emails related to your transactions. We may also send you marketing or promotional communications, but you can opt out of receiving subsequent marketing or promotional communications by clicking the link marked unsubscribe (or a similar phrasing) that’s included in those communications.

9.    Privacy Shield

9.1. Compliance.

Our Technology Service Providers comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union to the United States (“EU Personal Data”).

The services are certified to the Department of Commerce that they adhere to the Privacy Shield Principles and, assuming our certification is approved, you’ll be able to find it here.

You can learn more about Privacy Shield by visiting https://www.privacyshield.gov/.

9.2. Accountability.

Our accountability for EU Personal Data we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we may use third parties to process data on our behalf as described in this Privacy Policy, and we remain liable if they do so in a manner inconsistent with the Privacy Shield Principles and we're responsible for the event giving rise to the damage.

9.3. Inquiries And Disputes.

If you have questions you believe to be within the scope of our Privacy Shield certification, please contact us and we'll respond within 45 days.

For any complaints that we can’t resolve directly, JAMS is the independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance, and you can contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield.

In the event your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under the Privacy Shield Principles. For purposes of enforcing compliance with the Privacy Shield, Squarespace is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

10.    Modifications

We may modify this Privacy Policy from time to time, and will post the most current version on this website.