Note: While our most popular guides have been translated into Spanish, some guides are only available in English.

The CCPA and Squarespace

The California Consumer Privacy Act, or CCPA, is a California data privacy law effective January 1, 2020. The CCPA regulates how certain businesses may use personal information of Californians. If you have visitors or customers in California, use this guide to learn how Squarespace helps you comply and what you should know as a Squarespace site owner.

Note: This guide is available as a resource, but should not be construed or relied upon as legal advice. Per our Terms of Service, Squarespace doesn't provide advice or recommendations regarding laws applicable to your site or business.

About the CCPA

Is my business affected by the CCPA?

The CCPA applies to your company if you do business in the state of California and any one of the following is true:

  • Your company has annual gross revenue of more than $25 million.
  • Your company buys, receives, sells, or shares the personal information of more than 50,000 consumers, households, or devices for commercial marketing purposes.
  • Your company derives 50% or more of its annual revenues from selling the personal information of consumers.

What rights do consumers have under the CCPA?

If you’re a consumer in California, the CCPA gives you the right to know or request:

  • Whether data is being collected about you.
  • The categories and specific pieces of personal information a business has collected about you.
  • The sources from which that personal information was collected.
  • The purpose for which that personal information is being used.
  • Third parties to whom the business sells your personal information, if applicable.
  • That the personal information not be sold, if the business sells your personal information
  • That your personal information be deleted.

What’s considered personal information?

Under the CCPA, personal information is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This broad definition includes not only traditional personal data—e.g., dates of birth, names, physical addresses, email addresses—but location data, biometric data, financial information, and more.

What is Squarespace doing to prepare for the CCPA?

To prepare for the CCPA in the months leading up to January 2020, we’re drawing on the resources and efforts we established in advance of the GDPR. Specifically, we’re reviewing:

  • How we collect, store, and use data about our customers and on behalf of our customers.
  • Our contracts and relationships with partners and vendors to ensure compliance with the CCPA.
  • Our Terms of Service, Privacy Policy, and other terms, policies, and notices to ensure compliance with the CCPA.
  • Our products and services to ensure that they enable our customers to comply with their obligations under the CCPA.

How does Squarespace help me comply with the CCPA?

By default, we use cookies to run your site and obtain information about your visitors for the Squarespace analytics information provided in your account for each of your websites. To help you comply with the CCPA, you can:

You can also post your own legal terms or privacy policies. For example, you can:

To learn about how to add these to your site, visit Sharing policies and terms on your site.

CCPA best practices for Squarespace sites

While we can’t offer legal advice, here are some best practices that will help you get started with your CCPA compliance. If you have questions not addressed here, you should consult a data privacy expert.

Personal information audit

Review your website and look for areas where you collect personal information, keeping in mind the CCPA’s definition of personal information. Consider these questions:

  • Do you collect personal information on your site using third-party services like Google Analytics or Mailchimp? If so, you should read the privacy policies of those services.
  • Do you download or export data from your site into another system?
  • Do you combine the personal information you collect with other sources of data?

Create (or update) your privacy policy

After you’ve identified how you collect and use personal information, the CCPA requires that you provide specific information to individuals whose personal information you're collecting and using. Posting a privacy policy gives visitors more clarity about your use of their information. Consider making a privacy policy page on your site that documents:

  • What information you collect.
  • Why you collect that information.
  • Who you share that information with.
  • How long you'll store that information.
  • Whether you’ll sell that information.
  • Any other information required under the CCPA.

For more ideas, see these sample messages for your Squarespace website privacy policy.

Learn more about the CCPA

More details can be found on the state of California’s CCPA Website. In October 2019, the California Attorney General’s office released a proposed text of regulations related to the CCPA for consumers and businesses to understand their rights and responsibilities.

Was this article helpful?
6 out of 7 found this helpful