The California Consumer Privacy Act, or CCPA, is a California data privacy law effective January 1, 2020. The CCPA regulates how certain businesses may use personal information of Californians. If you have visitors or customers in California, use this guide to learn how Squarespace helps you comply and what you should know as a Squarespace site owner.
Note: This guide is available as a resource, but should not be construed or relied upon as legal advice. Per our Terms of Service, Squarespace doesn't provide advice or recommendations regarding laws applicable to your site or business.
About the CCPA
Is my business affected by the CCPA?
The CCPA applies to your company if you do business in the state of California and any one of the following is true:
- Your company has annual gross revenue of more than $25 million.
- Your company buys, receives, sells, or shares the personal information of more than 50,000 consumers, households, or devices for commercial marketing purposes.
- Your company derives 50% or more of its annual revenues from selling the personal information of consumers.
What rights do consumers have under the CCPA?
If you’re a consumer in California, the CCPA gives you the right to know or request:
- Whether data is being collected about you.
- The categories and specific pieces of personal information a business has collected about you.
- The sources from which that personal information was collected.
- The purpose for which that personal information is being used.
- Third parties to whom the business sells your personal information, if applicable.
- That the personal information not be sold, if the business sells your personal information
- That your personal information be deleted.
What’s considered personal information?
Under the CCPA, personal information is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This broad definition includes not only traditional personal data—e.g., dates of birth, names, physical addresses, email addresses—but location data, biometric data, financial information, and more.
What is Squarespace doing to prepare for the CCPA?
To prepare for the CCPA in the months leading up to January 2020, we’re drawing on the resources and efforts we established in advance of the GDPR. Specifically, we’re reviewing:
- How we collect, store, and use data about our customers and on behalf of our customers.
- Our contracts and relationships with partners and vendors to ensure compliance with the CCPA.
- Our products and services to ensure that they enable our customers to comply with their obligations under the CCPA.
How does Squarespace help me comply with the CCPA?
- Disable Activity Log so you don’t collect or see visitors’ IP addresses or other personal information.
- Disable Squarespace Analytics cookies so you don’t place these analytics and performance cookies on visitors’ browsers.
- Create a custom checkout form so you can accept “do not sell” requests from customers of your online store.
You can also post your own legal terms or privacy policies. For example, you can:
- Add content that informs visitors about when and how you collect data anywhere you can add your own customizable text, like in Text Blocks.
- Customize the Newsletter Block with a disclaimer.
- Add a cookie banner with customized language and a link to your policies.
To learn about how to add these to your site, visit Sharing policies and terms on your site.
CCPA best practices for Squarespace sites
While we can’t offer legal advice, here are some best practices that will help you get started with your CCPA compliance. If you have questions not addressed here, you should consult a data privacy expert.
Personal information audit
Review your website and look for areas where you collect personal information, keeping in mind the CCPA’s definition of personal information. Consider these questions:
- Do you collect personal information on your site using third-party services like Google Analytics or Mailchimp? If so, you should read the privacy policies of those services.
- Do you download or export data from your site into another system?
- Do you combine the personal information you collect with other sources of data?
- What information you collect.
- Why you collect that information.
- Who you share that information with.
- How long you'll store that information.
- Whether you’ll sell that information.
- Any other information required under the CCPA.
Learn more about the CCPA
More details can be found on the state of California’s CCPA Website. In October 2019, the California Attorney General’s office released a proposed text of regulations related to the CCPA for consumers and businesses to understand their rights and responsibilities.