Free Refund Policy Generator for Squarespace Site — GDPR Compliant

🇪🇺 Key GDPR Requirements

The GDPR (General Data Protection Regulation) is the world's most comprehensive data privacy law, applying to any organization that processes data of EU residents — regardless of where the organization is based. Non-compliance can result in fines of up to €20 million or 4% of annual global turnover, whichever is higher.

• Lawful basis for processing must be identified and documented (consent, contract, legitimate interest, etc.)
• Privacy by design and default must be embedded in your systems
• Data subjects have the right to access, rectify, erase, and port their data
• Data breaches must be reported to supervisory authorities within 72 hours
• A Data Protection Officer (DPO) is required for large-scale processing of sensitive data
• Data Processing Agreements (DPAs) required with all third-party processors
• International transfers outside the EEA require specific safeguards (SCCs, adequacy decisions)

Squarespace Site — Specific Considerations

Squarespace sites use Squarespace's infrastructure and built-in analytics that automatically collect visitor data. Squarespace Commerce collects customer purchase data, and Squarespace Email Campaigns processes subscriber data. Unlike open-source platforms, Squarespace's data collection is more standardized and predictable, but you must still disclose Squarespace's role as a data processor and any third-party integrations.

Data typically collected by Squarespace Site businesses: visitor analytics and session data, Squarespace Commerce customer and order data, email campaign subscriber data, form submission data, cookie and tracking data

• Squarespace as data processor disclosure
• Squarespace Commerce payment processing (Stripe)
• Squarespace Email Campaigns subscriber data
• Third-party integrations (Mailchimp, Google Analytics)
• Squarespace Analytics data retention