Creative Services→→
Turn your passion projects into paid projects. Discover tools to manage clients and grow your creative business.
Developer Policy
Last updated: December 16, 2025
This Developer Policy outlines Squarespace’s expectations and requirements for Developers who participate in a Developer Program. Any capitalized terms not defined in this Developer Policy have the meanings set forth in our Developer Terms or elsewhere in the Developer Agreement. If you have any comments or questions about this Developer Policy, feel free to contact us.
This Developer Policy may be changed from time to time without notice. Please check here for any updates. We may provide notice, including via the email associated with your Developer Account, if we make a material change to this Developer Policy.
Upon request, you must provide us with proof of your compliance with this Developer Policy.
1. General
1.1. Non-Circumvention. You will not create Developer Products or otherwise do anything which will cause or enable Squarespace or Shared Customers to circumvent or violate: (a) our Terms of Service, Privacy Policy, Acceptable Use Policy, Data Processing Addendum or any other term or policy linked from any of the foregoing; or (b) the terms or policies of any third parties or their services or platforms.
1.2. Compliance. You and your Developer Products must comply with all Applicable Laws, including in all locations where you operate and/or make your Developer Products available to Customers.
1.3. Transparency. Developers will not mislead, nor misrepresent to, Customers about you or your organization, or the functionality or data use of your Developer Products. Your Developer Products must not include unexpected functionality that is unrelated to the primary function of your Developer Products and/or is not likely to be expected by Customers at installation from the Developer Product name or description.
1.4. Respect our Developer Tools and Services. You will not attempt to reverse engineer or otherwise derive source code, trade secrets or know-how from or in our Developer Tools or Services.
1.5. Audit; Compliance. At any time, Squarespace shall have the right to audit your compliance with this Developer Policy and the rest of your Developer Agreement and you shall reasonably assist Squarespace with such audits. If requested, you must provide us with proof of compliance with this Developer Policy and the rest of your Developer Agreement. Violations of this Developer Policy may result in: (a) your Developer Products being temporarily or permanently blocked or removed from Squarespace Directories or other directory/list of Third Party Services integrations; (b) your access and credentials to Developer Tools being temporarily suspended or permanently revoked and/or participation in a Developer Program temporarily suspended or permanently terminated; (c) notification to Shared Customers about your violations; and (d) legal action or any other action deemed necessary by Squarespace, as determined by us in our sole discretion. We may or may not provide notice before taking any of the foregoing actions.
2. Data Privacy
2.1. General. Squarespace believes in transparency and respects the privacy of our Customers and their End Users. We expect and you agree that you and your Developer Products will do the same.
2.2. Compliance with Applicable Privacy Laws. You, your Developer Products and your use of our Developer Tools will comply at all times with Applicable Privacy Laws.
2.3. Your Privacy Policy. You will inform your Shared Customers about, and you will publish and maintain a Developer Privacy Policy. Your Developer Privacy Policy will: (a) comply with Applicable Privacy Laws; and (b) include details about how Shared Customers may submit requests to you to exercise their rights (e.g., access, deletion, portability, rectification) under Applicable Privacy Laws.
2.4. Data Minimization. You and your Developer Products will comply with the principle of data minimization (and similar concepts under similar names) by limiting Personal Information collection and retention to the absolute minimum necessary for a specific purpose.
2.5. Electronic Communications. You may not contact Shared Customers or their End Users without first obtaining permission in accordance with Applicable Laws.
2.6. Cancellation. If a Shared Customer terminates permission for you and your Developer Products to Process their Shared Customer Data, you shall immediately cease to access such Shared Customer Data and you shall delete any stored Shared Customer Data or other Shared Customer or End User Personal Information in accordance with your Developer Privacy Policy and your Developer Customer Contract, except where data retention is required under Applicable Laws.
2.7. Law Enforcement Requests. You will not disclose Shared Customer Data to law enforcement, regulatory or governmental bodies unless required by Applicable Laws, and you will object to unlawful requests. If you are compelled to disclose or provide access to Shared Customer Data to law enforcement, regulatory or governmental bodies, you will notify the applicable Shared Customer first and provide them with a copy of the demand to allow them to seek a protective order or other appropriate remedy (except if such notification is prohibited by Applicable Laws).
3. Security
3.1. General. Squarespace makes security a high priority and we expect all users of our Developer Tools to do the same.
3.2. Minimum Security Requirements. Developers must maintain industry-standard or better administrative, physical and technical safeguards to protect Shared Customers, Shared Customer Data and the security, confidentiality and integrity of our Services. Developers must also maintain a written information security program as required by Applicable Laws. In addition, Developers must maintain the following basic security measures:
(a) Developer personnel must use multi-factor authentication to access Shared Customer Data and any code, data or content which interacts with our Developer Tools;
(b) Developer personnel and Developer’s environment must employ industry-standard or better security vulnerability practices;
(c) limit access to and administrative privileges for the Shared Customer Data and any code, data or content which interacts with our Developer Tools to job functions that require access or privileges, and access and privilege levels must be configured to allow the minimum access reasonably sufficient to enable that job function;
(d) proactively update and deploy patches for any software and tools used in or in connection with your Developer Products and our Developer Tools;
(e) regularly (at least quarterly) scan its technology infrastructure and applications for vulnerabilities;
(f) regularly conduct security reviews and risk assessments of its own practices as well as those of vendors it uses in connection with Shared Customer Data, the Developer Products and our Developer Tools to ensure the use of industry-standard or better administrative, physical, and technical safeguards consistent with your Developer Agreement;
(g) require all personnel and vendors to protect and secure Shared Customer Data in accordance with Applicable Privacy Laws and industry-standard or better practices;
(h) send and receive requests to/from Developer Tools via HTTPS using TLS v1.2 or later encryption and a valid SSL certificate and employing cipher suites that are known to be cryptographically sound;
(i) protect against cross-site request forgery and scripting attacks and other known security vulnerabilities; and
(j) all systems used to access Shared Customer Data or Developer Products, or that are used in connection with our Developer Tools must: (i) be password protected and require multi-factor authentication; (ii) not allow the use of shared passwords; (iii) be encrypted using industry-standard or better encryption; (iv) be monitored using industry-standard or better anti-malware software and logging; and (v) not contain harmful scripts or code.
3.3. No Circumvention. Developers may not access the Developer Tools in a manner that compromises, breaks or circumvents, or attempts to compromise, break or circumvent, any technical processes or security measures associated with our Services or Developer Tools or poses a security vulnerability to our Customers.
3.4. Security Review. At any time, in our sole discretion, Squarespace may perform a Security Review of your Developer Products, your use of our Developer Tools and/or your use of Shared Customer Data. Such Security Reviews may be conducted to ensure compliance with your Developer Agreement and/or that the Developer Products do not threaten the security, integrity or performance of our Developer Tools or our Services. You shall reasonably cooperate, at your sole expense, with any such Security Review. Squarespace may perform Security Reviews ourselves and/or in conjunction with or via a designated third party. Following a Security Review, Squarespace may request that you or your organization make reasonable adjustments or improvements to its security practices as a condition to using or continuing to use our Developer Tools and/or participating or continuing to participate in a Developer Program. Security Reviews may include the following:
(a) a review of your practices to ensure you maintain industry-standard or better administrative, physical and technical safeguards to protect any Shared Customer Data accessed by your Developer Product;
(b) your participation in reasonable data security and compliance assessments by Squarespace;
(c) provision by you of details about and/or copies of or links to the following for your Developer Products: (i) applicable Developer Customer Contract; (ii) applicable Developer Privacy Policy; and (iii) customer support guides and practices; and
(d) a requirement that you have security penetration testing performed on your Developer Products and/or your environment by a reputable third party consistent with industry standards for such testing and provide a summary report of the results of such testing to Squarespace for review thereafter. If Squarespace determines in our reasonable discretion that we (or our designated third party) need to perform supplemental or additional security penetration testing on your Developer Products and/or your environment, you grant permission to Squarespace to perform such supplemental or additional testing, and agree to reasonably cooperate with Squarespace in connection therewith. Unless required otherwise by Applicable Laws, we will treat the results of such security penetration testing as Confidential Information.
4. Law and Safety
4.1. PCI Compliance. Developers must: (a) comply with the Payment Card Industry Data Security Standard (“PCI DSS”) and all similar payment card compliance frameworks and Applicable Laws; and (b) not allow or facilitate financial transactions to be conducted in an insecure or unapproved manner.
4.2. Applicable Laws. Developers and their Developer Products shall not encourage or facilitate any violations of Applicable Laws by Shared Customers or any other parties.
4.3. No Harassment. Developers and their Developer Products shall not and shall not encourage or facilitate Shared Customers or any other parties to spam, harass, stalk, intimidate or threaten Shared Customers, their End Users, Squarespace personnel or any other parties.
4.4. Third Party Rights. Developers and their Developer Products shall not and shall not encourage or facilitate Shared Customers or any third parties to infringe, violate or misappropriate the intellectual property, moral, publicity or other rights of any third party.
5. Other
5.1. Documentation. Developers must comply with the rules, guidelines and best practices set forth in the Documentation, together with the spirit and intent of all such Documentation.
5.2. Usage. Developers may only use our Developer Tools for the purposes set forth in the Developer Agreement. The following uses of our Developer Tools are strictly prohibited: (a) creating an integration between Developer Products and an individual’s website or other online presence which is not hosted on our Services; (b) accessing the Developer Tools in order to monitor or benchmark our Developer Tools or our Services; or (c) creating an application, dataset or content whose primary purpose, as determined by us in our reasonable discretion, is to: (i) enable Customers to stop using our Services; or (ii) migrate Customers and/or Shared Customer Data away from our Services.
5.3. Authorized Use Only. Our Services are enabled by many different components, including internal APIs, non-public APIs and other pieces of software which are not Developer Tools. Developers are only authorized to use Developer Tools which are part of a Developer Program and for which there exists public Documentation. If you have any questions about whether an API or other piece of software is part of our Developer Tools, please contact us.
5.4. No Alteration or Modifications. Developers shall not alter any name, unique identifier or other component assigned to your Developer Products.
5.5. Reasonable Use. Developer use of our Developer Tools must be reasonable and not degrade or compromise our Developer Tools or Services.
5.6. Notification. Developers must notify Squarespace if you change the function of, or discontinue, your Developer Products.
5.7. Fees Transparency. Developers must: (a) clearly and accurately inform Customers of the fees you will collect as part of your Developer Products; and (b) notify Customers about and obtain all required consents from Customers prior to collecting any such fees or making any changes to such fees.