kittyShark | Branding + Squarespace Web Design

View Original

6 Steps to Make your Squarespace Website Secure + Legally Compliant

You’re finally about ready to get your website up and running, but wait… there are a few legal tidbits you may want to get in order before you launch your site.

Making sure your website is both secure and compliant with the law is important. Not only will it give you some peace of mind, but it will also protect you and your website users by letting them know if and how you’ll be using any of their personal data. There are a few steps you can take to make your website legally compliant and to help protect the personal data of your users.



But first… a quick disclaimer or two.

I’m NOT a lawyer. The information I’m providing here is only intended to be a resource. My business is based in the U.S. and as such the information here will be most relevant to other U.S.-based website owners. This resource should not be construed or relied upon as legal advice. If you have legal questions, a lawyer will be best qualified to answer them for you.

*Affiliate disclosure: This post contains affiliate links. I’m an affiliate of both The Creative Law Shop and The Contract Shop. If you make a purchase through my direct link, or use my affiliate code, your cost is the same (or lower) than the regular price, but I may receive compensation for the referral.



Ok, ok… enough already, let’s get into the good stuff. Here are the 6 steps you can take to make sure that your Squarespace website is secure and legally compliant.


Step One: Add a Copyright Notice

A copyright notice is on almost every website these days. It lets web users know that the content on the website belongs to the website owner and may not be used without their permission.

It usually looks something like this: ©2021 Business Name LLC. Whatever the legal name of your business is, is what should be stated.

In the U.S., original work is copyrighted automatically from the moment of creation. This means that a website falls under copyright at the time it is developed.

Notice of copyright is no longer legally required by U.S. law. However, it is still considered best practice to include the copyright notice for web users.

Placing a copyright notice in the footer of your website states that the material on the site is not to be used without your express permission.


Step Two: Add A Privacy Policy Document

A Privacy Policy is required by U.S. federal law if you collect ANY type of information on your website.

  • Personal Data: Names, email addresses, phone numbers, etc.

  • Analytics Information: Web user locations, IP addresses, search terms, etc.

A couple of new laws:

The European GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) laws require that a Privacy Policy must be in place anywhere “personal data” is collected.

A Privacy Policy typically covers things like:

  • What personal information is collected and how it is used

  • What cookies are and why they are needed

  • How long data is kept

  • If you will share a website user’s information with others.

These are just the basics, most templates will cover more topics related to the privacy of site users’ information as well.

If your site is in need of a Privacy Policy, you can pick up a website template bundle from The Creative Law Shop for 10% off with code KITTYSHARK10, or grab it from The Contract Shop. *Yup, those are both affiliate links.

Once you have your Privacy Policy:

Create a link in your footer to a separate page of your site, or to a PDF document. I recommend having this page open in a new browser tab. This page is otherwise a dead end and doesn’t lead your site user to your goals. Therefore, it is better to allow them to simply close the tab when they are done and return to the content on your website.

Step Three: Add A Terms + Conditions Document

Your website Terms + Conditions form a contract between you and anyone using your site. It outlines the rights and responsibilities of site users.

This contract typically covers things like which state laws apply to your website, a disclaimer, and a limitation of liability for you, the website owner, and what route a site user may take if they believe your site infringes on their copyright.

This document is not required by U.S. federal law (at the time of this post being published), but it has become best practice to include it. I recommend that my web clients include it on their site.

If your site is in need of Terms + Conditions, you can pick up a website template bundle from The Creative Law Shop for 10% off with code KITTYSHARK10, or grab it from The Contract Shop. *Again, those are both affiliate links.

You can place the Terms + Conditions link right next to the Privacy Policy in the footer of your website. Make sure it opens in a new browser tab.


Step Four: GDPR Compliance

GDPR stands for General Data Protection Regulation. It sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). 

The Regulation applies regardless of where websites are based, so must be respected by all sites that attract European visitors, even if they don't specifically market to EU residents.

Site visitors must be notified of data the site collects from them and allow them to consent to or decline that information-gathering, by clicking on a specific action button.

Abiding by GDPR will also make your website compliant with a similar law passed by the state of California, CPAA (California Consumer Privacy Act). As this trend toward higher privacy for web users continues with additional legal requirements, it’s best to comply with the law now and keep yourself up-to-date with changes that could affect the security of your business. 

Make sure you are compliant with GDPR by:

  • Adding a Privacy Policy to your site that is compliant with GDPR (both The Creative Law Shop and The Contract Shop templates have you covered)

  • Enabling “double opt-in” when you collect email addresses for your email list. GDPR requires that users give their express consent to receive your emails.

  • Enabling your cookie banner with the option for users to either Accept or Decline cookies.

To make your cookie banner compliant with GDPR on Squarespace:

  1. In the home navigation within the back-end of Squarespace select Settings > Cookies + Visitor Data

  2. Toggle the top slider to enable the cookie banner.

  3. Select “Opt in + Out” under “Cookie Banner Type.”

  4. You can continue to customize the cookie banner settings within this panel and by clicking “customize.”

Step Five: Disclose Affiliate Links

If you have any affiliations where you receive any compensation or reward for referring customers or clients to another company, it is mandated by the FTC that you disclose those affiliations.

Add disclosures to the top of blog posts, similar to how I did at the top of this particular post. You must ALSO be clear as to reference the affiliate link statement wherever the links appear in the body of the post.

If you use affiliate links anywhere other than a blog post, the same rules apply. Site users must be explicitly made aware that you are affiliated with the linked company and could receive compensation if they make a purchase through your link.

Step Six: Enable HTTPS on your Squarespace Site

HTTPS stands for Hypertext transfer protocol secure. This means that when your site communicates with any other site, that the data transfer is encrypted.

There is no legal requirement forcing you to enable HTTPS on your website. However, I highly recommend that you do it for a number of reasons:

  • If your users provide any personal data to you, such as their name, email address, phone number, etc. that information will be encrypted when it is sent to a 3rd party, like your email marketing platform or elsewhere.

  • HTTPS also encrypts more sensitive information like credit card numbers used for online payments.

  • In addition to protecting your users’ data, Google and other search engines prefer sending queries to secure websites. So, your chances of ending up in search results are much better with HTTPS enabled. This means enabling HTTPS is good for SEO!

To enable HTTPS on Squarespace:

  1. In the home navigation within the back-end of Squarespace select Settings > Advanced > SSL

  2. Select “Secure (Preferred),” as well as “HSTS Secure.” 

HSTS stands for HTTP Strict Transport Security. It’s a process used by websites to say that they should only be accessed using a secure connection (HTTPS).

Well, there you have it, 6 steps to make your Squarespace website more secure and legally compliant. That’s all for now, thanks for reading!

Did this post help you? Or do you still have questions? Please leave a comment and let me know! I’m always happy to hear from you!

Need help building a custom website on Squarespace? 🙋‍♀️ Yup! I can help ya with that! Check out my Custom Website service and see if it’s right for you.

If you enjoyed this post, please help me out by pinning it to Pinterest or sharing it on social media. :)


Don’t take off without snagging a copy of my Free Website Goals + Nav Workbook. This workbook will help you set clear goals for your website and navigation that will help you convert your site’s users into paying customers and clients!


See this content in the original post