Security

*Last updated on January 18, 2021

Security

For Squarespace Users

If you have a question about privacy or need to report abusive behavior, please submit a support request to our support team.

For Professional Security Researchers

If you are a security researcher and you believe you have discovered a vulnerability on Squarespace, please email us at security@Squarespace.com. We treat all security reports as urgent and we’ll acknowledge that we have received your report as soon as we can. In the unlikely event that you don’t hear back from us within 24 hours, ping us again either by email or on twitter. After we’ve received your report we will work with you to investigate the issue and resolve it as soon as possible.

We have a few guidelines we need researchers to follow when looking for vulnerabilities. Respect our user’s privacy. You may not access or modify user data without our permission. Do not employ denial-of-service attacks against Squarespace, and attempt to avoid degrading our quality of service. After reporting a vulnerability, we ask that you allow us a reasonable period of time to investigate and fix the issue before you disclose it publicly.

The Foursquare website, including localized subdomains such as ru.Squarespace.com, and the Foursquare API, are in scope for security reports. The site support.Squarespace.com is hosted by Zendesk, and security issues with support.Squarespace.com should be reported to Zendesk using their security page.