Font AwesomeYou’ve probably heard about GDPR or at least seen its effects (all those popups asking you to accept cookie settings, for example). We’ve got some GDPR compliance of our own and in this post we’ll be talking about the nature of privacy, export, and explicit consent.
TL;DR
You tried to login to Font Awesome and got a popup about accepting our terms of service and privacy policy. Those terms and policies have not changed in over a year, we simply need explicit consent from our users, specifically those living in Europe so we comply with GDPR.
Since we are a small company, we can’t easily maintain data centers in the EU. What little data we collect about you needs to be exported to the US. We aren’t supposed to do that unless you agree to the export.
A more in-depth discussion of privacy
What is privacy? This is a complex topic. WAAAAY back when I first got into security, privacy was mostly about ensuring information about a person was kept secret. Think about medical and financial records. For a long time, the goal was to make sure no one else could get that information so bad actors couldn’t steal your identity or get access to things reserved for you (like your bank account or health insurance).
Today, things are a little different. Because much of the Internet is free to use, someone had to foot the bill for jigawatts of power used to run the servers that shape our daily lives. The solution was advertising. Advertising is more effective and lucrative when the advertiser knows a lot about their target audience. To that end, companies that rely heavily on advertising have started collecting TONS of data about individual users.
Unfortunately, in their rush towards profitability, a lot of companies didn’t really consider how all this newly available information might harm users. So, after years of abuse, the EU finally decided to stand up for the rights of the people (what else should a government do, right?). They made privacy about the right of the person to control how specific information about them is collected, used, and maintained.
Font Awesome and privacy
From the beginning, our goal has been to follow the Golden Rule; treat others as you yourself would want to be treated. That is why, from Font Awesome’s beginning, we’ve done things a little differently. Unlike 10^100 or rivers in Brazil (you know who you are) our free product is genuinely free and open source. Just use it! We want you to! It’s awesome!
In order to keep making awesome stuff, we have a Pro version of our product. That is our main source of revenue. We don’t track how you use our product and create profiles about you that we sell to advertising agencies, we just make a product we think is worth the price you pay for it.
That data gets used primarily to make sure things are running smoothly and so that we can communicate with you about any problems, updates, or sweet deals. Full disclosure, we do have some small ads on our free site, but those ads aren’t targeted, i.e., they don’t know anything about you specifically (which is why we make VERY little money from them directly).
To get a Font Awesome account, all you need to give us is an email address so we can keep in touch if necessary. You can choose to tell us a little bit more about yourself, but all we do with that is personalize your emails (and try to figure out how long people have heard about us and their favorite icons). Our commitment to you is always to keep your data safe and never use it beyond the bounds of Font Awesome.
Font Awesome and GDPR
Font Awesome is a small company. At the moment, we don’t have a solution that allows us to keep EU data entirely within the geographical bounds of the EU member states. To that end, we have to export user data. The good news is, because we collect almost nothing anyway, the cybersecurity risk to our users is very low in general. However, to be considerate citizens of the Internet/world and comply with the law we need you to explicitly agree to let us export that data.
To achieve the above, we comply with EU-U.S. DPF. If you’d like to learn more about that, you can read the following here, and here.
We plan to keep your data safe to the best of our ability. However, there is a chance that some US law enforcement agency can compel us to provide information about EU citizens. If the risk of having your email address and the other information you provided us (up to and including first name, last name, year you learned about Font Awesome, and favorite icon) potentially read by US authorities is too great for you, we understand. We hope to not require information export in the future; until that day arrives, we’ll do the best that we can otherwise. That is why we need you to explicitly consent to having your data exported to the US.
Log in to Font Awesome and click the checkbox that says you explicitly agree to our terms of service and privacy policy
