We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Customer Data
Last updated: February 23, 2026.
This page describes what customer data flows through Fontdue and how it is handled, to help foundries understand the privacy implications for their customers.
Font Serving
When fonts are loaded through Fontdue, we log the following:
- Requesting domain — the website where the fonts are being used
- Font family and style — which fonts were requested
- Country — derived from a Cloudflare header, not from the visitor's IP address
- Timestamp — when the request occurred
Font serving does not involve cookies, visitor identification, or IP address storage. These logs are used solely to help foundries understand where and how their fonts are being used.
Analytics Tracking
Analytics tracking is disabled by default and must be explicitly enabled in your Fontdue settings.
When enabled, Fontdue's client library collects anonymous usage data on your website:
- Page views — page URL, path, title, and referrer
- Events — actions like button clicks or form submissions, as configured by you
- Browser information — the user agent string (browser name, version, operating system)
- Country — derived from a Cloudflare header, not stored as an IP address
- Campaign parameters — UTM parameters and click identifiers (such as gclid or fbclid) from the page URL
All tracking data is anonymous. Visitors are assigned a random identifier (a UUID) that is not linked to any personal information.
Cookies
Fontdue uses cookies on your storefront for the following purposes:
Session cookie (_fontdue_session) — a signed browser session cookie that stores the visitor's cart. It contains an order identifier and is used to maintain the shopping cart across page loads. This cookie expires when the browser is closed and does not contain any personal information.
Tracking cookie (_fontdue_state) — only set when analytics tracking is enabled. It contains a random anonymous identifier and first-touch campaign attribution data (e.g., the UTM parameters from the visitor's first visit). This cookie expires after 1 year, is encrypted, marked HttpOnly (not accessible to JavaScript), Secure (HTTPS only), and SameSite=None.
When analytics tracking is not enabled, only the session cookie is used.
Purchases and Order History
When a customer purchases fonts, the following information is collected as part of the transaction:
- Email address — used for order receipts and download links
- Name and billing address — for invoicing
- Payment information — processed by Stripe; Fontdue does not store full card numbers
Fontdue does not use traditional customer accounts or passwords. Instead, order history and downloads are accessed through time-limited signed links sent by email:
- Order history dashboard — accessible via a link valid for 24 hours
- Invoice downloads — accessible via a link valid for 1 year
- Font file downloads — accessible via a link valid for 30 days
These links are cryptographically signed and tied to a specific order. They cannot be guessed or reused for other orders.
What Fontdue Does Not Collect
- IP addresses — Cloudflare processes visitor IP addresses to determine country codes, but Fontdue only receives and stores the country code (e.g., "US" or "DE"), never the IP address itself
- Device fingerprints — no canvas fingerprinting, audio fingerprinting, or similar techniques
- Cross-foundry tracking — customer activity on one foundry's website is never shared with or visible to another foundry
- Fontdue does not sell visitor data to third parties
Data Isolation
Each foundry's data is stored in a completely isolated database schema. There is no data sharing, aggregation, or cross-referencing between foundries. When a foundry's account is closed, their data is deleted.
reCAPTCHA
reCAPTCHA is disabled by default and must be explicitly enabled in your Security settings.
When enabled, Google reCAPTCHA v2 is used to protect the Test Fonts and Newsletter forms on your storefront from bot submissions. This loads Google's reCAPTCHA script on your website, which sends visitor data to Google (including IP address and browsing behavior) to determine whether the visitor is human. See Google's privacy policy and reCAPTCHA terms.
If you enable reCAPTCHA, you should disclose this in your privacy policy.
Third-Party Services
- Cloudflare — provides CDN and security services. Cloudflare processes visitor IP addresses to determine country codes and to protect against attacks. See Cloudflare's privacy policy.
- Stripe — processes payments. See Stripe's privacy policy.
- Google reCAPTCHA — when enabled, protects forms from bots. See Google's privacy policy.
Data Processing
Foundries are the data controllers — they decide what data to collect and how to use it. Fontdue acts as a data processor, handling data on their behalf according to their instructions.
A Data Processing Addendum (DPA) is available on request. Contact us at [email protected].
Updating Your Privacy Policy
If you enable analytics tracking, we recommend updating your privacy policy to disclose:
- The use of cookies for anonymous analytics
- That anonymous visitor data (page views, browser information, country) is collected
- That Fontdue processes this data on your behalf
If you need a Data Processing Addendum or have questions about how Fontdue handles your customers' data, contact us at [email protected].