Best practices
Privacy
Web sites should value it's users privacy. Any private information saved and used should be clearly described in a privacy policy.
GDPR
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
If your web site saves or sends any private information of the user, this must be specified in a privacy policy on the web site. Depending on the information and complexity you might need to get help by a lawyer with this.
Cookie consent
If the web site or any third party tools used is saving any cookies on the client - the user should first consent. This is usually done by a "cookie bar" or modal showing information about what is saved. Consider making it possible to use your web page without consenting - or at least only with cookies really needed to make the site work.
Tracking cookies
It's popular to use some kind of tracking cookies for analytics (like Google Analytics) or a CRM to follow up on that your visitors use your web site. For these tools for work as intended, a cookie needs to be saved, and therefore require consent first by your user.
Alternatives
Using tracking cookies might be valuable if followed up correctly. But it is only used follow up on number of visitors, consider using a privacy focus alternative that does not require a cookie consent. We recommend Fathom Analytics.
Fonts
Even using Google Fonts can be considered non GDPR compliant (see Court ruling in Munich, Germany). As an alterative you could instead use the privacy-first web font platform Bunny Fonts.
<!-- Change: --><link href="https://fonts.googleapis.com/css2?family=Nunito:wght@400&display=swap" rel="stylesheet"><!-- To: --><link href="https://fonts.bunny.net/css2?family=Nunito:wght@400&display=swap" rel="stylesheet">To do
Privacy has been considered and a privacy policy exists if needed.
No cookies are saved before the user consents.
Use GDPR compliant Font service (or self host)