HiEventsDev
🐛not GDPR compliant!
Description Since Mai 2018 all services aimed at EU citisens have to comply with GDPR. The application including your instance on https://app.hi.events is available in German, French, Dutch, Portugese and Spanish. All are part of the EU. The language indicates your application is directed at eu visitors and you have to protect their personal data. The ip address is a highly personal date. If you want to share it with companies such as fonts.googleapis.com or usefathom.com you need their consent or usage of of these entities is essential to provide your service. That is not the case. A court already ruled that it's not too much efffort for you to host google fonts locally. You can claim legitimate interest in measuring the performance of your website but im uncertain if you have the right to share the ip address with a third party without the users consent.
app.hi.events is accessible directly through google search result. You should properly link your privacy policy and Legal Notice/Legal Disclosure
To Reproduce Steps to reproduce the behavior:
- Go to 'https://app.hi.events
- inspect the network traffic
Expected behavior no calls to googleapis.com without users consenst or just inlcude them locally
Screenshots
Logs -,
Desktop and Smartphone:
- all devices
Hi.Events Version and platform -- all versions, local, docker, saas
Additional context -,
Thanks for flagging this! GDPR compliance has been a priority, and most of the heavy lifting has already been done. The remaining items you've pointed out are thankfully minor. Hosting fonts locally and handling third-party services like useFathom are on the checklist.
