GDPR-safe web fonts
In January 2022 a German court ruled that embedding Google Fonts without consent violates the GDPR, because every page view transmits the visitor's IP address to Google (LG München, 3 O 17493/20). Site owners across the EU received fines and cease-and-desist letters for a stylesheet link.
onlyfonts exists on the other side of that trade: fonts served from EU infrastructure, cookie-free, with no visitor profiling — through a CDN that's URL-compatible with Google Fonts.
the fix is one line
<!-- before: transmits visitor IPs to Google -->
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;700" rel="stylesheet">
<!-- after: EU-hosted, cookie-free, no tracking -->
<link href="https://cdn.onlyfonts.ai/css2?family=Inter:wght@400;700" rel="stylesheet"> Same css2 family syntax, weights, italics, and variable ranges. Full steps: migrating from Google Fonts.
what "no tracking" means here
- no cookies on any CDN response
- no identity-linked logging of font requests
- EU data residency: storage in Western Europe, served from Cloudflare's edge
- open-source fonts only — you can also self-host every font if you want zero third parties
for agencies and compliance teams
If you maintain many sites, custom domains let you serve fonts from your own hostname (fonts.client.com) so font requests are first-party. Questions about processing details for your records: support@onlyfonts.ai.
This page is practical guidance, not legal advice — see our privacy policy for what we process.