Workers itself isn't a gdpr concern
Workers don't track users and don't store their information
However if you use google analytics on your site etc and your tracking software isn't gdpr compliant then this is on you.
I see, thanks for the clarification. I'd probably use matomo or something similiar GDPR compliant.
I have 2 more questions since as a designer, I heavily rely on image, video and animation content:
1) Lottie Animations. The workflow to include these is pretty crucial without relying on 3rd party services like LottieFiles with extra costs and possible GDPR questions. It would be ideal to upload them directly in Webstudio of course, not sure why this is not possible since file size is very small. The second method I would think of is to get the URL of the Lottie file uploaded to e.g. Wordpress hosted on one's own server (would Wordpress even be needed for that?), and HTML embed it in Webstudio. Lottie file format as exported from After Effects is .json. I tested this method, it doesn't work (HTML embed from LottieFiles worked). Semplice for Wordpress, supports playback from Lottie .json animations. This would be pretty crucial to me.
2) Video: Again, no possibility to directly upload videos, not sure why (size and performance?). Same thing as above, don't want to rely on Vimeo (GDPR + costs). Is there anything planned to support videos natively in Webstudio with the "Unlimited asset storage"? Or is the intended workflow, if not Vimeo, Wordpress Video Link with HTML embed? I'd assume performance loss with this.
1) agree, we should add that ability to upload lottie files directly.
Sinc you put multiple questions into the first one:
1.1 Lottie is a json with data + the script that loads and uses that data to render. You can embed both in html embed, its most likely not even hard and there must be tutorials for this
2) Yes video hosting is a very different task, size of files, uploading large files, misuse for inappropriate content and many more questions would arise.
Vimeo is our first choice because it is GDPR compliant and offers free options too. No there will never be unlimited video upload storage on webstudio. At max we might add 10-20mb size videos support for background videos and alike.
Additionally we can add a video player that allows you to put your video content anywhere else as a file, e.g. amazon s3, drive, dropbox or anything else and play it in webstudio. Technically you can do that today with html embed too.
Regarding performance: videos aren't really about performance most of the time, unless it is a background video that starts playing as you load the page and the delay is your concern. Even in this case I would say there should be a static image placeholder until video starts playing.
Our vimeo component has 0 performance impact on page speed because we don't load anything from them until user starts playing the video. And even for autoplay we have a "lazy" option which only starts playing/loading when video gets into viewport.
Same will be done for youtube and a custom video player once we add one.
Performance of playing the video is not really a concern normally, because video play is always associated with some delay and there is buffering.
Support for .json upload would be very nice, even more a native Lottie Player that supports and plays .json. Couldn't find a solution yet for now. About video support, I can agree and understand all your points mentioned.
When you say that Vimeo is GDPR compliant, as far as I researched, I still would need to make a cookie banner for this use case. Or is this not necessary when I use the "Do Not Track" in your Vimeo Player (which probably corresponds with the "dnt=true" option)? The data is still hosted in USA afaik and IP addresses are submitted.
The video HTML embed method would work, but of course it's always nicer to have a native solution that works out of the box like your Vimeo object.
Gonna make up my mind with Webstudio Lifetime. It basically comes down between Webstudio or Wordpress X Bricks Builder. Really hard to choose. No matter what, I think your Open Source approach is great and you have a dope product.
What would be your K.O. criteria against Wordpress x Bricks Builder? It's hard for me to figure out the longterm nuances. My gut feeling goes a bit more for Webstudio with a fresher and technologically more modern approach, but I can't really tell if the technical aspects are harder to approach and comprehend to achieve same results.
with do not track its not necessary
The data is still hosted in USA afaik and IP addresses are submitted.
Video data is public, it doesn't matter where its hosted and IP address is not associated with the personal information from your site, so it has nothing to do with gdpr
Do you as contractor with Cloudflare have any measures to for example anonymize IP adresses? Is there a way for us customers especially from EU, have a kind of legal document as a GDPR compliance confirmation (Data Processing Agreement or similiar)? I'm actually not 100% sure how to handle this so that everything is legally correctly setup, but even the submission of IP adresses to the USA from European Citizens at some point of access to the USA is against GDPR as far as I've researched.
We don't collect IP addresses.
Even the submission falls under GDPR afaik
they don't do that either, but you can get their statement somewhere on their website
If for some reason the IP of a website visitor would be routed over US (which wouldn't make sense with the Edge Worker Technology right?)
even if it would be routed, it would be only stored temporarily like in any system, no permanent storage, but also no, it shouldn't be routed through the US either
We don't store form data submissions. With Webhook Form, we send an email to the email address you specified and that's it.
"even if it would be routed, it would be only stored temporarily like in any system" I think this would already concern GDPR.
Tbh, I actually want to use your tool, skip Wordpress and comply with GDPR at the same time. I think most is controllable in GDPR manner as with matomo analytics - the Cloudflare part is not directly. Ofc there is also self hosting, but at this point this surpasses my technical knowledge of servers
" I think this would already concern GDPR.
As far as I know no. Briefly storing for technical reasons is allowed, not allowed is permanent.
Is there the possibility to have a Cloudflare Dashboard for each site?
You can check out what cloudflare gives you when you use them as DNS.
Do you know the Regional Tools functionality for Cloudflare Workers? Can you as Webstudio control this and give us as users choose our preferred region?
This should give great control for GDPR compliance.
"Cloudflare’s Regional Services lets customers choose where in the Cloudflare network their TLSconnections are terminated. For example, a customer could choose to have said connectionsterminate in the EU, so decryption and inspection of the content of HTTP traffic happens onlyinside the EU. This restriction applies to all of our edge “application services, including:• Storing and retrieving content from cache• Blocking malicious HTTP payloads with the Web Application Firewall (WAF)• Detecting and blocking suspicious activity with Bot Management• Running Workers scriptsA hypothetical use case would be a Cloudflare customer in Germany enabling Regional Servicesto limit servicing to the EU. Their end-user clients will connect to the nearest Cloudflare locationanywhere in the world, but if that location is outside the EU, the traffic is passed to a CloudflareEU location before it is inspected. The customer still receives the benefit of our global, low-latency, high-throughput network, which is capable of withstanding even the largest DDoSattacks. However, Regional Services also gives customers local control. Only data centers insidethe EU will have the access necessary to apply security policies. This approach allows Cloudflareto select the fastest route to the EU and the closest available point of presence for processing."
