Privacy Policy
Last updated: October 5, 2025
1. Controller
This website and the online shop are operated by:
Jan Robert Obst, NO TYPE FACES
Groninger Straße 48
13347 Berlin, Germany
Email:
info@notypefaces.comThis Privacy Policy explains how we process personal data when you visit our website, order fonts, or communicate with us.
2. Legal Basis and Principles
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Data processing occurs only when necessary for:
• performance of a contract or pre-contractual steps (Art. 6 (1)(b) GDPR),
• compliance with legal obligations (Art. 6 (1)(c) GDPR), or
• legitimate interests (Art. 6 (1)(f) GDPR), such as website stability, security, and usability.
3. Hosting by Strato AG
Our website is hosted by Strato AG, Pascalstraße 10, 10587 Berlin, Germany.
All data is stored exclusively on servers located in Germany.
Strato processes server log files (e.g., IP address, browser type, access time, referring URL) for security and maintenance purposes.
The legal basis for this processing is Art. 6 (1)(f) GDPR.
We have concluded a Data Processing Agreement (DPA) with Strato in accordance with Art. 28 GDPR.
4. Website and CMS via Webflow
We use Webflow Inc., 398 11th Street, San Francisco, CA 94103, USA, for website design, content management, and delivery.
Webflow may process limited technical data (e.g., IP address, browser data, device type) to ensure website performance and security. Data may be transferred to the United States. Such transfers are safeguarded by the EU-US Data Privacy Framework and the Standard Contractual Clauses (Art. 46 GDPR).
We have signed a Data Processing Addendum (DPA) with Webflow, governing the secure handling of personal data.
All data transmission is encrypted via SSL / TLS.
We do not use Google Fonts, Google Analytics, or any third-party tracking tools.
All fonts are locally hosted to prevent unnecessary data transfers.
5. Online Shop and Font Licensing (Fontdue)
Our online shop and font licensing system are powered by Fontdue, a third-party e-commerce platform specialized in font distribution.
When you purchase a font, Fontdue processes the data you provide (such as name, email address, billing information, and order details) to fulfill your order, deliver the font license, and generate invoices.
Processing is based on Art. 6 (1)(b) GDPR (performance of a contract). We have a Data Processing Agreement (DPA) with Fontdue in accordance with Art. 28 GDPR. Fontdue may use secure international servers, including in the USA, protected under Standard Contractual Clauses (SCCs).
6. Payments via Stripe
Payments are handled by Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland.
Stripe processes payment data (credit card number, name, billing address, email, IP address) to carry out transactions and prevent fraud. The processing is based on Art. 6 (1)(b) GDPR (contract performance) and Art. 6 (1)(f) GDPR (legitimate interest in secure payment).
Stripe acts as an independent data controller under GDPR.
You can find Stripe’s Privacy Policy here:
https://stripe.com/privacy
7. Newsletter via Brevo
We use Brevo (formerly Sendinblue) to send newsletters and email updates.The provider is Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.When you subscribe to our newsletter, we process your email address and, optionally, your name if you choose to provide it.
This data is used solely for sending the newsletter and managing your subscription.
We do not track openings, clicks, or other user behavior. The legal basis for processing is your consent under Art. 6 (1)(a) GDPR. You can withdraw your consent at any time by clicking the “unsubscribe” link in each email or by contacting us directly at
info@notypefaces.com. All data is stored on secure servers within the European Union (Germany and France).
We have concluded a Data Processing Agreement (DPA) with Brevo in accordance with Art. 28 GDPR.
For more details, please see Brevo’s privacy policy:
https://www.brevo.com/legal/privacypolicy/8. Communication and Contact
If you contact us by email or form, we will process your data (name, email, message content) to handle your request. The legal basis is Art. 6 (1)(b) GDPR (contract or pre-contractual communication). Your data will be deleted once your request has been resolved, unless legal obligations require longer retention.
9. Data Retention
We store personal data only for as long as necessary to fulfill contractual or legal obligations. Once data is no longer needed, it will be securely deleted in accordance with Art. 17 GDPR.
10. Your Rights
You have the following rights under GDPR:
• Access to your data (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection to processing (Art. 21)
You also have the right to lodge a complaint with a supervisory authority(e.g., the Berliner Beauftragte für Datenschutz und Informationsfreiheit).
11. Data Security
All communication with our servers is protected by SSL / TLS encryption. We take appropriate technical and organizational measures to prevent loss, misuse, or unauthorized access.
12. Updates
We may update this Privacy Policy when technical or legal requirements change. The most recent version is always available on our website.