20+ third party (marketing) tracker in Webflow :(

Due to a bug I had to disable Ghostery when using Webflow Designer and now just realized that you guys are sending information to more than 20 third party trackers while I’m in my Webflow Dashboard (adding domain names, API keys and other “semi” secure stuff). It’s certainly ok on your root domain to track visitors but as a paying customer I feel a little worried about how many other companies might potentially get all the information that’s in my Webflow Dashboard.

Anybody else who’s at least a little concerned about that?

To name a few:

Hey @Marci, thank you for bringing this up - we’re actively reviewing all of this right now (especially for the Dashboard) as we prepare for GDPR. To give some context, here’s a bit more info about how and where we use trackers on our website and in the product.

  1. Marketing: We use Facebook, Twitter, and Google tools to let us know about important events (like signups and upgrades) and to help us attract new users. As you can see, the majority of these trackers come from these social networks.

  2. Product analytics: We only use this data to improve Webflow’s products – for example, to gauge how actively the recent copy-paste feature is being used, and if we need to make any product changes to surface that functionality better. We only share this data with the analytics provider.

We’re in the process of revising our privacy policy to clearly lay out what data we send to each third-party, as well as providing opt-out links for each.

During this process, we’re also reducing the amount of data we send from the Dashboard to the bare minimum. Currently, our marketing and dashboard sites share the same analytics code – but that will be changing shortly.

We’ll publish the new privacy policy very soon, and we’ll let you know when it’s ready.

2 Likes

Any idea when this is due to be complete? As far as I can tell Webflow is also tracking and using cookies on published sites to see how people are interacting with site built in Webflow.

An explicit list of the cookies used and their purpose will also help Webflow built sites prepare for GDPR.

Any idea when this is due to be complete?

We’re still in the back-and-forth with our attorneys on the edits to the privacy and cookie policy. We hope to have more news here by the end of this week!

As far as I can tell Webflow is also tracking and using cookies on published sites to see how people are interacting with site built in Webflow.

This should absolutely not be the case. For example, here’s a test page I just published, and it doesn’t contain any cookies or trackers: http://test-site-1974aa.webflow.io/

If you’re adding a Facebook Like widget to your site, or have any custom code that enables Google Analytics or something similar, then that’s an opt-in action depending on each site you create - and Webflow has zero access to or control over that data.

An explicit list of the cookies used and their purpose will also help Webflow built sites prepare for GDPR.

As mentioned above, we’re close to finalizing this. But there are NO cookies added by default in Webflow published sites - only the ones that you choose to add yourself via integrations to your specific sites are added (which Webflow does not control).

There is a session cookie that is used for logging into the Editor (via the ?edit mode), but that only kicks in when someone logs in to edit their site, and is not used for any other purpose than to facilitate login for content editors.

I may be doing something wrong but when I go onto the test site you linked and look at the cookies using chromes Developer tools I get the following. Are those not cookies relating to the domain?

Thanks for you reply. I look forward to the follow up.

The Chrome application tab is a bit confusing - they are showing all cookies for all domains for all linked assets on the page, not necessarilly what cookies are set by the page/assets themselves. Most of the cookies on that page are cookies that are set for webflow.com, not the page you are on.

If you load the page in an incognito window where you aren’t logged in to Webflow, you should see an empty cookie list:

1 Like

I’m a designer and the decision for webflow was driven by @callmevlad 's basic vision, to give everyone the chance to build great websites, without having the need to work with a developer. After publishing some projects and learning to use this great tool, what is strong orientated on css, surely I’m a little bit more than a designer, meanwhile, what is ok, so far, as I assume the final results from Webflow seems so much better as regular homepage builders, or similar drag and drop tools.

Coming back to the basic vision, I don’t know, why we have to face now all that stuff about cookies and other technical things behind Webflow, just for following the EU GDPR stuff?

I solved all actual law privacy stuff, e. g. for Google Analytics and other things with a german platform, but they are not aware of tools like Webflow So, concerning Webflow I have a black hole at this moment, and wether I know, which texts I should add to this privacy policy pages of my clients, nor I know, what to tell my clients about potentially necessary contracts with Webflow.

I strongly hope, we will have soon a checklist with clear information about what we have to do in context of Webflow.

And in addition to that I want to mention at least Cloudflare, what is a necessary service to use with SSL, as some domain providers are not able to handle two different DNS entries. I’m not talking about custom code, what is surely not a problem of Webflow.

Btw. this domain stuff was working with some luck and support, but it is already sometimes at a technical level, where I would wish to have a service package from Webflow, which I could order, when it comes to connecting the clients domains.

Any feedback would be appreciated

Thx

Harald

I’m also waiting for info about cookies, but more interested in data-processing-agreements and a transparant view of sub-processors that are used.

BTW. Domain stuff is more often complicated than simple. Luckily i have worked quite a lot with servers, domains and DNS settings - so i know where to look when things don’t work out-of-the-box.

To be honest, i like to be able to set/config the whole domain/DNS thing. Also with e-mail, spam and other important things like SPF/DKIM/DMARC i like to keep this in my own system to keep maximal control.

I think it’s comparable to SEO… It can also be done with the information and settings you have within Webflow, but to do them (really) well, you need expertise in this area. For Domains, DNS, e-mail etc. you also need to know how to config/use this.

Yes, it could/would be quite handy to have some (or even full) support from Webflow as well. But my experience so far (more than 11 years) is that there are quite a lot of different systems in which you can modify all the (server)settings and every client has it’s own system connected in its own way - it’s very hard for an external company to give (full) support in this area.

Well, I agree that it’s not a good think but I totally understand why it’s done. These days information is really important and everyone tries to know as much as possible about their customers and potential clients.