Privacy Policy

Thanks for showing interest in us and our website. This Privacy Policy outlines the privacy practices for Spacetype OOD, a company based in Sofia, Bulgaria, operating under the brand name Type Forward (“we,” “us,” or “our”).

 

This document explains the nature, scope, and purpose of the personal data we collect, use, and process when you interact with our website, typeforward.com (the “Website”). We’re committed to protecting your privacy and handling your information safely and responsibly in line with the GDPR and other applicable data protection laws.

 

We operate from Bulgaria and make our site available worldwide. This policy explains what personal data we handle when you browse our website or interact with our forms.

Last Update:
16-August-2025

 

Contact info:

 

Type Forward
contact@typeforward.com

Who We Are & How to Contact us

  • Company Name: spacetype OOD (спейстайп ООД)

  • Company Registration Number: BG206100269

  • Operating Name: Type Forward

  • Location: Sofia, Bulgaria

  • Contact Email: contact@typeforward.com

  • Website: typeforward.com

 

If you have any questions about this policy or wish to exercise your data protection rights, please use the email address above.

What Information We Collect

1) Newsletter sign‑ups (Mailchimp embedded forms)

  1. Data: Email address.

  2. Optional meta: Mailchimp may record time, IP, and consent log.

  3. Why: To send newsletters (e.g., new font releases, sales) and manage welcome/free/trial font emails.

  4. Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw at any time via the unsubscribe link.

 

2) Contact form — “Type Services”

  • Data: Name, email, message.

  • Why: To reply to your request and discuss a potential custom project.

  • Legal basis: Legitimate interests (Art. 6(1)(f)) and/or steps prior to a contract (Art. 6(1)(b)).

  • Storage: Form entries are stored in WordPress (Elementor Submissions) and also delivered to our email inbox.

 

3) Technical data

  • Data: Our hosting provider may process IP addresses and basic browser/device information as part of standard server operations, security, and error logs.

  • Why: To operate, secure, and debug the site.

  • Legal basis: Legitimate interests (site security and reliability) (Art. 6(1)(f)).

 

4) Cookies
We currently use only essential/functional cookies needed to run the site and consent tool. If we later add analytics or marketing tools, we will request your consent before setting any non‑essential cookies. See the Cookie Policy for details and your choices.

 

5) Consent logs (via CookieYes)

  • Data: Anonymized IP address, your country, your consent status (e.g., accepted/rejected), and a timestamp of when you consented.
  • Why: To record your cookie preferences and demonstrate our compliance with data protection laws.
  • Legal basis: Legal Obligation (Art. 6(1)(c) GDPR).

 

6) Analytics data (via Google Analytics)

  • Data: We collect pseudonymized data about your interaction with our site, such as pages visited, time spent on pages, device and browser type, and your general location (country/city). We have enabled IP anonymization, so your full IP address is not stored.
  • Why: To analyze website performance, understand which content is popular, and improve the user experience.
  • Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time through our cookie settings.

 

7) Behavior Analytics (via Hotjar)

  • Data: To help us improve our website’s design and usability, we collect data on user interactions, such as clicks, taps, scrolling, and mouse movements. This is aggregated into heatmaps and session recordings. We ensure that sensitive information in form fields is not recorded. Hotjar also uses a pseudonymized user identifier and technical data like your browser and country.
  • Why: To identify and fix user experience issues and improve the overall functionality and design of our website.
  • Legal basis: Consent ( GDPR). You can withdraw your consent at any time through our cookie settings.

 

 

8) Affiliate links
Some pages include affiliate links to external shops (e.g., Fontspring, MyFonts). If you click one, the external website may process your data under its own policy. We do not control third‑party sites.

 

International transfers

Some providers are headquartered outside the EEA (for example, Mailchimp’s parent company is in the United States). Where such access or transfer occurs, we rely on appropriate safeguards under GDPR, such as the European Commission’s Standard Contractual Clauses (SCCs), and we take additional measures where necessary.

Who processes your data

We use trusted service providers to run our website. They process personal data only under our instructions.

  • Hostinger International Ltd. (web hosting; data center: Germany/EU) — runs the server and may process IPs/logs for security and operations.

  • Google Workspace (Google Ireland Ltd. / Google LLC) — email for contact@typeforward.com (receives your contact form messages).

  • Google Analytics (Google Ireland Ltd. / Google LLC) — We use Google Analytics to understand website traffic and user behavior. Data may be transferred to Google servers in the United States.
  • Hotjar (Hotjar Ltd.) — We use Hotjar to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, etc.). Hotjar is based in Malta (EU).

  • Mailchimp (Intuit Inc.) — newsletter management, consent logs, welcome/free/trial automations.

  • Elementor (Elementor Ltd.) — stores Elementor Submissions (contact form entries) inside our WordPress database.

  • CookieYes — Provides our cookie consent banner and stores a log of your consent preferences to comply with legal requirements.

 

We also use GoDaddy for DNS hosting. DNS services are infrastructure; they typically do not handle website visitor personal data beyond what is technically necessary to route traffic.

How long do we keep data (retention)

  • Newsletter subscribers (Mailchimp): kept until you unsubscribe; minimal records (e.g., consent logs) retained for up to 24 months afterward for compliance.

  • Contact form emails (our mailbox): kept until no longer needed for your request or our legitimate interests; we review annually and delete stale threads.

  • Elementor Submissions (in WordPress): kept for 12 months, then purged.

  • Server access/security logs: typically kept up to 90 days.

  • Backups: automatic daily backups; currently ~60–90 days of restore points (rolling).

Your rights

You have the right to request access, correction, erasure, restriction, portability, and to object to processing based on our legitimate interests. Where we rely on consent, you can withdraw it at any time.
To exercise your rights, email contact@typeforward.com. We will respond without undue delay.

You also have the right to lodge a complaint with your local authority. In Bulgaria, that is the Commission for Personal Data Protection (CPDP).

Security

We use reputable hosting, industry‑standard security measures, and limited access to data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

 

If something goes wrong (data breach): we will investigate, mitigate risk, and where required, notify the relevant authority within 72 hours and inform affected individuals when legally required.

Children

Our site does not target children under 18, and we do not knowingly collect their data.

 

If you believe we have inadvertently collected such information, please contact us at contact@typeforward.com so we can promptly take corrective action.

Changes

We may update this policy when our services or the law changes. We will post the updated version here and change the “Last updated” date.

Get Free Fonts

Enter your e-mail to get [Font] free desktop and web fonts with license to use as you wish.