Gravatar privacy proxy
Previously we made direct use of the Gravatar service (operated by WordPress) to provide avatars for subscribers. Doing this leaks IP addresses of the subscribers to a US-based entity without explicit permission, and we don’t like that, so we implemented a proxy service that means that subscriber avatars are served via our own servers, in a way that means that Gravatar is never contacted by subscribers directly, and their IPs are never revealed. This was the only remaining external service that could handle subscriber data, so now we can be certain that data is shared with nobody except Smartmessages account holders, who are the data controllers for subscriber data. Yes – we’re now entirely free of tracking cookies and scripts.
Enhanced Content Security Policy
You’re welcome to test our domains at any time, using tools like securityheaders.com and Qualys SSL labs. Should you find a security issue that you would like to report to us privately, please use our standard security.txt file. Of course you should run the same tests on our competition too!