Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Goober is a lightweight CSS in JS library (around 1 KB) used by developers to style React, Preact and other front end components at runtime, without dependencies or tracking.
Goober is a tiny CSS in JS library, around 1 KB in size, used to style components in modern JavaScript front ends such as React, Preact, Svelte and vanilla applications. It injects styles into the DOM at runtime, supports server side rendering and provides a familiar styled and css API. The library has no analytics, no telemetry and no external dependencies.
Goober itself does not set cookies, does not read local storage and does not perform any network call. It only generates style tags inside the document. Any data exchange depends entirely on how the integrator loads the package: bundled in the application, served from a self hosted location, or fetched from a public CDN such as jsDelivr or unpkg.
Because no information is read from or written to the visitor's terminal, Goober falls outside the scope of Article 5(3) of the ePrivacy Directive. The library does not trigger consent obligations on its own. However, loading Goober from a CDN exposes the visitor IP address to the CDN operator, which is a personal data processing activity governed by the GDPR.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No consent is required to use Goober when the library is bundled with the application or self hosted on the same domain. When the library is fetched from a third party CDN, the legal basis is the legitimate interest of the website operator to deliver static assets. Consent only becomes relevant if the CDN provider sets cookies on its endpoint for other purposes.
Goober has no servers and no managed cloud component. The transfer profile depends on the delivery channel. Bundled or self hosted in the EU: no transfer. Fetched from jsDelivr, unpkg or another global CDN: the visitor IP and HTTP metadata may be processed in third countries, which requires a Standard Contractual Clauses framework and a transfer impact assessment.
Bundle Goober into your application build whenever possible, or host it from an EU based static asset server. If you rely on a public CDN, document the provider, the country of processing and the safeguards. Mention the library in your privacy policy under the section about technical components, and ensure the integrity hash is pinned to avoid silent updates from the CDN.
Websites using Goober must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for Goober itself, as the library does not collect personal data. A risk assessment may still be useful if Goober is loaded from a third party CDN that exposes visitor IP addresses outside the EEA.
Sample consent text
This website uses small CSS utilities for styling. They do not set cookies and do not collect personal data. Some assets may be served from a CDN that processes your IP address only to deliver the file.
Third-party domains contacted
cdn.jsdelivr.netunpkg.comregistry.npmjs.orgCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| none_by_default | first_party | N/A | Goober itself does not set any cookies. This entry is a placeholder confirming the library is cookieless by design. |
| cdn_session | third_party | Session | Optional session cookie that may be set by the chosen CDN (jsDelivr, unpkg) on its own domain for caching or load balancing, never on your application domain. |
| app_csrf | first_party | Session | Anti CSRF token set by your application framework (for example Next.js, Remix or Express), unrelated to Goober but commonly visible alongside it. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. Goober is a CSS in JS runtime that only generates style tags inside the document. It does not write cookies, does not use local storage and does not perform any background network request. Any cookies you see in the browser come from other components of your application.
Consent is not required for the library itself because no information is stored or accessed on the visitor's device. When Goober is fetched from a third party CDN, the legal basis for the IP transmission is the legitimate interest of the website operator in delivering static assets.
No personal data is processed by the library. If Goober is loaded from a CDN, the IP address shared with the CDN provider is processed under Article 6(1)(f) of the GDPR (legitimate interest), provided the documentation describes the recipient and the safeguards put in place.
The library itself does not transfer data. Transfers can occur indirectly when Goober is served from a global CDN such as jsDelivr or unpkg, which may process the request from edge nodes located in the United States or other countries. Standard Contractual Clauses cover those transfers.
A formal DPIA is not required for Goober. The library does not process personal data, does not profile users and does not perform automated decision making. A lightweight third party risk assessment for the chosen CDN is usually enough.
Bundle the library directly into your application or self host it on the same domain as the website. Pin a Subresource Integrity hash, document the dependency in your component inventory, and add a single line to your privacy policy describing that Goober is a styling utility with no tracking.
Alternatives include Emotion, Styled Components, Stitches, vanilla extract and Tailwind CSS. Goober is chosen mostly for its very small footprint. Each alternative has its own privacy profile, but most CSS in JS libraries also avoid setting cookies.
List Goober in the technical components section of the privacy policy, state that it does not set cookies, mention the delivery channel (bundled, self hosted or CDN), and if a CDN is used, name the provider and the country of processing along with the legal safeguards.