As part of our ongoing commitment to building a more just digital landscape, we have been thinking a lot about privacy this year. We’ve also been trying out Remix and though we wish the project was still working towards a renderer-agnostic architecture, we appreciate its reliance on web standards. Many technologists care about privacy and consent, but that work often gets deprioritized to make time for other critical functionality. It also gets harder to retrofit good privacy practices the more a project gets built out. Planning for and doing it from the beginning is best.

To help change this, we are announcing a new stack for the Remix ecosystem: the Privacy Stack. The Privacy Stack builds on the Remix Indie Stack and adds two big privacy features:

  • GDPR and CCPA user flows
  • Self-hosted Deployments

GDPR and CCPA User Flows

The EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) include a wide spectrum of requirements for makers of web apps. Most important among these is a list of privacy rights for users’ of these apps. Our experience working directly with privacy conscious organizations has shown us that many web apps need to support users’ abilities to easily do the following:

  • Give (and withdraw) consent to having their data collected and stored
  • See what data is collected about them
  • Receive an export of their data
  • Request deletion of their data

The first item about consent is often handled while the user is first visiting the website. You’ve probably seen cookie popups like the one on Stack Overflow:

Screenshot of Stack Overflow's Cookie Permission Popup

Many web apps offer the remaining functionalities over email (GitHub’s Privacy Policy is an example). This means a user has to write an email to see, delete, or get a copy of the data the web app has collected about them. Others offer a general purpose webform (see Stack Overflow’s). Many simply don’t offer any specific avenues for data privacy management. They point to existing functionality scattered throughout the web app (as American Express does). While all these approaches may technically meet a legal obligation (again, IANAL), they don’t make it easy for users to exercise control over their data.

This all undermines a key principle of consent: being reversible. We know that we, collectively as an industry, can do better.

The Privacy Stack includes a demo notes app (which is customary in a Remix stack) and adds these key flows on top of it. Users can see their data the app has about them directly in the app, and gives them the ability to delete it. This is supported from the UI layer down to the database, so when you click “Delete all my data”, it actually happens. Users can also “undo signup” and delete their account and all of its data. We will be adding the ability for a user to export their data soon.

Screenshot of the data setting page in the privacy stack's demo app

Self-hosted Deployments

Another primary feature of the Privacy Stack is self-hosted deployments using Ansible scripts. These make it easy to lockdown, provision, and deploy your site on a virtual remote machine, regardless of the hosting service. This also means it’s much easier to migrate your web app to another service, which is especially important when web hosting providers’ policies change. Or if you are ready to move to a service whose practices are more values aligned, whether it’s about privacy, environmental stewardship, or something else.

It also means you can more easily choose a cheaper service. We’ve successfully used it with Digital Ocean’s droplets, which are much cheaper than a service like Netlify or Vercel.

And More!

The Privacy stack also includes a host of other helpful scaffolding and features:

  • File upload
  • Transactional emails
  • Autocomplete search
  • User Profiles
  • UI Library
  • Database
  • Continuous Integrations
  • Lightweight CMS

You can read more about each of these on the Privacy Stack website.

While it might not have the name of a music genre, we think you’ll find the Privacy Stack is a great way to kickstart your next website, with privacy baked into its foundation. We haven’t seen a Remix stack with this much functionality included from the beginning, and we’re excited to share it.

Please leave us feedback on our GitHub repo or tag us on social media. We’d love to hear what you think and we’ll continue to build and iterate on this important work.