The only thing that bothers me is the generation of the zip file, but streaming these files without any caching on the server would be very expensive (especially on a single free heroku dynamo).
Google Fonts follows the Google API TOS. As far as I read it: no, as long as there aren't any further restrictions on the font by third parties.
> d. Data Portability
> Google supports data portability. For as long as you use or store any user data that you obtained through the APIs, you agree to enable your users to export their equivalent data to other services or applications of their choice in a way that's substantially as fast and easy as exporting such data from Google products and services, subject to applicable laws, and you agree that you will not make that data available to third parties who do not also abide by this obligation.
but also
> a. Content Accessible Through our APIs
> Our APIs contain some third party content (such as text, images, videos, audio, or software). This content is the sole responsibility of the person that makes it available. We may sometimes review content to determine whether it is illegal or violates our policies or the Terms, and we may remove or refuse to display content. Finally, content accessible through our APIs may be subject to intellectual property rights, and, if so, you may not use it unless you are licensed to do so by the owner of that content or are otherwise permitted by law. Your access to the content provided by the API may be restricted, limited, or filtered in accordance with applicable law, regulation, and policy.
"As far as I read it: no, as long as there aren't any further restrictions on the font by third parties."
My reading of 5e says the opposite. That 'unless expressly permitted by content owners' you shouldn't be allowing caching of content provided via Google APIs.
Perhaps we are arguing the same thing ultimately, but it's important to understand the distinction Google is attempting to make. They're basically trying to cover themselves by asserting that they are not granting any additional freedom beyond what the designer intended. Relicensing without permission is copyright infringement-- Google doesn't want the headache. Their safest course is to specify that unless you've been given license to do certain things by the content owner, that Google themselves is not licensing you to do those things.
Think of it like an affirmation from an open source project licensed under an MIT or BSD license. Although they might include GPL code from elsewhere, they'll generally state that they're not relicensing someone else's GPL code under the less restrictive license.
Hm, well then I will have to request the font files fetched from their hosted CSS, compress them and pipe this output (the resulting zip) without any caching on the server.
This may result in a higher latency, but might be more safe in regards to their ToS.
My personal opinion is to leave things as they are until you hear from Google. Simply be aware of the possible interpretations of the ToS. I do believe Argorak has the correct sentiment: that it's ultimately up to the individual font designer/cretor.
Your temporary caching, to me, seems fine. I read the ToS as saying that permitting your end user to obtain permanent copies might be disallowed ... at the discretion of the font designers. To be absolutely certain, you should check each font's license. Considering the fonts aren't Google's to license, I doubt you'll hear from them.
Interestingly, Google's own Fonts API which I'm using with my service, doesn't provide any information about the underlying license of each font (I previously wanted to include that info in the UI as well).
