Not quite.
This thread has some historical background that’s relevant here - it’s back from when GDPR first came out. Some of the messages in the thread provide more color.
A couple points to address your question:
- You’re right that the measures in this thread mean that Bubble complies with GDPR with respect to our own users (app makers; for them, Bubble is the “data controller”).
- Note that Bubble being GDPR compliant is necessary but not sufficient for Bubble’s users’ apps to be GDPR compliant themselves
- “necessary”: For your apps, Bubble is a “data processor”, so Bubble is effectively a sub-processor for you, so we would need to be GDPR compliant for you to be
- “but not sufficient”: Ultimately you still need to consider and pay attention to GDPR compliance for your own app as well. Even if Bubble is GDPR compliant, your app could do things to violate GDPR. As a silly example, your app could immediately transfer all the private info about one of your app’s users to a foreign government as soon as they sign up without your end-user’s knowledge - that would not be GDPR-compliant.
I will emphasize the following points because they are common misconceptions:
You do not need to be on a dedicated server in order to be GDPR compliant.
Being on a dedicated server in Europe does not in itself ensure GDPR compliance.