Hiive been creating a bubble application for the last months and I want to be able to launch it in about a month. Ive asked bubble about gdpr and they said that bubble is having their servers and databases in US. How does this affect my application? What do I need to think about. (I live in Sweden, Europe)
@elisa could you bring an answer here ?
I wish to reformulate to a simpler questions :
how to use bubble io in EU, and be legal compliant in EU ?
Personal data shared by users is : email
Thanks for reaching out about this question; Bubble takes data privacy and security very seriously. We conducted a thorough review of the Bubble platform back in 2018 in accordance with GDPR (forum post).
The summary here is that Bubble participates in the EU-US Privacy Shield Framework, which is a framework designed by the US and EU in conjunction to provide US companies with a way to be compliant with EU data protection guidelines in GDPR. Getting certified by Privacy Shield involves a thorough review of all our data processes to ensure they’re in line with this framework.
As always, the definitive source of information about these topics can be found at https://bubble.io/terms.
GDPR is concerned with data that can identify a person. An email in it self may not be enough to identify a person.
When the user sign up you should have some text:
Informing the user, that when submitting they agree that you can store the email. You are using the email to make your service to them work by identify the user at later point and the user always has the right to request for deleting the email. Link to Read more-page.
-Just remember that the user signing up is not the same as they giving you consent to send them emails. That is an opt-in option you need to ask for seperatly. (and keep record of the accept)
My english is not the best, so hope it makes sense. My point is, that you are the responsible for collection personal data from your users not bubble and therefore you need to inform users about their rights.
bubble is responsible for storing the data on your behalf. When you are making the application you are in a way directly instructing bubble what data to be stored. -They are working on you instructions. (a gdpr thing)
My approach to gdpr work follows 3 questions
Is this data that can identify a person? (either on its own or with other data I collect)
Do I really really really need that data?
When should I delete the data?!
This topic was automatically closed after 70 days. New replies are no longer allowed.