Bubble GDPR Intro Guide - Bubble Blog

allenyang · February 16, 2021, 2:40am

No, not at this time. Bubble only sets a limited number of cookies on an end-user which are all important for core behavior of the app, namely staying logged in (see this post). You may also see a Cloudflare cookie from the Bubble platform but this is to make Cloudflare work technically, not to track end-user personal data.

Other cookies are likely due to certain plugins that the app creator chooses to use.

goalgetters69 · February 16, 2021, 8:38am

Thanks allen

philip.berryuk · February 23, 2021, 10:46am

Thanks Allen, and others for this valuable conversation. GDPR does create issues for me (and it’s not that i’m trying to track users secretly, i just am trying not to make a mistake that costs me a fine).

That cookie script system looks like a really decent solution, and the pricing isn’t ridiculous either so thanks for sharing that one.

I appreciate what is being attempted with GDPR implementation, but the reality is for me as a sole developer, fully understanding the requirements and keeping on top of it is just such a huge task when i’m trying to build something that users want to use.

Best wishes Phil

Christophe_HK · February 23, 2021, 1:06pm

Hello @philip.berryuk,

You can also have a look at iubenda, their GDPR solution is great and they also provide a cookies banner blocking non necessary cookies, according to users’ consent.

There was a lifetime deal on AppSumo, maybe still available.

shane.holohan1 · May 27, 2021, 8:44am

@vivienne @allenyang
Quick question regarding the DPA on the Bubble website. I’m a little unclear as to how this is to be used. Am I right that this is an agreement between me as a Data Controller and Bubble as my Data Processor? So I’d put my details in as the Licensee, having copied the text, and keep it on file as my DPA with you? And then I can say I have a DPA with Bubble (as Bubble does with their data-processors)? Or would the DPA with my details included normally be available to my users on my site?

allenyang · May 27, 2021, 1:03pm

Hi Shane,

You are correct that the DPA is an agreement between you and Bubble when you are the Data Controller and Bubble is your Data Processor.

We’ve been informed by our legal counsel that since we have published our DPA publicly, it is in effect for all our customers. But, in the event that you really would like a dually signed copy, please send us an email at legal@bubble.io, and we can kick that off.

I believe the DPA between you and Bubble does not need to be available to your users, but for that question you should consult your legal counsel.

Best,
Allen

shane.holohan1 · May 27, 2021, 10:57pm

Thanks Allen, That clarifies it for me. I don’t need anything more.

stayshure · November 9, 2021, 8:58pm

Well that was a lot of reading.

If I understand correctly- the Bubble-built plugin is “good enough” for most use cases?

Theodoros · February 4, 2022, 6:35pm

Hi @yusaney1,

Can I ask you how did you proceed with this?

m.bb · August 22, 2022, 5:58am

Hi Allen, All,
can you please advise on this? It is clearly a GDPR related behavior of Bubble that I need to fix:

Many thanks!

buero · August 25, 2022, 2:35pm

you can upload fonts to your directory and get it from there

fok_ste · November 14, 2022, 9:13am

Bubble is not offering Transfer Impact Assessment - which make is not GDPR comply.

imoranfr · May 12, 2023, 12:35pm

Hi @Christophe_HK , I hope you are well. Have you found out how to setup Axeptio so that Bubble optin function is updated when the user clicks Accept ?