Forum Academy Marketplace Showcase Pricing Features

Bubble GDPR Intro Guide - Bubble Blog

No, not at this time. Bubble only sets a limited number of cookies on an end-user which are all important for core behavior of the app, namely staying logged in (see this post). You may also see a Cloudflare cookie from the Bubble platform but this is to make Cloudflare work technically, not to track end-user personal data.

Other cookies are likely due to certain plugins that the app creator chooses to use.

1 Like

Thanks allen

Thanks Allen, and others for this valuable conversation. GDPR does create issues for me (and it’s not that i’m trying to track users secretly, i just am trying not to make a mistake that costs me a fine).

That cookie script system looks like a really decent solution, and the pricing isn’t ridiculous either so thanks for sharing that one.

I appreciate what is being attempted with GDPR implementation, but the reality is for me as a sole developer, fully understanding the requirements and keeping on top of it is just such a huge task when i’m trying to build something that users want to use.

Best wishes Phil

Hello @philip.berryuk,

You can also have a look at iubenda, their GDPR solution is great and they also provide a cookies banner blocking non necessary cookies, according to users’ consent.

There was a lifetime deal on AppSumo, maybe still available.

1 Like

@vivienne @allenyang
Quick question regarding the DPA on the Bubble website. I’m a little unclear as to how this is to be used. Am I right that this is an agreement between me as a Data Controller and Bubble as my Data Processor? So I’d put my details in as the Licensee, having copied the text, and keep it on file as my DPA with you? And then I can say I have a DPA with Bubble (as Bubble does with their data-processors)? Or would the DPA with my details included normally be available to my users on my site?

Hi Shane,

You are correct that the DPA is an agreement between you and Bubble when you are the Data Controller and Bubble is your Data Processor.

We’ve been informed by our legal counsel that since we have published our DPA publicly, it is in effect for all our customers. But, in the event that you really would like a dually signed copy, please send us an email at [email protected], and we can kick that off.

I believe the DPA between you and Bubble does not need to be available to your users, but for that question you should consult your legal counsel.


1 Like

Thanks Allen, That clarifies it for me. I don’t need anything more.

Well that was a lot of reading.

If I understand correctly- the Bubble-built plugin is “good enough” for most use cases?

Hi @yusaney1,

Can I ask you how did you proceed with this?