This is bubbles answer to my email:
Hi,
Thanks for reaching out to Bubble. Cadyn here from the Sales team.
Bubble has implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK.
We have implemented Standard Contractual Clauses to our DPA as the legal mechanism for transferring data out of the EU (in this case, to the US, since Bubble is a US-based company). It’s our understanding from our legal counsel that since our DPA is published publicly here, it is in effect for all customers.
Our terms cover this in further detail, and we walk through frequently asked questions about GDPR in this Intro Guide. We also continue to update this forum thread with the latest in our compliance efforts and answer questions there.
It is our understanding from our legal counsel that Bubble apps can be GDPR compliant given the provisions we have in place; however, we cannot affirm that any singular app is GDPR compliant since every app is custom. We recommend checking with your legal counsel to see if your app is GDPR compliant.
Additionally, we offer Enterprise plans that allow us to host your application outside of the United States (i.e., the European Union). Is this something that you are interested in learning more about?
Best,
> It is our understanding from our legal counsel that Bubble apps can be GDPR compliant given the provisions we have in place
So this means once and for all (for now)
BUBBLE IS COMPLIANT 
Thanks to everybody that participated!