Is there a way to make your app 100% GDPR compliant? (without paying for a dedicated server)

Hello all,

I have an app I will create, and the client has asked for the servers to be in UK/EU for GDPR reasons.

After looking at the forum, I saw some proposed solutions to make an app GDPR compliant:

1 Encrypt data and store the encryption key in the EU: Some say it is possible to be 100% GDPR compliant by encrypting your data before sending it to the Bubble (US-based) server. My question is whether there is a guide or valuable resources on how to do this.

2 Use an external backend such as Xano: Some say this would make the app 100% compliant, but others say it won’t. I believe the distinction relies on the fact that even if you use an external backend, Bubble will still store data on its server (for serving the API calls or other matters which I am not sure I understand :slight_smile: )

3 Wait for Bubble to solve this: I also saw the January community update, which mentioned that Bubble is working on offering other server locations for cheaper plans. However, they provided no estimated timeline. Does anyone have an update on this or a sensible estimation? The app I am working on is due to go live (and therefore be compliant with GDPR) by mid-May.

I have asked the sales team at Bubble for a solution to this. The only response so far has been to connect me with an account executive and quote me $3,000-$5,000/month for a dedicated server.

As such, I (and others who will read this thread) would be forever grateful if you could provide your views on how to make a Bubble app GDPR-compliant and offer some pointers to valuable resources or courses of action. Also, maybe it’s worth just developing the app and hoping that this new feature will be rolled out by May?

Many thanks, everyone!


I suggest you read this -

and you read this - Bubble’s GDPR - Data Processing Agreement Addendum

In my experience - give the ICO a call - they actually answer the phone and are helpful! But before you do read the ICO site first and understand the definition of what a Controller and Processor is, and figure out who’s who in your setup. :slight_smile:

… and do not rely on anyone else’s opinion who doesn’t either work for the ICO or doesn’t offer professional advice :slight_smile:

1 Like

It means all app made on bubble are not GDPR compliant ?

1 Like

That would be bad. Then that means all people from EU who are currently offering the app to EU customers could get into serious trouble. Would be interested to hear when they are going to roll out with an option for dedicated servers for the starter plan. Otherwise bubble is useless for EU.

1 Like