Hello all,
I have an app I will create, and the client has asked for the servers to be in UK/EU for GDPR reasons.
After looking at the forum, I saw some proposed solutions to make an app GDPR compliant:
1 Encrypt data and store the encryption key in the EU: Some say it is possible to be 100% GDPR compliant by encrypting your data before sending it to the Bubble (US-based) server. My question is whether there is a guide or valuable resources on how to do this.
2 Use an external backend such as Xano: Some say this would make the app 100% compliant, but others say it won’t. I believe the distinction relies on the fact that even if you use an external backend, Bubble will still store data on its server (for serving the API calls or other matters which I am not sure I understand 
)
3 Wait for Bubble to solve this: I also saw the January community update, which mentioned that Bubble is working on offering other server locations for cheaper plans. However, they provided no estimated timeline. Does anyone have an update on this or a sensible estimation? The app I am working on is due to go live (and therefore be compliant with GDPR) by mid-May.
I have asked the sales team at Bubble for a solution to this. The only response so far has been to connect me with an account executive and quote me $3,000-$5,000/month for a dedicated server.
As such, I (and others who will read this thread) would be forever grateful if you could provide your views on how to make a Bubble app GDPR-compliant and offer some pointers to valuable resources or courses of action. Also, maybe it’s worth just developing the app and hoping that this new feature will be rolled out by May?
Many thanks, everyone!