The very short summary is that Bubble again complies with GDPR. Previously we were relying on Privacy Shield as part of our GDPR compliance, but Privacy Shield was struck down by the EU courts. We have now implemented the Standard Contractual Clauses, which “covers” the part that Privacy Shield previously covered for us. In slightly more legal terms, the Standard Contractual Clauses are the legal mechanism for transferring data out of the EU (in this case, to the US, since Bubble is a US-based company).
As a Bubble user, if you accept our new DPA which now has the Standard Contractual Clauses, you should be good to go, just as before (and, if you don’t, that means you don’t accept our Terms which means you should stop your use of Bubble).
Note that as part of our change here, it also means we’ve checked that all our sub-processors have the Standard Contractual Clauses as well.
With this, we think Bubble users should now be fine to use Bubble from a GDPR standpoint. But, ultimately, while we have worked closely with our lawyers on this, we are not your lawyers, so if this is a concern to you, you should consult your own legal counsel