Forum Documentation Showcase Pricing Learn more

Bubble app on Europe (EU) server located


#1

Hello everyone,

Will it be possible soon to have profesional plans on Europe servers located?

Thanks a lot.


#2

Hello,

That’s something we can offer on a dedicated plan.


#3

Hi,

But will it be coming at any point to profesional plans? Since dedicated plans are too expensive for now.

Thanks.


#4

Uhm it doesn’t look good.
Note that for EU companies privacy policy guidelines are much more demanding when user’s data is not located in the EU.
Can Bubble describe somehow within contract for paid plan compliance with privacy policy standards related to EU reality? Imo it is very important because some regulators want EU companies to have some kind of entrustment contracts for personal data storing, processing and securing in any cloud computing scenarios with servers located in non EU countries.
I am looking forward because in most cases using Bubble for startup in Europe would be doubtful if it’s needed to pay extra money for EU located servers ;/


#5

Good point! It´ll be nice to know more about this.

I think they said that at some point profesional plans will be coming but I don´t know when.

I´ll definitely pay some low extra for having EU servers but yet not as much as going to a dedicated server which is really expensive at this point.


#6

I would really love to know more about this as well. :slight_smile:


#7

At this stage rage we can only do this for users on a dedicated hosting plan. We’re hoping to open this to other plans as an option but can’t commit on this yet.


#8

Thanks Emmanuel, if we choose to go for dedicated how do we handle data privacy-compliance like @wojciech mentioned?


#9

To be honest we haven’t been through this yet (dedicated users so far have been Non EU) but I’m guessing that if you provide the location of your servers and they are in the EU region it’s fine. I may be wrong though.


#10

@wojciech @emmanuel @ryanck

Just in case you guys are more curious regarding this issue.
I have read up on these rules and just recently in Q3 2016 the EU-US Privacy Shield was put into effect replacing the previous Safe Harbor agreement whom was invalidated by the EU last year (Thus creating many issues).

Let`s first Establish some facts:
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

PII can be sensitive or non-sensitive. Non-sensitive PII is information that can be transmitted in an unencrypted form without resulting in harm to the individual. Non-sensitive PII can be easily gathered from public records, phone books, corporate directories and websites.

Sensitive PII is information which, when disclosed, could result in harm to the individual whose privacy has been breached. Sensitive PII should therefore be encrypted in transit and when data is at rest. Such information includes biometric information, medical information, personally identifiable financial information (PIFI) and unique identifiers such as passport or Social Security numbers.

When running on Amazon they are in fact compliant with the transfer of data to their EU datacenters using their “model clauses”

There are two types of responsibilities: (Elaborated on page 2 onwards in this PDF: https://d0.awsstatic.com/whitepapers/compliance/AWS_EU_Data_Protection_Whitepaper.pdf)

AMAZONS RESPONSIBILITY: security OF the cloud
YOUR RESPONSIBILITY: security IN the cloud

Its more important to understand the responsibilities of HOW you run your service IN the cloud and how customer data is protected “at rest”.

“Customers, rather than AWS, determine what content they store in AWS, control how they configure their environments and secure their content, whether they will encrypt their content at rest and in transit, who will
access that content and what credentials will be required (including use of multi-factor authentication), and what additional security features and tools they use and how they use them. Because our customers retain control over their security, they also retain responsibility for the security of anything their organisation puts on AWS, or that they connect to their AWS infrastructure, such as the guest operating system, applications on their compute instances, and
content stored and processed in AWS storage, platform and database services.”

AWS customers that collect and store personal information in the Cloud are Data Controllers in the sense of Directive 95/46/EC.

More information can be found about the role of the customer and AWS in the section “Data Protection in the EU The Directive” in the AWS “Whitepaper on EU Data Protection”.
https://aws.amazon.com/compliance/eu-data-protection/

http://ec.europa.eu/justice/data-protection/
http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm


DISCLAIMER: I take no responsibility for the correctness of my statements, they are purely meant to help and is my personal understanding of the information above. Keep me updated if you start to move towards compliance in EU. Good luck! :slight_smile:


#11

This is a big deal for me - I am looking at Bubble as a replacement platform to build a new SaaS HR software solution and there is no way a UK / EU customer would buy into a system which doesn’t comply (and I wouldn’t consider marketing it). For me non UK customers in the EU are unlikely due to language but I would expect customers in other English speaking countries.

I really don’t want a dedicated plan though - too expensive to start and I would like to keep it simple until I know whether the business will work.

…just thought of something else - it would need to be possible for sub apps to be located in different places!


#12

Hi All,

Knack did the move last year for compliance and server response time :


#13

This should be high on the list of priorities of infrastructure for Bubble.


#14

Totally agree


#15

Absolutely!


#16

Also agree.

https://www.linkedin.com/pulse/gdpr-all-brian-tretick


#17

Absolutely agree! This is restricting my roleout to certain markets.


#18

This is definitely something that I hope is getting attention in the coming months when we are looking to officially start rolling out our system. I was kind of banking on that at end of year 2016 tbh. We deal a lot with PII and for that we do not only need SSL (next plan upgrade) but also have to comply with EU data protection policies. Then we also have to deal with Russian rules that state that all data concerning Russian citizens should, always, rest on a server in Russia. But that’s another matter :slight_smile:

I think the EU user group is big enough to justify migrating some data to a EU data center (hopefully Frankfurt) and I think we will be more than happy to facilitate in that migration in any way we can. I think it will do good for overall app performance too! :sunglasses:


#19

+1 agree !

@emmanuel , Any possibility to offer an payable option for a limited group in EU server first ?


#20

@emmanuel I’m not an expert neither in compliance nor Bubble infrastructure, but would this be doable? Or at least easier than providing full infrastructure in EU for non-dedicated plans.

Instead of moving the whole app to EU servers just provide the option in non-dedicated plans to host the app DB in EU. So all the app logic could be store in US, but the data contained in DB would be hosted as an option in EU.

If any compliance expert around please let me know if this makes sense or it’s pure nonsense :slight_smile: