Forum Documentation Showcase Pricing Learn more

Bubble app on Europe (EU) server located


any news regarding this subject ?
Seems like a major issue for all EU customers.
How should we communicate about data storage and transfer in the privacy policy of our websites built with Bubble for EU customers ? Do you have some guidelines ?


Does anyone have an update on this threat?

Thanks a lot guys.


Last post may 26.

Some news and updates on this topic?

Thanks a lot!


This is really needed! Is it a complicated process? is it a matter of pricing? Or is it a matter of priority?


They sended me more informations about the dedicated plans.
The pricing is impossible for a small company getting started. Over a thousand €!


As far as I could tell it starts at 635 EUR. Even though dedicated might be an option for us in the future, Bubble is far better off with keeping us in their plans in terms of margins.

So I hope they can get this out there soon :slight_smile:


This is an interesting thread, one that caught my eye and concerned me into researching.

I found this on the AWS website on the EU/US privacy safeguard. I am making no legal conclusion or advise either way, so dont base any decisions on this, just wanted to show what I found.


and this as well:


Any updates on this? I am based in the EU and I need to be compliant with the privacy rules, just as anyone else…


See above screenshots I took, it looks like AWS is compliant according to their website. But dont quote me on it and Im not a lawyer


@emmanuel @josh We wouldnt want GDPR to fine or take down any of our European fellows would we? May you help us gain clarity on this one so no-one is at risk.

Another topic in the same area, would be how to run a bubble app for US and European customers. Multi-datacenters?



Very interested to hear more about this as we are now in this situation.


GDPR becomes affective 25th May so we have 3 months. Has anyone figured out if using bubble will put you at risk of fines if you are using it for UK PII data?




Keep in mind the data-hosting is just a part of GDPR.

Regulating your employees access and other things are likewise as important.

Application of the data protection regulation depends not on the size of your company/organisation but on the nature of your activities. Activities that present high risks for the individuals’ rights and freedoms, whether they are carried out by an SME or by a large corporation, trigger the application of more stringent rules. However, some of the obligations of the GDPR may not apply to all SMEs.

For instance, companies with fewer than 250 employees don’t need to keep records of their processing activities unless processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records.

Similarly, SMEs will only have to appoint a Data Protection Officer if processing is their main business and it poses specific threats to the individuals’ rights and freedoms (such as monitoring of individuals or processing of sensitive data or criminal records) in particular because it’s done on a large scale.


This is something we’re currently looking into with our counsel, this is not a quick thing to look into, but we hope to be able to share some findings there in a few weeks.


Truly appreciated!


Yeah, thank you @emmanuel


Hi Emmanuel,

I had a look at AWS and even if their data center is in the US, it is complaint with EU-US safe harbour and AWS has signed up to be GDPR compliant. I dont understand the problem everyone is having?


Yes, it is a concerning time a lot due to the ambiguity of GDPR its very muddy waters as in what we are supposed to be doing. The important thing to note though this doesn’t just affect people in the EU, it affects those that are running businesses (and even personal blogs) worldwide. If you allow EU citizens access to your website (even if they access from outside of the EU they are still an EU citizen) you will need to comply with GDPR. PII even goes down to something that you would think was fairly non relevant, the IP of the user. This means that every single website in existence will be tracking an IP as it goes into server logs. So basically everyone in the world that has a website needs to conform to GDPR.

So this is greater than just where the thing is hosted. As has been pointed out as long as it is compliant with privacy shield etc the hosting “should” be fine. And I am sure we can rest easy knowing that Amazon has got that part covered.

However not scare mongering as I am sure that they are not going to go after every single website ‘joes little blog’ just because they haven’t got a policy on why they are keeping the IP of the visitor in the server logs. But the possibility is there.

Note I am not a lawyer or a GDPR specialist this is just from what I have been researching my self


It is much more than where your web app runs. Please read up on: