I have not been able to find answers to the following from prior forum posts nor the published privacy policy.
In what jurisdictions is data processed in Glide apps? Does this include CDNs?
How are data deletion requests handled for Glide apps?
Do apps built with Glide gather proper explicit user consent? Including not just for cookies, but for broader privacy compliance including data processing.
Thank you.
Thanks Simon.
Does this mean it is impossible to use Softr to build an app serving an EU audience, as all NA based data processing is prohibited under GDPR, without explicitly requiring user consent?
How can Glide app owners ensure all data associated with a user is purged from Glide infrastructure?
I think we might be able to assume that in the current state of the Web, if we do not own and control the servers where the data is being processed, we cannot be 100% certain what actually happens with the data.
As a reminder, the principle of GDPR is that you need the permission of the user to store (safely) and use their information (for clearly defined purposes) plus you need a mechanism that allows you to respond to a request to delete the information in a timely fashion. All of which is completely manageable depending on how you design the App. Hence, with due diligence most Apps are possible.
You should be able to develop a project on Glide and be reasonably comfortable that you are doing so according to EU regulations. Up to you to comb through the legal information provided by Glide and decide for yourself if the terms and conditions work for you:
As I said above, I would argue that you cannot actually guarantee that all the data associated with a user is purged from Glide. Currently, you can only trust Glide – and other online service providers for that matter – that they are indeed deleting the data, but that is anyone’s guess. This point of view might be a little cynical.
For a more practical approach, this is how you would delete all the data associated with a user within your Glide project:
@Marc-Olivier knows very well GDPR maybe he can help you 
The issue is that as soon as you have any email registration, you have collected personal data.
The 2020 ruling prohibits data processing in the US, which is where Glide processing happens, according to the DPA.
At the same time, it is impossible to add a consent model to Glide apps, AFAICT.
This implies that every Glide application is in violation of GDPR…
More and more I’m being asked if Glide is GDPR compliant. My answer is usually something like “Yes it is, here are the links”, and I send people to Glide’s GDPR or data security pages.
I’d like to offer a better experience to those who ask.
What I’m imagining is a table/chart with a list of criteria that Europeans are looking out for, a column that would indicate if Glide complies for that criteria, and then another column with a very short explanation.
I am not doubting that Glide is GDPR compliant, but the sentence “Yes, Glide is GDPR compliant” is proving to be insufficient at times, and I’m having to improvize.
Would anyone here who’s knowledgable about the topic be interested in helping put something together that easily answers the questions? Once the work is done, we could share it here in the forum.
Just asking in case. I’ll be looking into this this week.
