GDPR compliance

Ask for Help
1

I have not been able to find answers to the following from prior forum posts nor the published privacy policy.

  1. In what jurisdictions is data processed in Glide apps? Does this include CDNs?

  2. How are data deletion requests handled for Glide apps?

  3. Do apps built with Glide gather proper explicit user consent? Including not just for cookies, but for broader privacy compliance including data processing.

Thank you.

2
  1. The data is stored in NA. But GDPR applies to users in Europe and therefore applies if the App is used in Europe.
  2. The deletion request (process to receive the request & action the request) needs to be managed by the owner of the App.
  3. Depends on the settings in the App and is therefore controlled by the App owner. The App owner is responsible and accountable for specifying the settings and hence, ensuring compliance.
3

Thanks Simon.

  1. Does this mean it is impossible to use Softr to build an app serving an EU audience, as all NA based data processing is prohibited under GDPR, without explicitly requiring user consent?

  2. How can Glide app owners ensure all data associated with a user is purged from Glide infrastructure?

4

  1. Glide and user privacy

  2. I think we might be able to assume that in the current state of the Web, if we do not own and control the servers where the data is being processed, we cannot be 100% certain what actually happens with the data.

5
  1. No it is not impossible since you could develop an App that did not store personal data.

As a reminder, the principle of GDPR is that you need the permission of the user to store (safely) and use their information (for clearly defined purposes) plus you need a mechanism that allows you to respond to a request to delete the information in a timely fashion. All of which is completely manageable depending on how you design the App. Hence, with due diligence most Apps are possible.

  1. If a user request is received then the owner must have a process to delete the user’s data, a task that is abundantly clear for experienced App developers.
6

@alexlee

You should be able to develop a project on Glide and be reasonably comfortable that you are doing so according to EU regulations. Up to you to comb through the legal information provided by Glide and decide for yourself if the terms and conditions work for you:

As I said above, I would argue that you cannot actually guarantee that all the data associated with a user is purged from Glide. Currently, you can only trust Glide – and other online service providers for that matter – that they are indeed deleting the data, but that is anyone’s guess. This point of view might be a little cynical.

For a more practical approach, this is how you would delete all the data associated with a user within your Glide project:

  • Head over to “Settings > Data”
  • Delete the user’s data there by entering their email.

Screenshot 2022-10-25 at 10.31.34
Screenshot 2022-10-25 at 10.31.341688×1612 173 KB

2 Likes
7

@Marc-Olivier knows very well GDPR maybe he can help you :slight_smile:

1 Like
8

The issue is that as soon as you have any email registration, you have collected personal data.

The 2020 ruling prohibits data processing in the US, which is where Glide processing happens, according to the DPA.

At the same time, it is impossible to add a consent model to Glide apps, AFAICT.

This implies that every Glide application is in violation of GDPR…

9

You can add your own user agreement that blocks on a checkbox:

CleanShot 2022-10-25 at 09.06.02@2x
CleanShot 2022-10-25 at 09.06.02@2x1266×1326 123 KB

2 Likes