The next step would be to guarantee that the app maker can actually come through on what GDPR grants the user. It is on thing to say in the terms and conditions that the app is GDPR compliant and then put in place the GDPR tabs with checkboxes, it is another I feel to actually be able to do xyz should the user request it.
Does anyone understand what xyz might? Not from the perspective of the users’ rights, but from the perspective of what the app maker needs to be able to do.
@nathanaelb: I was thinking of capturing the email so that when they need to, they would be logged in.
But then it’s just another layer of unnecessary complication especially as we need our app to be Public.
The only time personal data is captured is when they save to favourites, and the location features.
I agree with you though, checkboxes are just the tip of the iceberg and half-baked without the rest of the users’ rights being respected.
Having used WordPress for the past 10 years, they took GDPR very seriously so the xyz is now in the core, basically giving site owners the tools to handle requests from users to receive their personal data as held on the system, and manage requests from users to erase that data.
There are of course plugins that extend upon this, but the core hooks are in place to make the process of handling and managing user data super-simple.
Glide already has the basis for something similar via the User Profile feature, and adding a checkbox to capture users’ informed consent should be fairly straight-forward to implement in the first instance as that would at least make our apps legal.
As a french Glide app maker, I would say let’s wear our yellow jacket and let’s go on strike! Just kidding 
It’s a sad story @maschera of course but a great post! And a must have topic to discuss with the Glide team about GDPR issues. I didn’t know why I was stuck in my chair to go to market with my Glide apps since the beginning. Of course, I am aware of GDPR in EU but this real case enlight the limit of Glide solutions and the way of doing business with it.
Glide is a powerfull solution and the Glide team did a fantastic job, no matter what!
When I found your solution, you made my day and opened an unlimited ideas of businesses.
But If Glide wants to be a killer solution in the no code market app, it has to be GDPR compliant in a way or another, there is no discussion here.
As makers, of course we could spend a lot of time trying to find a solution in order to overtake this limit but we can’t do it alone, it’s a team effort and Glide has his part of the job to make it real and cristal clear. We are not discussing a feature, we are discussing a must have to play and make business in a safe playground for us and our customers. Looking forward to hearing from Glide team inputs or plan.
Do we know that they are reading all the posts in this forum? If not, can we ask @JackVaughan to have a look and get back to us on the above. It’s really important.
Even if you just tell us that yes, it’s on your roadmap and will be with us in 3 months, that would save everyone a lot of time.
Thanks
We have tagged David a couple of times.
To be honest, given the magnitude of the post, I’m sure they are aware of it.
Let’s hope for a clear and final answer soon.
None of us wants to shop around for a similar solution, we all love Glide too much to give up.
But I’m not sure for how long I (and my clients) can bear this uncertainty.
@maschera: Makerpad is hosting a webinar next week, on 24th 6pm BST. Hopefully this subject will be raised.
As much as I love Glide, I have already started the process of exploring alternative solutions of which there are a few.
A wait of 3 months would be OK, though how long does it take to add a checkbox at sign up?
But 6 months is too long, and vagueness like “it’s on the roadmap” is not acceptable; it should’ve been on the “starting line”
You’ve assigned this post as a ‘Feature Request’ but it isn’t really; it’s a bug (and a serious one at that).
Thanks Garrison, I might be attending 
I’m in the process of trying other solutions and at first glance I don’t like them as much as Glide from a UX perspective.
I’m day dreaming of Jack or David jumping into this conversation and shut the hell up of all of us, by releasing our sought-after GDPR mod.
P.s. I’ve taken your advice and marked this discussion as a bug.
Just a thought, but could you do something like this? I am not saying it’s the answer or that it is compliant (I am not a lawyer) but maybe??? 
Of course you would have to have your terms and conditions hosted somewhere but their are plenty of web solutions out there.
Hey @Rosewebstudio
Problem is that to keep in sync with GDPR requirements, you have to proof the user has voluntarily and clearly given his consentement and that he’s been clearly informed about the why, the what and the how. So in your database, you have to store the date of his consentement, and even the name of the consentement form. That means you do need at least one checkbox to collect his email for sign-up and/or login, plus other checkboxes if you also need his consentement for other purposes or services (marketing campaign, and so on - but that could be a second step process, managed at user profile level, so once the user accept to log in).
The terms & conditions and data policy must be easily accessible for reading, before any consentement. So this text message needs to include at least a clickable url, or a Webview, or I don’t know what but something allowing future users to have access to and “read” these legal informations before they fill in the email form and click on submit.
So yes, your workaround makes sense but is unfortunately not enough. As long as Glide does not provide a mixte mode, aka some public screens and restricted screens (accessible upon sign up and log in), we can do anything with. Even, I am not sure it would be enough, but this would at least help in getting closer to the GDPR reqs.
Another thing is that any user must be able and allowed to claim his personal data. So we do need to export these data upon user request. At the moment, if all data are stored in a gsheet it could be okay, but if we have user specific personal data stored in the internal glide app database, it’s not good. Regarding this last point, the “workaround” is on app builders side : ensure any personal data used for/by the app is stored at the good place and can be deleted and extracted.
Well, GDPR is a nightmare for all of us. For personal or even internal apps, should not be a real problem, but as long as you sell anything, a product or a subscription, you’re considered as a business and you have to comply.
Moreover, if you plan to offer an app equivalent to an existing (and highly priced) solution, be sure that their editors will do what they can to at least shutdown you and your app.
Ok, just a thought.
It was a good though @Rosewebstudio, many thanks for it 
@Rosewebstudio: thanks but it’s of no use. I can’t add anything more to the excellent comment @Christophe_HK has made on GDPR.
We absolutely know how important this is to our users and are actively working on it. GDPR is a very large topic, so there are a number of angles from which we need to address this from.
We do our best to read as many posts in the forum as possible, whilst still working on Glide . Sorry if it seems like we’re not listening sometimes.
Right now, you can put together an onboarding experience with Glide (using tab visibility, forms etc). But we hope to have a fully custom solution for you soon.
In regards to data retention/deletion, a solution for this is a little further off – but we are working on it.
Thanks for coming here Jack.
If someone develops a good onboarding experience that addresses GDPR, can they share it so that we can easily replicate it here? Thanks
@JackVaughan: Thank you, I appreciate you taking the time to chip in on this and whilst it’s heartening to know that Glide is on the case, I have to make some decisions right now as our plans have come to a bit of a standstill.
It’s now hard to muster up any excitement about the new features you’re shipping regularly.
GDPR is indeed a large topic and aside from the issue of data retention/deletion, the showstopper is actually an easy problem to resolve: a checkbox for users to give their active consent before we can collect any of their data.
As it stands, the only way forward with our plans is to forgo the basic ‘Add to Favourites’ functionality, and remove all forms, and possibly need to disable the feature that allows users to show current location, plus also let go of our Google Analytics integration.
We would also certainly not be able to integrate payments with Stripe.
Of all these though, having to wave goodbye to the Favourites feature would render our app next to useless.
And if that wasn’t bad enough, we’re now looking to move our projects back to WordPress, which is something we were excited about letting go of!
You mention that we ‘can put together an onboarding experience with Glide (using tab visibility, forms etc).’ but it would be really helpful if you could give us some guidance on how to utilise these methods to gather user consent from the start?
I’m less worried about users having issues with privacy and GDPR, than I am about competitors looking to ‘grass us up’ (good ol’ English vernacular). We’d pretty much be a lame duck for such vindictiveness.
Jack, we appreciate that you guys are trying to get it perfect.
However, as @garrison mentioned, we are at a standstill. We have customers, and can’t cater to them because of GDPR.
I have a project on hold that has the potential to bring in hundreds of thousands of users, and a few hundreds apps. Given the magnitude, I can’t give this the green light.
Can we adopt a good old lean startup approach when it comes to GDPR and perhaps roll out a patch in the meantime? This will show clients (and authorities) that we are doing our best to comply.
Not a final solution, I understand, but at least it can keep us going until the final release.
The patch we need at the moment is a simple “tickbox” below the email signup landing, with us having the ability to hyperlink to an external Privacy Policy. At least this will help us keep the favorite feature.
I’d skip cookie consent for Google Analytics for now. Not ideal, but it can wait I believe.
Playing with visibility is a risk - you gate the app with a consent form, users are gone already.
We need to give users a reason to give consent. And if they don’t see what’s in the app, they won’t see a reason.
@maschera: If I could ‘like’ your recent comment a thousands times I would, but sadly I can only like it the once
I will have to retract my earlier request for some guidance on how to utilise tab visibility as a solution because gating the app is a no-go for us.
For our business case, i.e. directory listings, it’s vital that they are freely open to everyone to browse.
If users like what they see sufficiently enough to want to add listings to their favourites, or add personal notes etc, then it is widely accepted that the trade-off is for them to sign up, with Airbnb being a classic high-profile example of this.
The main thing which is missing right now is a simple checkbox with a link to our privacy policy - the ‘Action’ for this could be ‘Link to screen’, or ‘Open link’.
The ‘Continue’ button would be inactive until the checkbox is ticked AND of course the user has entered their email.
This would, at the very least, unblock the road towards GDPR nirvana!
Totally second that. Surely that’s not too complicated to implement?
Never mind, it was just a suggestion but appreciate not sufficient for the purpose.
No problem, it’s appreciated anyway.
The problem with all these solutions is that they essentially point to the same thing: gated content.