Adalo & GDPR Compliance

Legal disclaimer:

The following is meant to be a very general overview of how Adalo app’s can be compliant with GDPR. We recommend that you consult with legal professionals to determine the best strategy for your specific situation.

What is GDPR?

GDPR is a set of data protection and privacy requirements by the EU that may apply to your app if you have users in the European Economic Area.

Is Adalo GDPR Compliant?

Yes, as a Data Processor, Adalo is compliant with the regulations and requirements of GDPR. The Adalo Terms of Use contain several clauses outlining the many steps Adalo takes to comply with GDPR in order to keep your users’ data safe as well as the now commonly used legal mechanism of “Standard Contractual Clauses” for data transfer outside the EEA.

However, as the app maker, you have additional obligations you need to fulfill.

What’s my role under GDPR?

Under GDPR, you, the app maker are considered the Data Controller, and Adalo is considered a Data Processor, and services used by Adalo such as AWS are considered sub-processors.

What do I need to do as a Data Controller?

As a Data Controller you have a number of obligations under GDPR, including…

  • Asking for your users’ consent to process their data before they use your app.
    • You can fulfill this obligation by building a required consent checkbox into your signup form.
  • Fulfilling your users’ request to share, delete, export, or change the data you hold about them.
    • You can fulfill these requests using the database tab in the Adalo editor.
  • Ensuring that your Data Processor (Adalo) is compliant with GDPR.
    • Adalo is compliant with GDPR
12 Likes

Can you specify where you want your data stored I.e. on eu based severs, typically Germany

2 Likes

Not at this time! We hope to have this available at some point in the future.

1 Like

Hi Katelyn! Is it currently possible to set up automated table actions to clear records after 30 days? We would like to collect certain personal contact information from users, but in order to be GDPR compliant we need to delete their records after a certain amount of time if we don’t obtain their permission to store it. We would like to automate it so that no one slips through the cracks, and so it’s less effort on the administrator. Thanks for the help!

Hey Katelyn,

could you give us an update regarding the EU-Server?

greetings from Germany

4 Likes

Hello @KatelynCampbell,
Regarding GDPR cookies consent management, Adalo refers to Iubenda company services, which are not affordable for many businesses.
And this makes a necessity to contract with an external service to use Adalo, which is not very friendly (and legal ?) at least.

As far I’m concerned, businesses should be able to manage it by themselves in the apps with components (popups and switches for instance).
We should know the list of exempt and non-exempt cookies Adalo uses for apps (stores apps or web apps) and be abble to manage end-users opt in / opt out.
Has Adalo any solution to manage this point ?

Thank you
Have a good day
Jerome

1 Like

Hello @KatelynCampbell,
Just to add news I got today from Iubenda support. They can’t confirm that Adalo is accepted by their services and if so, the cookies consent management (opt in / opt out) would not be confirmed.
They propose a refund after subscription in case Adalo would not work with their service.
So, as cookies consent management is mandatory, we can’t be sure that Adalo is GDPR compliant which is ok for personal mobile apps (personal tests) but not for freelance businesses in EU or for EU companies.

Have a good day
Jerome

2 Likes

You can have your app be certified for everything, GDPR, HIPA, ISO, you name it by simply using Xano database.