Hey! While our policies are not as well fleshed out as Bubble’s, a lot of our general practices are consistent with the way we handle things. We have not yet made a publish guarantee about source code, but we’d be happy to sign a contract with you directly and put that as a clause. We also should get a document together detailing this for investors / larger customers, that’s a great thing to have.
GDPR
We’re compliant with some aspects, but are lacking in others. We are not yet using EU-US Privacy Shield, and also do not currently offer EU-based servers, however this is something that is rapidly approaching on our roadmap and definitely some we will be addressing in the coming months. In terms of other aspects of GDPR (data processing, transmission, right to be forgotten, storing & transmitting encrypted data), we are in compliance. Adalo does not transmit, sell, or other use any data from users of your Adalo apps. That data is yours to handle as you see fit, or export for use in other systems. We can also commit to notifying our customers of breaches to their users’ data in 24-48 hours from when we are made aware.
Security
We’re currently still in the early stages as a company, but we’re still committed to keeping our users’ data safe and secure. We currently use industry leading encryption for data in-transit and at-rest, and we have added layers of security for some extra-sensitive pieces of data like credit cards (stripe) and passwords (bcrypt). We have several items on our roadmap that will let us automatically track which users have accessed which data, for things like HIPAA compliance, but that is not yet complete. We don’t currently offer 2FA or Face ID currently, but we plan to adding this or other security mechanisms (like SMS-based logins) in the near future.