I’m replying to you Stan because you asked for somebody that uses Iubenda and I do. Of course, this reply is meant to share with everybody some info I found. Even if sometimes I could sound upset in this message, it’s not because of you guys, it’s just because of this complicated situation. So let’s start.
What Iubenda says (and the EU law says):
transferring data from the EU to the US (of course other countries too, but I will mention the US because we’re talking about Webflow) is an exception and you can do it only on some conditions:
Link to the Iubenda explanation
As you can see the “famous” informed consent that many people are suggesting, it’s not just “Hey, your data are being transferred and stored in the US, are you ok with this?”. You have to inform your customers in a detailed way about the risks and about what could happen with their data. You have also to look at the US company’s SCC (Standard Contractual Clauses), verify that the company itself guarantees those data security, more than the US government will do.
Also, Iubenda it’s just a tool to show banners, Privacy and Terms and Conditions pages in a proper, legal way: it doesn’t provide Privacy guarantees itself.
Webflow said they did some changes and provided [this link] to sign a kind of agreement(Webflow Data Protection Agreement Request) to accept their conditions. Anyways, it seems to me that this contract you sign by following the link, is about YOUR account, YOUR data as a designer because YOUR data are being stored on their US servers. I don’t think this covers us for storing OUR customers’ and users’ data.
Somebody suggested asking them more info: well many of us did this on public forums, private forums with Webflow representatives (I did that) and this is the only semi-official declaration/answer I can find online.
Link to the post
As you can see, they mentioned a chance to have an EU based Webflow Hosting, but no news about that anymore. That would be the perfect solution because we wouldn’t have to look into legal stuff at all.
They said they already modified their SCC so probably the solution is already out there (?) If so, why not explaining to us how to integrate it on our websites? They have great videos about small design details: many of us will be satisfied with a plain text guide on how to manage this Privacy problem.
Even though the problem wasn’t created by them, wasn’t created by us right? We’re paying for a service, the situation has changed, we look for the best tool to use and “best” includes legal stuff.
I just wrote them an email at email@example.com, I’ll let you know what they’ll say.