Streaming live at 10am (PST)

Webflow & GDPR | Hosting in EU + Privacy Statement needed

For some projects, i wish i could do that, but this would include a complete rebuild of all database systems (CMS/collections). My full hope and trust is now in Webflows hands regarding these projects/websites.

Moreover, these projects include a client of mine which core-business is Compliancy (and thus GDPR and AVG here in the Netherlands and beyond). We’re keeping our fingers (tightly) crossed to see Webflow get compliant for the GDPR and also dataprocessing agreements and preferably storage of de data in the EU.

Yep mine too… complete rebuild of databases. That sucks but german lawyers are already looking forward to send out some nice letters in 2 weeks. I really wish you good luck

Hmm, wonder why I can’t see any actual feedback from Webflow here. As I see, people like me from Europe are getting nervous. Switching to Wordpress, seriously?

@PixelGeek, maybe some feedback, soon would help to make this situations for us and our clients less stressful? The blog post told us … early next month, today we have 11th.



Hi @pupinko

Expecting more details very soon - given @callmevlad response on this other thread:

Thanks @StuM for this hint. I left a longer post there, what is hopefully getting some feedback.

Just said, I basically started as a designer and while appreciating the countless possibilities of Webflow, and learned more and more tech stuff. But if it is going to techie I always have the chance to stop and can build a simpler solution, or find some help from more techie people.

Concerning this GDPR stuff, there is no one so far, who have a clear solution and now I feel forced to get a tech view behind all this Webflow stuff and don’t know, why this should makes sense. So I hope, Webflow will deliver us asap a practical law information about Webflow for the websites of our clients.

Yes, it is too silent for too long for users that really need to guarantee clients to comply to the GDPR.
I know, it is a hassle (to say the least), especially when using multiple systems and serve websites around the world.

In my previous post about Zapier, there are some great ways to sign a data-processing contract.

Even a better example is Moneybird (

In this online accounting tool, you can view all versions of these dataprocessing agreements within the tool itself. It could be THE answer most (European) Webflow users are looking for and could be signed by the Webflow User (Dataprocessor) as well as the client it self.

(in Dutch, but you can see the versions, dates when they were signed - super simple, yet effective)

Another great part about Moneybird is their transparency about all the sub-processors they use.
On their (Dutch) GDPR (AVG) page you can cleary see all and their status:


Check out all on

With transparency and a data-processing-agreement (and the ability to search, edit and delete personal data), most major things of the GDPR are sorted.

Data Location
Both Zapier and Moneybird have clearly written about the location of the data, and that it is possible that data gets stored and/or processed around the world (CDN, Google, etc.) But if data-processing-agreements are signed with all of the processors, then everybody should be save and sound.

EDIT: However, storing all (personal)data within the EU is something that most companies do want and in extreme cases, it is simply a must-have. The Privacy Shield active in America is a good start, but if i’m correct, it still has the power to confiscate all data and keep/use it in the United States, even if it’s personal-data from EU-customers.

1 Like

@Webflow Any news on the GDPR? It’s only three days now…

1 Like

Hi @icexuick, Our DPA will be available for signing upon request prior to May 25, 2018, send us an contact request at and we will help to send you all of the details.

1 Like

Hi cyberdave,

Just send a contact request about the DPA (subject “Account or Billing”).
Would be awesome to have this signed before Friday!

Thanks for the quick reply!

Dear Webflow Team,
I don’t know how that generally works in the US, but here in Germany we have a billion Dollar legal industry waiting in the wings for May 25th to arrive. Come that day, they will haunt the lands like ringwraiths and look for any and all opportunities to issue legal reprimands and charge individuals and companies for not complying with the GDPR (DSGVO in Germany). Needles to say there’s also a huge industry protecting us from those people, but that’s a different story all together.
Can you please tell us where we are at? I understand that this is a complex issue for everybody, but please keep us in a better communication loop concerning this issue. That’s really vital for a trusting relationship.
Thank you!


@cyberdave I have requested the DPA as you said, but i haven’t had a reaction yet. As @Tobias mentioned, time is running out and i need this DPA, along with other things, to be able to comply to the GDPR as much as possible.

Can we have an update about the GDPR, DPA and Privacy Shield as soon as possible, preferably within a couple of hours? We only have practically one day left and we haven’t really heard (or seen) anything substantial yet.

Hate to say it but communication policy sucks so much on this.


Hello Tobias. Can you give me more information regarding those industries that protects us against those ringwraiths? I feel I need to start working on my plan B

Details requested, waiting anxiously on this.


YES! I’ve got mail in my inbox with all the details! Including a DPA to be signed.


E-mail Content:

Tired of these GDPR update emails yet? Hang in there, the flood is almost over!

We’re writing to let you know we’ve updated our Terms of Service and Privacy Policies, in part to comply with new Global Data Protection Regulation (aka, the GDPR). These changes will take affect on May 25, 2018.

And yes, you read that right: we now have 2 Privacy Policies. But never fear: we’re sticking with our plain-English versions for those who don’t hold doctorates in jurisprudence.

Here’s a quick look at the key changes:
We now have 2 privacy policies: one global policy, and another for the EU, EEA, and Switzerland
If the two policies conflict in any way, the EU, EEA, and Swiss Privacy Policy takes precedence for people in those areas.

We’ve added a Cookie Policy
So you can read all about how we use those little user-experience-improving bits of data. Rest assured, no cookies were harmed in the making of this policy. Except for that whole plate our team ate at 3 a.m. this morning.

More info on your data and your rights to it
We’re providing even more info about what data we collect through Webflow, and what rights you have over your personal information.

Details on your responsibilities for sites you create with Webflow
Section 7 of our Terms of Service lists your responsibilities around data gathered from website visitors (aka, “end users”) on your sites. So definitely read up on that.

We created a Data Protection Agreement
If you might be collecting personal data from EU, EEA, and/or Swiss website visitors (for example, via form submissions), we now have a Data Protection Agreement available for signature.

Your public profile is now opt-in
To date, using Webflow meant you also had a public profile to help you showcase your work and attract more clients. You’ve always had control over the content of that profile, but now you can choose whether or not you want it to display at all. If you want to keep your profile, you don’t have to do a thing. If you want to opt out, update your profile settings.
And just by way of reminder: you can always opt out of our marketing emails from your account settings, or the unsubscribe links in all our marketing emails.

As with every terms and policy update, your continued use of Webflow means you agree to these updates, so be sure to give them a read! If you have any questions, just reply to this email. We’ll be happy to help.

Happy reading! :upside_down_face:
The Webflow Team

First step in the right direction. @cyberdave or andybody… please let us now how form data and end-user IP storage on your servers will be handled in future? This can’t be our own problem as data controller because we can’t prevent that you will get this informations from the end-user. Please please please clearify.
There is nothing about this topics in the TOS, privacy policy or dpa.

1 Like

@callmevlad has issued a further post - hopefully clears up some more detail for those in this thread:


Hi, what I meant are the various law firms or companies (Trusted Shops for example) that provide you with up to date llegal text and advice for you data protection disclaimer, often bundled with an insurance policy against the bad cops, meaning their lawyers will handle any claims against your website…

1 Like

@StuM thanks for the link to Vlads respond about how visitor traffic is handled in the webflow hosting. The link doesn’t work anymore though (

I’m urgently researching information on that subject, since my company might get into legal problems because of the webflow hosting and I need to know how webflow treats data from visitors.

Is there a new source of information or why was the post deactivated for the general user?

I’d suggest contacting webflow support for this one. I remember they have a full process for this and to be fully gdpr compliant I think there are agreements required between them and you. Including the privacy statements. I don’t remember all the details and for what I’ve done I’ve not needed it. So I never revisted it. When it first came out though it was confusing and convoluded. I’m guessing they have streamlined the process.


1 Like