EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 7/31/2018
Next Certification Due Date: 6/9/2021
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 7/31/2018
Next Certification Due Date: 6/9/2021
Data Collected: NON-HR

Purpose of Data Collection

WHAT THIS COMMITMENT COVERS: This commitment covers the personal data (other than human resources data) of our Direct Users (e.g., customers). Anyone accessing the Bubble Services must create an account. Every individual with such access is a “Direct User,” as opposed to an “End User,” (e.g., a visitor to a Bubble Site created by a Direct User). Bubble is the Data Controller for Direct Users’ personal data. Our Direct Users are the Data Controllers for their End User’s Data. We process End User personal data only as directed by our Direct Users, only in our role as Data Processor acting on behalf of our Direct Users in the course of providing the Bubble Service, and only in accordance with applicable data regulations. Beyond this, we do not collect or use End User Personal Data, except to provide customer support, respond to direct requests, or as automatically collected via technology. TYPES OF DATA WE COLLECT: To create an account, Direct Users must provide an email address and password and may provide other optional information, such as profile photos, location, or job title. To create a paid account, Direct Users must provide payment information to our third party payment provider, Stripe. Direct Users may always update, change, or remove their account information via the “My account” section of the Bubble Service. We also collect other data from our Direct Users via technology to analyze usage of the Bubble Service and to make it more useful to our Direct Users. We do this via: our servers; log files; SNS Login: cookies: and third party analytics services. HOW WE USE DATA: We use the data collected to: a) facilitate the creation and securing of accounts (Direct Users only); b) identify users as Direct Users of the Bubble Service; c) operate, maintain, and provide improved administration of the Bubble Service; d) improve the quality of experience when users interact with the Bubble Service; e) manage accounts, incl. to send administrative e-mail notifications, such as security or support and maintenance advisories (Direct Users only); f) respond to comments and inquiries related to employment opportunities or other requests and to provide customer service; g) process payments made via the Bubble Service; h) as we believe necessary or appropriate to comply with applicable laws; i) to comply with lawful requests and legal process, incl. to respond to requests from public and government authorities; j) to enforce our Policy; k) to protect our rights, privacy, safety or property, and/or that of our Direct Users’ or others; l) as described in the section below regarding third parties; m) and, with Direct Users’ consent, send newsletters, surveys, offers, incl. information about products and services offered by us and our affiliates, and other promotional materials related to the Bubble Service and for other marketing purposes of Bubble to Direct Users. Direct Users may opt-out of receiving such information at any time: such marketing emails tell them how to do so. Even if they opt-out of receiving marketing emails, we may still send non-marketing emails, which incl. emails about their account with us (Direct Users only) and our business dealings with them. DATA WE SHARE WITH THIRD PARTIES: We may share personal data with the following types of third party service providers to provide Direct Users with the Bubble Service: a) quality assurance testing services; b) accounts creation services, technical support services; c) analytics services; d) payment processing services; e) IT and infrastructure services; f) customer support services; g) email delivery services; h) and logging, and/or to provide other services. These third parties are only permitted to use Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect Personal Data.

Privacy Policy

Non-HR Data


Bubble Privacy and Cookie Policy, effective Dec. 6, 2019

Effective Date: 12/6/2019

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Bubble Group, inc. at:

Allen Yang
Head of Business Operations
Bubble Group, inc.
900 Broadway, Suite 504
New York, New York 10003

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Bubble Group, inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against Bubble Group, inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission