Hi, I am new to weweb and so far loving it.
I used to work with Glide, but found there was no way for it to be fully EU GDPR Compliant so I made the change.
This is, hence, a big priority for me and my business.
I would like to know:
By using Xano auth and database in EU, can I still be GDPR Compliant if I host my app with weweb?
If not, I need to export the code. If i export the code the workflows in the logic “tab” also export?
If I export the code, does the apps basic logic export aswell? (like conditional logic, buttons interactions, etc.)
TLDR: YES, export from weweb and everything works!
We also choose Weweb because of strict compliance demands, GDPR is one thing, but health tech in Denmark demands a whole other level of security.
We use Supabase instead of Xano - Only because it’s the same setup that PWC uses for themselves and their clients, and by their standard, it’s the most secure solution (PWC does ISO certifications and IT security consulting, so if its good enough for them and their clients, its good enough for us) So if you’re not heavily invested in Xano, perhaps you should consider switching, depending of course, on what your needs are. GDPR is one thing,and extra security is another thing, and you are actually allowed to use third parties for data hosting, etc, as long as you make it clear in the Data responsibility documentation. If your product is ONLY to be used by individual private consumers, this should be fine, BUT BUT BUT, IF, you’re planning on users being any type of company and handling any of their data, and doing any type of B2B sales, especially enterprise costumers, their compliance departments and CTO’s will tear you apart if you don’t have full control of their data and you will have a very tough time competing with any larger providers that offers a solution without using any third parties (don’t know about Xano, so you should be 100% shure). Therefore, we use Weweb + Supabase.
We export everything from weweb (Every line of code) into our servers (find a good european provider for good compliance) and then we publish ‘manually’ through our servers. It takes a bit to a lot of extra work in the beginning to set up (a headache for our CTO Mathias) but eveything works, every logic step works, conditional, integrations, custom code, etc.
Welcome aboard the Weweb ship. A year ago we looked at almost every no/low code solution, and Weweb is a gamechanger since it allows us to be compliant on a whole other level that other front-end/full stack builders lacks.
Thrilled to see such a thorough response!
Really appretiate your time and effort in spreading your knowledge
I am not heavily invested in Xano yet, so I will for sure watch the video and learn more about it!
My thought process going into Xano was that for the 25€/month price plan that both have, they are essentially the same and suffice for my Small enterprise company clients (they don’t even have compliance departments).
The thing is, like you said, I am now starting to talk with bigger clients and they have compliance departments that have plenty of demands.
So I compared the monthly payments for their higher plans that come with compliance demands in mind and Xano gives ISO, SOC 2 and 3 for 249€ while supabase is for 599€
I guess tho it doesn’t make sense to make this comaprison base off of money only, but thouroughly compare both options since, if the solution is right, this price difference is nothing for bigger companies.
So watching what pwc does is a great start!
Also thanks for the clarification on the export, I couldn’t pinpoint some aspects of it. Before you answered I was a bit more ahead in terms of clarity than when I asked the question, but there were still some doubts.
Glad to see it works fine and I am excited to join this ship!
I am happy to help, and was in the excact same situation as you when I started to look around, so im happy to pass it on
The price difference is kinda meaningless if you have a larger enterprise customer yeah - I just looked it up, Supabase pro plan is 25euro/month for the ISO27001 capabilites (and a one time 350euro fee for the analysis) and enterprise prices for SOC2, kinda wierd. In my case, the ISO is perfect, and they integrate with Vanta.com so its a no brainer to get our own certification in the future.
PWC: It was actually a very small comment somewhere that said PWC uses weweb+subapase that brought me to wewebs site in the first place - Perhaps they should market their compliance capabilites more
I think our CTO used a few days to set it up, but now, it takes around 20 minutes of work to export the code, put it where it needs to go, and publish it manually (though, there is still some wierdness with files and pictures, where we have to delete all the old ones manually, since it just creates a new folder or something) - If you have any more tecnical questions, let me know, I will ask him! Lets go!
