Drag-and-Drop-App-Builder Software Ressourcen

I recently went through a penetration test on my Bubble Applications. Interestingly the results were a concerning. We were unable to achieve GDPR or PCI compliance because of vulnerabilities in the core of Bubble's platform. After logging a ticket to understand if they were going to be resolved, I was told that all 16 of the vulnerabilities were known and most were with development as low priorities and I was not provided a fix for any of them. In response to my shock at this status, I was told that Bubble that "compliance" is a subjective thing for Bubble as it is up to us (Bubble's customer) to determine if we want to be compliant or not). I actually think that's a fair point of view, except that we want to be GDPR and PCI Compliant but we cannot as the vulnerabilities that are currently known and not fixed within the platform prevent that from happening. Has anyone else attempted to achieve such an outcome? If so, how have you dealt with it?

How does it work