Does Heroku comply with the EU Data Protection directive on personal data?
Your app requires compliance with directive 95/46/EC (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data)
Salesforce (the parent company of Heroku) has a data processing addendum in place which provides several mechanisms for data transfer to the European Union (more information can be found here: http://www.salesforce.com/company/privacy/data-processing-addendum-faq.jsp)
The most popular mechanism for Heroku is described below (EU-U.S. Privacy Shield framework):
Heroku's products are certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. To view a description of how Heroku complies with the Privacy Shield Principles please visit: http://www.salesforce.com/assets/pdf/misc/privacy-shield-notice.pdf. For more information on the EU-U.S. Privacy Shield, please visit the U.S. Department of Commerces Privacy Shield website here: https://www.privacyshield.gov/welcome.