Does Heroku comply with the EU Data Protection directive on personal data?
Salesforce (the parent company of Heroku) has a data processing addendum in place which provides several mechanisms for data transfer to the European Union (more information can be found here: http://www.salesforce.com/company/privacy/data-processing-addendum-faq.jsp)
The most popular mechanism for Heroku is described below (EU-U.S. Privacy Shield framework):
Heroku's products are certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. To view a description of how Heroku complies with the Privacy Shield Principles please visit: http://www.salesforce.com/assets/pdf/misc/privacy-shield-notice.pdf. For more information on the EU-U.S. Privacy Shield, please visit the U.S. Department of Commerces Privacy Shield website here: https://www.privacyshield.gov/welcome.