Hi
I built a system for life coaches to save & manage their customer info.
So a customer asked me about the security of that info.
Can someone give me some insights?
This is really important.
Thanks
Here is where you will find most of your answers, as Bubble uses AWS. Cloud Security – Amazon Web Services (AWS)
This is a statement by Bubble referring to security:
Hello,
We take security very seriously (our largest client deals with personal financial information we have to be careful with this). The most important thing you can do security-wise is define some rules on who can see which information. This is an advanced feature, but you can do this in the Data Tab → Privacy. These rules are checked server-side for a higher security.
Generally speaking, Bubble is hosted on AWS West Region (Oregon, US) which maintains a state-of-the-art security infrastructure. We encrypt all traffic to bubble.is over https, and encourage and support our clients to use encryption on their own domains. All user passwords are stored salted + encrypted in our database; other user data is encrypted at rest (we’re on AWS RDS).
You can add a SSL connection to your own domain under the Professional Plan.
For bigger clients, our dedicated plans offer the ability to be on their own cluster, which leads to more reliable performance as it’s not shared with other people. That is also more secure as the servers only have a few apps.
Everything that touches data is logged which enable audit if needed.
Lastly, regarding external audits, we haven’t invested in these certifications yet (they are quite expensive), and you wouldn’t have that either if you were working with a PHP Developer.
Best,
–
Emmanuel Straschnov
Bubble
support@bubble.is
As long as you have SSL and tell them the deep encryption between your website, bubble and the aws server. Hope this helps 
4 Likes
Hi @codurly, thanks for your quick reply!
I’m not an expert on this issue, so I just want to make sure:
What does it mean by “We…encourage and support our clients to use encryption on their own domains…You can add a SSL connection to your own domain under the Professional Plan.”
So if I’m on the basic paid plan (“personal plan” i think), do I have enough security or not? And is it only when I have my own domain, or also when using bubble app URL?
Thanks
Lior
You’ll still have to add your own security mechanisms when you build your app:
-data privacy settings
-appear/hide content
-security workflows to re-direct unauthenticated users
-etc.
With SSL - all data passed between the Bubble server and the users (i.e. client’s) browser will remain private and encrypted. An SSL requires a SSL certificate, which comes with the Bubble Professional Plan.
More info SSL:
On your personal plan (the basic one), the app of your url should end with …bubbleapps.io. This domain is already encrypted, so you do not need to use your own domain for SSL encryption.
1 Like
Hi @supernaturally, thanks for your reply!
Sorry for being a newbie, but it’s important to me:
So if I keep my Bubble Personal Plan, and register my own domain, I’m losing the SSL?
Correct, you are going to need the professional plan for SSL.
How do you add SSL connection to your own domain under the Professional Plan? Couldnt find any instructions on how to easily do this.