It would be useful to have a security FAQ for Bubble. I imagine that security concerns pass through everybody’s mind at some point in building an app that has users or sensitive data, given the state of web security and the requirements in all major mobile app stores re: app developer responsibilities for user privacy etc.
Some things this FAQ could cover:
Where is my app’s data stored?
Who can access the app data?
What information should I not provide to my users (e.g., object IDs?)
What security guarantees does Bubble provide?
Related: What general intrusions do those security measures generally guard against?
A (much more) user-friendly guide about roles and what exactly they can do to enforce the app designer’s desired security
I’m sure folks reading this probably have some curiosities of their own too, re: security.
I support this request. Now that I’m a paid subscriber building an app and getting to know the platform, I’d like to see and hear more about how the security model will mature. The absence of SSL for my app is a concern and will cause me to rethink my choice of Bubble as I move toward a production app. That’s not the only security requirement that needs to be resolved of course, but it’s the most obvious and immediate from a user perspective.
I think a security FAQ is still a need or is there now one?
Having one - and the work you need to do to create it - reassures us that you take security seriously and shows what work you have put in on making sure the service is secure.
I have some specific concerns:
How and where is “database” data held?
Is data encrypted-at-rest?
Who at Bubble or among your suppliers has visibility of an individual app’s data?
What penetration testing of the Bubble editing apps is conducted, if any?
All these are pretty important from an enterprise perspective…
Any progress on a security FAQ? It seems like a lot of Bubbler’s apps are mature enough that they’ve been launched. This is (or at least should be) a serious issue for all of us.
