Basic Privacy for Data

Hello,

I am new to bubble and learning a ton working through some online courses. I do, however, have a question that hasn’t been addressed yet.

When I make my apps live, I get the warning that the data isn’t secure and I should set up privacy rules. I have looked at the manual, and understand why this is important, but I just can’t figure out how to set basic privacy on my data.

For example, I build a test app that just teaches stripe integration. Users can input their first name, last name, and e-mail address, then use the stripe interface to add the rest. Well, right now this is just to show people what I built, but I imagine people may enter their real information on this page. These fields are being stored in my database, and I don’t know how to properly secure it.

What standard privacy settings can I put on my data (for all apps) to ensure that nobody can view it?

@michaelkuntz, welcome to Bubble!

I semi-answered this question the other week on this thread. Take a look at that and then the comments below.

To provide more detail, the privacy settings that Bubble is prompting you on relates directly to database privacy (ie. defining under what conditions data can be accessed).

In some cases, you may have a really simple framework: ex. you have a private blog, and people need to “register” (create an account) in order to the see that content. In this case, you would create a database privacy role of “When current user is logged in”

As your app becomes more complex, so to may your database privacy roles. Say that you’re building Netflix. All of the titles should be accessible to logged-in users. However, their watched history (ie. “Viewing Events” saved as separate records in the database) should only be visible to them. In that case, you would define a rule as something like “This Viewing Event’s creator is current user.”

3 Likes

So, if I don’t have users, then how would I add privacy? Or, will it just be private by default. For my purposes, this is just a test app that collects name and email, but even though it’s just for learning, I don’t want someone’s private info to be accessible if I set up the app wrong.

It depends on your relationship to the data.

If the concern is that you have individuals fill out a form (ie. create a new thing in the database - let’s call them “Interest_Records”) and not creating an account, then that is data that is only important to you, not the user experience.

If that is the only component, then you can do a couple things things:

First option (what I’d recommend):

  • Create a single user account, based around yourself that you log into. Then build a privacy role that = when current user is logged in, this information is visible).
  • To make it more extensible, create a user account for yourself, and add a database field called “is_admin” and set it to true for your account. (That way, you differentiate between your types of users, if/when you decide to give your end users the ability to create accounts).

Option that I’d recommend less:

  • Decide that you only want to access the data through the Bubble backend. In this case, on the “Interest_Record” privacy type create a privacy role that’s a placeholder (ex. current user is logged in) and uncheck all boxes. As well, uncheck all of the “Everyone” boxes. This will limit all access to the data from the app side. So only you can see and manage from the Bubble dashboard.
4 Likes

Makes sense. Thank you

1 Like