Bubble can simply delete your app or subscription

haha you need to stop using this quote, it feels weird and open ended to include my mother and her opinions.

Let me be clear, Bubble removed someone’s app. THIS is the problem which Bubbles need to clear up.

This is the problem. There are ways to help the community understand while not sharing the secret sauce.

The person who DID speak directly with support still has doubts. This shows that talking with support isn’t too helpful either.

A serious none political post mortem on this would help a lot. @josh is a great example of giving a human feeling response to a problem with a post mortem. There was a mistake that needs to be apologised for and then an explanation of how this mistake happened and how the process is changing so it doesn’t happen again.

Right now when someone comes to me and says “will Bubble delete my app”, all I can say is “I don’t know and its totally possible if a user puts their name as ‘Onlyfans’”. I don’t understand why this isn’t serious to Bubble and we only get lawyer speak..

First you said the enforcement action was taken in error. Then you say the app was flagged because it violated the terms. So which one is it, did they violate the terms or not?

You don’t mention any steps that your team is taking to make sure this doesn’t happen again.

The term ‘onlyfans’ by itself is not pornographic content so it doesn’t go against the terms of service or acceptable use policy. So it really doesn’t matter what we’re building if there’s a list of banned words that we don’t know about that can get our app taken down. Are you gonna flag my app if I have a record called ‘XXX’?

A live app with tens of thousands of users was down for over 35 hours because of this process and it doesn’t seem like you appreciate the severity of what happened.

Exactly.
@laura.oppenheimer actually, we are not asking about terms but about process.

We want to know what is the process behing an app block. From my point of view, this should not be automated. Never. Also, app shouldn’t be blocked before contacting app owner.

Also wondering if this not against your own terms to read App user data…

I feel like im in the twilight zone with @bkerryk and @dramirez. Bubble has made a series of unpopular decisions over the years but wow, I’ve never seen a blunder at this scale.

The support responses in this thread are so cold and unapologetic. I’m not the victim of this situation and yet I still feel discarded like trash.

I’m honestly surprised they’re doing bubblecon this year as clearly the impetus at hq is deep disdain for “bubblers”. What work environment can even constitute such a thing? at least @josh tries to sound like he gives a darn.

This entire thread is a clustercluck of unapologetic overpolicing, vauge resoultions, and coldly calculated lawyer speak.

I’ve spent the last 4 years building a social app on this platform. I wish I knew that a user posting the text “onlyfans” was enough to get my platform permadeleted without notice.

I’m not even sure how I could’ve known considering this big bad word policy is literally nowhere to be found.

The security implications of this are insane. It feels extremely grimy knowing that my database is not only being accessed by bubble whenever and however they want, but that these automated processes have such authority to completely wipe someone’s app with 30,000 users and 500,000 images generated.

This is a stain that I truly have no idea what happens next. I have no freaking idea why the official policy talks about what my mother approves of…??? What the heck is happening?

Why indiscriminately screw over the people who willingly give you money every single month?? what’s the point in being so anti-community?

WOW , so 100 million dollars worth of concern , this is bankruptcy type of problem . So , bubble apps can’t have multiline input or text input ? So , if a customer writes ONLYFANS in input or any description that goes to my database I’m done ?? . What about pictures too , I have a system that disapproves users manually if they intend to use NSFW , advertisement and other
malicious activities as well as descriptions . Even though users wouldn’t be able to see them they will be in the database . What about people starts talking about Bubble’s behaviour about this, sure there won’t be investors but there will be no Bubble too. I believe we really need a good explanation about this automated system.

Hi Laura,

I think this needs to be discussed publicly and clarified rather than you telling me to reach out to support. I am saying this as now even you are quoting a SUMMARY of something which ISN’T actually in your terms.

As the head of trust and safety at Bubble I find this really flabbergasting so again, I ask for clarity on this so that someone who has built anything which could be considered NSFW but is adult in nature catering to other adults can sleep easy at night.

Let me go through all of this one more time. Let’s outline it very clearly. Here are the Bubble terms of service - Terms | Bubble.

In these terms of service, there is a point at the top which states;

Our “Terms and Conditions” are below. So that you don’t just have to hold your nose and click “I agree” or wade through a sea of legalese, we created short summaries of what each major section says. Of course, our lawyer insisted that these summaries must be “clearly and conspicuously identified” as “not legally effective,” so you can easily distinguish them below – they are in italics and do not have any numbering.

I have put into BOLD, the relevant parts here. These are SUMMARIES of what is in the TERMS but they aren’t ACTUAL TERMS. They are not LEGALLY EFFECTIVE. My question is were these AI generated and is it AI hallucinating as that is a major problem.

Please, read through the terms outside of summaries and tell me if there is anything against NSFW written. That would then lead me to the conclusion that because there is nothing against NSFW / adult content that a summary claiming that the terms outlaw this type of content, a summary which is not legally effective should not be quoted by support or yourself.

The terms also state that obviously you must adhere to the Acceptable Use Policy which can be found here - Acceptable Use | Bubble.

Quite rightly, the acceptable use policy outlines policy on types of illegal content and this is a similar AUP to AWS which I understand Bubble is using so that makes total sense.

So I am hoping @laura.oppenheimer for some clarification into how an italics summary which is not legally effective is being quoted and used to make decisions when the italic summary contains falsehoods and misinformation regarding what is actually written in the terms.

Please do not ask me to reach out to support on this, as head of trust & safety, I would think that you would have everything you need to make a statement and answer my questions here.

I appreciate your time.

I was an extremely regular member here on the forum but in the last few months I saw so many bad decisions that I gradually moved away without even realizing…

The way this subject was handled by support (including here within the post) was cold and disrespectful…

It is impossible to imagine that this procedure actually exists… I will keep waiting for answers.

pretty concerning on both privacy wise and internal moderation practices, waiting for a proper response from the team

Hi all,

I want to be clear that the reason I’m not going into the exact specifics of this particular case is because we (as a platform) us a variety of both automatic and manual processes to keep the platform safe, and the more that I share here of exactly how we do that, the easier it is for someone to bypass those processes. That isn’t good for you as app creators and it isn’t good for Bubble. I am not trying to be intentionally vague or misleading; I’m letting you know that we work hard behind the scenes to keep the platform secure and part of doing that effectively is keeping some of the ways we do that internal to Bubble.

• An example of a manual process is Stripe flagging a customer as using a credit card as meeting a specific risk threshold we’ve set ( if you’re using Stripe, you can get access to this for your own customers by using the Stripe Radar toolkit). We then look at the app associated with that customer and ID if we think the app is violating our terms of service or is a risk to the platform in some way.
• An example of an automated process is building out tooling that pattern matches patterns of previous bad actors on the platform (this is a case when I’m not going to give a specific example as revealing what those patterns are isn’t beneficial to you, or to Bubble).

When we do see an issue like today’s come up, we have a retro like we do with other platform issues. We’ll use the learning from today to improve both our automated systems and manual processes.

One final note on our terms - appreciate the feedback here that there’s a desire for more clarity. It’s on my and our legal team’s radar.

I thank you for engaging but the lack of clarity on summaries in terms is really not great. Before these AI summaries which are hallucinating (I will call them this unless you can actually answer my question on them), I scoured the terms specifically regarding adult content and didn’t see anything. This is an important part of due diligence when building out a product.

The lack of clarity though doesn’t really help in any way. If I have a product that let’s users generate AI images of fictional adults (thus consensual) and put safeguards in place to ensure that CSAM , non-consensual and other illegal content cannot possibly happen as well as a big sticky disclaimer on the page load for new users that you have to agree to be an adult to use the site and hit accept with clear terms and policies, what is Bubble’s policy?

This is a simple question Laura. Is this allowed as per my reading of the terms it is, as per my reading of an AI generated summary it isn’t but the summary is wrong and you guys keep quoting it.

Can I please get a yes or no answer on this. It is very important for my development of ongoing projects.

Shouldn’t your terms focus on compliance with applicable laws rather than catering to individual preferences? This approach seems more aligned with a truly white-label service. Also, users are paying to “Remove Bubble mention in console” while the app still contains numerous Bubble-branded elements.

This is a fair response. However, to @Jici’s point, an action as vital as “blocking an app” should never be done automatically.

The difference between an automatic block and an automatic notification followed by a manual block is probably a few minutes if that.

If you can follow up with confirmation that moving forward, the Bubble team will handle this process differently (not automatically blocking/removing an app), I think that would put everyone at ease.

3. USE OF THE PLATFORM

You must create an account to access the Platform’s application creation features. You are responsible for keeping your account credentials secure, for all acts that occur under your account, and for the acts of anyone who accesses the Platform on your behalf. You may use the Platform to create applications for your customers. You can’t use the Platform for illegal purposes, to post pornography or hateful content, harass others, or do anything else your mother would not approve of.

My Mother wouldn’t approve of a lot of things I do, but are they still legal? Yes. Can the police arrest me? No. Can my mother slap me? Sure.

You guys basically implemented your own loophole, haha. You guys are the Mother, and can approve/disapprove anything, right?

@laura.oppenheimer @josh If there is in fact a ‘bad word’ policy, this needs to be built into the editor, and if it is thought that having developers know what the ‘bad word’ list entails is a potential risk to allowing for developers to bypass the ‘safeguards’ then it is simple…put together an operator in the editor for dynamic expressions that would allow us to say something like ‘inputs value: remove any bad words from bad word list’ as well as workflow triggers akin to the workflow error triggers that could be ‘bad word usage trigger’ that will allow us as Developers to implement our own ‘safeguards’ to properly police OUR apps. We can have automated emails to alert the developer and/or app owner of the user in breach of the policy as well as send emails to the user that entered the bad words, as well as alerts to show a bad word was used.

If there is a ‘bad word’ policy, we as developers do not necessarily need to know what words are on the list, but we at least need functions to mitigate the risk of our users from using them in our apps.

Whenever I build an app I focus on UX, and part of that is to make it ‘foolproof’ and so I have to rack my brain about all the different possible ways some user doing something could cause the system to break/malfunction etc. In those situations, there are times that after deploying to live, we get a user doing something that I could not have imagined previously and so that gives us insight into how to further ‘foolproof’ our app to ensure great UX. If part of ‘foolproofing’ a Bubble app needs to entail ensuring our Users do not input some text value that can cause our app to be automatically deleted and taken offline, even if by accident, or only for 36 hours, Bubble should be providing us the tools to make sure that doesn’t happen, since having an app taken offline can in many situations result in real world loss of money.

I agree, stick to applicable laws as opposed to acting like some sort of social justice movement. I understand the need to preserve business reputation, but this sounds ridiculous.

There as been a lot of messages and some answers but not to everything and I feel the need to summarize so we can have clear answers @laura.oppenheimer

Topic 1
Automated blocking of an app without previous notifications or any kind of human conversation between the app creator and bubble.
→ Can you clarify if this is what happened as OP seems to say? Is he saying the truth?
And if so can you confirm this can not happen anymore?

Topic 2
List of banned words. Is there such a list and if yes, can you provide a way for us to implement our own safeguards?
I am very willing to implement controls inside my apps for banned words that could be inputed by my users… but I need to know what I should go after. Especially if ammongst those words are some that are absolutely OK like “onlyfans”.
Or at least provide us with a function like {text}.NSFWproof just like you have a .formatJSONsafe function that words on text.
Its like the gouvernment and taxation = they know how much you own yet they won’t tell you it’s your job to determine but if you make an error you get punished.

Topic 3
Looking at our data I have been told and thought that my data was encrypted from end to end. Looking at this thread it seems that others thought the same. So why is such data later on exposed and readable by the support?

Thank you

Just chiming in that Bubble has every right to keep their safety mechanisms secret for the reasons stated.

I am more concerned about the issue @Jici has been voicing. Bubble SHOULD NOT automatically block the app without contacting the app owner FIRST.

@laura.oppenheimer what we would like is some clarification on the steps Bubble will take for these kind of cases. Is this automated blocking JUST a one off issue? What are the actual steps Bubble will take? Because it is horrifying to think that any of my users can disable my app so easily.

I believe most of us understand why it’s important to keep the actual parameters close to your chest.

This indeed. A competitor can use certain words that we cannot prevent from being used (unless we know to which words Bubble’s algorithm is using) to get our apps blocked. There is a chance that when a user registers an account and uses First Name = OnlyFans, your app will be blocked.

Bubble, please do not automatically block an app, but send an email to the admins with clear directions where the prohibited content can be found. If the content is not removed after a week (or 2) block the app.

Keep in mind everyone that this is the first we’ve ever heard of this issue, and hopefully the last.

I agree that the main unanswered question is ‘why is the app blocked automatically’ as opposed to being flagged and then manually reviewed. This does need to be clarified.

Whilst not discrediting the damage to OP’s business, this is the first time this issue has ever come up here, so it’s worth not jumping straight to 100 on calling Bubble incompetent as clearly it’s worked most of the time. Keep in mind that false positives (when handled correctly) would be preferable to false negatives as false negatives and Bubble hosting illegal content could lead to ISPs blocking the platform, which is, you know, not good.

So yes, this shouldn’t be an auto-takedown, and that should be considered in future to avoid situations like these. You know I won’t hesitate to call out Bubble when it’s , but this might not be one of those times. I know you’re all concerned by the precedent this sets, but Bubble has no interest in taking your apps down either. I’m sure this thread was read internally, and Bubble isn’t stupid, so it’s unlikely to make this kind of mistake twice.

If OPs does not say all the truth, it needs to be said as well. No shaming but just the truth.
So far, there as been only confirmations of what he said