Since it has become abundantly clear that Bubble is using the fact that the OP has marked their post as “Solved” in the original thread that gave rise to a number of legitimate concerns within the Bubble community — particularly those who work on apps involving sensitive commercial, legal, financial, or health-related data — to not engage further with the broader Bubble community on this subject, I am starting a separate thread here, as my concerns have certainly not been addressed in any meaningful, respectful or professional way.
I am quoting my original reply below, but the TL;DR version of this is that it has come to light that Bubble is performing both automated scans of private app data and manual checks by its team of same, for “trust and security” purposes. This is not clearly or adequately disclosed in Bubble’s ToS (including the AUP by reference), and it has significant implications for any Bubble clients building apps handling any of the sensitive categories of data listed above, as well as any Bubble clients building apps with EU clients given the legal and regulatory requirements governing the data of EU citizens and residents (which would implicate the vast majority of Bubble apps, and thus, Bubble clients).
Notwithstanding the going concern about possible app deletions, blockages and takedowns based on these “trust and security” scans and manual checks, these internal risk management practices by Bubble have legal implications for its clients that need to be addressed in our own ToS, privacy policies and legal agreements with the users of the apps we build on Bubble.
While I remain steadfast in my assertion that these non-technical stability concerns deserve immediate and fulsome attention from the top levels of the organization, and an external review of Bubble’s governance and policy frameworks (including corresponding enforcement practices) in conjunction with its actual legal agreements with its clients, at the very bare minimum if these “trust and security” practices are to continue to access private app data — and thus the private data of our clients/users — paying Bubble clients need appropriate and accurate legal terms incorporated into Bubble’s ToS that can then be cited and passed through to our own apps’ ToS and legal agreements with our clients, so that they can make a properly informed decision as to who will have access to their private (and in some contexts, sensitive and confidential) data if they choose to engage with our Bubble apps.
That bare minimum response serves only to allow us to cover ourselves legally with our clients and end users; it does nothing to address the concerns outlined below, and in the original thread that gave rise to these concerns, about the fact that these “trust and security” practices for all intents and purposes mean that Bubble cannot be used for enterprise apps and entire categories of use cases because most reasonable people in an enterprise user (and/or sensitive data) context will not consent to a company they have no direct relationship with (i.e. - Bubble) scanning and accessing their private and confidential data.
As emphatically stated and reiterated by numerous long-time members of the Bubble community in the original thread, this is not a topic to be directed on a case-by-case basis to support tickets — particularly given well-founded concerns about the insufficient legal versing of responsible team members — but one best handled in the proverbial “light of day” here in the Bubble Forum and/or in email updates from Bubble’s senior leadership team to the Bubble community.
Thank you in advance, to Bubble’s senior leadership team for providing a thoughtful and considered response to these concerns, including an appropriate allocation of resources to see to their resolution, in a transparent and ongoing dialogue with the community of paid Bubble clients.
This is spot on and artfully crafted & organized. I hope @laura.oppenheimer or @jayvee.nava as heads of Bubble community along with trust & safety can chime in and bring some clarity to this now that the other thread is marked as resolved.
AFAIK the basic fact of scanning their own rented servers for criminal activity is standard. Might be wrong but I think AWS is up to that too, if only from impressions gathered in the other thread. Willing to leave it open to review if it turns out that in fact competitors can offer rigorous privacy.
The most recent staff reply went some way towards relieving my concerns in that it implied there’s no strict NSFW filter in place beyond maybe getting flagged for some checks for exploitation/fraud which is valid.
Implications aren’t enough though I want clear statements of what’s allowed and what isn’t.
Someone from the bubble staff needs to flatly address the mistake of referencing those summaries in place of the legal terms and declaring pornography off limits. Is it or not? Can someone make a pornhub or onlyfans clone on bubble?
The original OP’s behaviour could have turned out to have justified a ban but it wouldn’t erase the concerns raised by him getting no notification. Is it standard practice to implement enforcement actions like this without notifying the app owner? let alone prior to the action? Further, can we get confirmation that the understandably somewhat secret review process has humans in the mix?
Let me endeavor to draft a statement that would satisfy my concerns(and hopefully others);
Guys we don’t have a nanny state approach to the content on your apps. Don’t defraud your customers or aid them in defrauding their customers and you’ll be fine. There is absolutely not a list of bad words that can be used to break your apps as a prank. Yes we do scan all data for certain criminal activity. That’s legally mandated of us in the US and is standard across the industry. Here are the clear cut terms covering this issue that you can share with your clients. In the event your app is flagged for legit reasons we will loop you in, you won’t just find out when your users complain. Sorry about quoting that mother line like it means anything legally.
That level of clarity would be ideal, @GaryIreland , agreed. Sadly, we have not an ounce of further clarity than we had over 3 weeks ago when these issues were first tabled in the Forum.
Schedule Backend Workflow: Nudge this post every 2 weeks ad infinitum until a thoughtful and fulsome response from Bubble’s senior management team is received.