Can we have a security FAQ

It would be useful to have a security FAQ for Bubble. I imagine that security concerns pass through everybody’s mind at some point in building an app that has users or sensitive data, given the state of web security and the requirements in all major mobile app stores re: app developer responsibilities for user privacy etc.

Some things this FAQ could cover:

  • Where is my app’s data stored?
  • Who can access the app data?
  • What information should I not provide to my users (e.g., object IDs?)
  • What security guarantees does Bubble provide?
  • Related: What general intrusions do those security measures generally guard against?
  • A (much more) user-friendly guide about roles and what exactly they can do to enforce the app designer’s desired security

I’m sure folks reading this probably have some curiosities of their own too, re: security.

Thanks for considering!


We’ll look into it.

I support this request. Now that I’m a paid subscriber building an app and getting to know the platform, I’d like to see and hear more about how the security model will mature. The absence of SSL for my app is a concern and will cause me to rethink my choice of Bubble as I move toward a production app. That’s not the only security requirement that needs to be resolved of course, but it’s the most obvious and immediate from a user perspective.

1 Like

See this post HTTPS / SSL and Bubble

and reach out to us for SSL (it involves manual work on our end)

I think a security FAQ is still a need or is there now one?

Having one - and the work you need to do to create it - reassures us that you take security seriously and shows what work you have put in on making sure the service is secure.

I have some specific concerns:

  • How and where is “database” data held?
  • Is data encrypted-at-rest?
  • Who at Bubble or among your suppliers has visibility of an individual app’s data?
  • What penetration testing of the Bubble editing apps is conducted, if any?

All these are pretty important from an enterprise perspective…


Any progress on a security FAQ? It seems like a lot of Bubbler’s apps are mature enough that they’ve been launched. This is (or at least should be) a serious issue for all of us.

1 Like

bump @emmanuel

If you have specific questions we’re happy to talk about this by email, it’s a bit early for us to do something public as a FAQ.

How do we email you to ask security questions?


Is it still too early now?