Detailed guide on Privacy Rules

Hey people,

I’ve just published a new article on how to use Privacy Rules in Bubble.

The trigger to write the article is both that it’s one of the things I get asked about the most, but also that I’m somewhat concerned that a lot of Bubble users are not aware of just how important it is to set Privacy Rules up correctly to protect private data. As I mention in the article, I see everything from private user data to API secret keys revealed in some apps, and I suspect the developer is oblivious.

And the crazy thing is: privacy rules are simple to set up.

I’ve also included

• a quick way to check in Chrome DevTools just what kind of data your browser sits on as you perform a search, so that you can check for yourself what your app exposes
• an explanation of the View attached files setting (which is often misunderstood)
• a potential risk in running on-page workflows (also mentioned in Bubble’s documentation)

See this guide as a work in progress - I’m sure I’m not answering every question or exploring every angle, so let me know if you have questions, think it needs improvement or spot any errors.

Nice!!!

This is amazing. Thanks dor your time…

Fantastic – thank you for putting this together – very insightful and well done!

Re: what else would be good to cover, it would be great to see a basic explanation of the various API privacy settings and issues.

Thanks @ed727

Yeah, I’m thinking of adding a thorough part on the back-end as well!

This is great @petter, thanks for another solid guide!

What ideas or possibilities are there to not publicly exposing the database schema? Is this the main reason people move to using an external database?

Can or why doesn’t Bubble tooling obfuscate the database schema?