How does bubble handle PII

I have a real estate app for investors. I am capturing data from customers (the investors) and non-customers (homeowners).

I want to ensure customer and non-customer data is secure. I’m not storing any credit card information, passports, etc but I am storing address, names and contact information.

Does bubble handle PII compliance for user data that’s stored in the database or is it my responsibility to do something in addition to just storing data with bubble?

Bubble is as complaint as you make it. It is your responsibility to ensure that everything is private. You need to make sure you have proper privacy rules in place and your backend workflows are not accessible.

You can use https://www.flusk.eu/ to see how secure your app is.

1 Like

Privacy rules, without much exception, are the ONLY thing that you can use to restrict data access. Privacy rules, privacy rules, privacy rules. If a data type does not have privacy rules, it will be public even if you do not display said data.

1 Like