How we made Bubble never sees sensitive data at all?

Showcase Plugins
1

A Bubble developer reached out with a simple-sounding request:

“Users upload medical PDFs. We need to remove names, ages, and IDs before storing them.”

At first glance, it sounds easy.

In practice, every common approach failed:

○Uploading the PDF first → data already leaked

○Backend workflows → slow, expensive, risky

○External OCR / redaction APIs → HIPAA nightmare

○Regex plugins → break on real PDFs

○Storing raw files temporarily → compliance issue

The core issue wasn’t redaction.

It was where the redaction happened.

The solution we built

We built Document Redactor Pro around one strict rule:

The original PDF must never leave the user’s browser.

So the flow became:

1000020170
10000201701793×1472 477 KB

1. User selects a PDF

2. PDF is processed entirely client-side

3. Sensitive text is detected using developer-defined rules:

●hide specific values (names, IDs, ages)

●hide word after keyword (Age: 21yo)

●hide entire line after keyword (Patient Name: John Doe)

4. Black boxes are drawn directly onto the PDF pages

5. A brand-new, flattened PDF is rebuilt

6. Only the redacted PDF is uploaded to Bubble’s CDN

No backend workflows.

No temporary storage.

No external APIs.

Just the browser doing the work it’s already good at.

Demo

Editor

3 Likes
2

I assume the user isnt a patient?

1 Like
3

the user doesn’t have to be a patient at all. The plugin is deliberately neutral about who the user is, because it’s really about where sensitive PDFs enter your app, not about a specific role.

In the medical example, the uploader could be:

a clinic staff member uploading intake forms

a doctor uploading reports

an admin processing documents in bulk

The patient is just data inside the PDF, not the person interacting with the app.

More generally, the plugin fits anywhere sensitive documents are uploaded by any user type. For example:

HR apps: employees upload contracts → names, salaries, IDs are redacted before storage

Legal apps: lawyers or assistants upload case files → client names and addresses removed

Finance apps: accountants upload statements → account numbers hidden client-side

Marketplaces / SaaS: users upload PDFs → app strips PII before saving or sharing

The key idea is this:

:backhand_index_pointing_right: who uploads the file doesn’t matter

:backhand_index_pointing_right: what matters is that sensitive data inside the PDF is removed before Bubble ever receives it

4

Got it. A few quick notes:

  1. The redacted file isn’t actually downloadable. The demo only shows a URL I can’t copy.
  2. The keyword rule is wiping out the keyword itself instead of only the word after it. The rest of the line also isn’t kept as text. It comes out flattened. I added a screenshot so you can see what I mean.
  3. Would be helpful to let us rename the output file before uploading it. Original filenames can have PHI too, so keeping that client-side would solve that.
    Screenshot 2026-01-26 162443
    Screenshot 2026-01-26 162443508×305 1.52 KB
1 Like
5

I really appreciate ur notes :folded_hands:, im gonna set them up right now

6

Yeah, that’s clever. Keeping everything client-side avoids all the HIPAA headaches. Browser-based redaction FTW.