Introducing SOC 2 and Bubble for Enterprise

georgecollier · September 6, 2023, 2:25pm

On this front, has there been any change on the fact that some Bubble employees can get unrestricted access to an app’s data (reference:

Josh: Request for a Security Q&A Guide

Can the Bubble team view our app’s data?

Yes. We view user data in order to respond to help requests and diagnose system issues. We have internal policies against accessing data except as necessary to address a specific customer need. We do background checks before hiring employees who will have access to customer data, and we take the responsibility of avoiding data misuse seriously. We plan to strengthen controls around this as we grow: for instance, we may in the future switch to an opt-in protocol where most members of the team can’t access data unless the app owner specifically consents. For now, we are a pretty small organization that works closely together, so we feel comfortable that we have a good sense of what everyone on the team is doing with user data.

That was a long while ago and Josh said it was going to change but I’ve never seen evidence of an opt-in protocol. Just seems like a big vulnerability if a disgruntled Bubble employee could access any app’s data without authorisation from the owner

If anyone can find an update on this let me know…

Topic		Replies	Views
Security Related Question (SOC 2 Type 2) Questions	1	509	December 9, 2023
How do you guys explain "security & privacy" to corporate clients? Questions	6	596	April 13, 2023
SOC2 compliant with bubble hosted websites Questions	1	213	March 25, 2024
Explaining to clients our app abides by standard security/compliance practices Questions	15	6301	April 8, 2020
Soc 2 compliance Questions	3	2297	June 9, 2022

Introducing SOC 2 and Bubble for Enterprise

Related topics