Is Bubble data stored in an encrypted format?

Is data on Bubble stored in a fully encrypted format, i,e. if someone hacked in, would they be able to read the content or would it all be just encrypted text?

The bubble database is encrypted at rest on AWD RDS.

If someone hacked into YOUR Bubble account and looked at YOUR data … it would not be.

Hi Nigel, just been reading an excellent thread that you were heavily contributing to and it is clear from that you know a LOT.

So technically, can I say to my users that the data is encrypted or would that be inaccurate?

My reason for asking is that I’ve been using the Encode/Decode plugin, but the problem with that is that it is an easy job for me just to login as any user and see the data anyway, so it makes me wonder what the point is. Am I just creating a big workflow processing overhead for no actual benefit?

1 Like

With 99% of certainty, yes. See my comments in that same thread. Including a link in one of my first responses.



Unless you NEED to store something like a token (in which case I move the keys off to another external service) then it is almost certainly overkill.


Quick question then @NigelG and @vini_brito

Assuming I am using the default Bubble set-up how can I accurately and honestly describe the encryption/security to my users to ensure them that their data is safe and secure?

And a big thanks to both of you for your advice.

You can scan the forum and official documentation for informatin about security, but in short it’s what Nigel already said in his last response. (:

  • HTTPS / SSL encryption is used to secure transfer between the user’s browser and the database
  • The database is encrypted at rest, on Amazon Web Services RDS
  • User passwords are salted and encrypted and held separately
  • Privacy Roles are available to ensure data is not visible to other users

Something like that ?


That’s perfect.

I looked up AWS RDS and got the following:

“RDS encryption uses AES-256 encryption algorithm to encrypt your data on the server that hosts your RDS instance”

and if anyone visiting my app wants to know more I figure I can link through to this:

So all in all, the data is pretty much as secure as it can be, isn’t it?

Thanks for your help Nigel. Really appreciate that clarity, as I was a bit worried that it wasn’t secure, but it turns out it is.


This topic was automatically closed after 70 days. New replies are no longer allowed.