Privacy/Security of List of Users

I’ve read recently that lists do not obey privacy rules and that loading lists essentially loads all the data into the browser.

I want to make sure I understood this correctly, as this is obviously a major security issue.

Let’s say I have a user of type “coach” who teaches a list of users of type “client”

One way to keep track of this is relationship is to store a list of clients on each coach.

Let’s say I have a drop-down of type user that pulls from this coaches list of clients.

Am I now storing the entirety of that user data in the browser? I.e emails, phone numbers, other fields for every user in the list.

Ideally if there’s some sensitive info that you have of users, consider storing it on a satellite data type under each user. For example, create a custom type called User Metadata, put that info here and add it as a field on the User table.

Then apply the right privacy rules on it. This way, retrieving a User’s User Metadata would go through an additional step and you’ll have more control on it’s privacy rules.

But I doubt this should even be an issue if you’ve set up the privacy rules on the User type correctly. Could you link me to where you saw this? I might have some reading to do too!

1 Like

This topic was automatically closed after 70 days. New replies are no longer allowed.