Bubble Docs
  • Introduction
  • New? Start Here
  • What is Bubble?
  • The Glossary
  • User manual
    • Getting started
      • What is Bubble?
      • Building your first app
        • Planning features
        • Database structure
        • Design and UX
        • eCommerce and payments
          • Shopping cart
          • Checkout page
          • One-time payments
          • Subscriptions
          • Marketplace
      • Creating and managing apps
      • The Bubble editor
        • Tabs and sections
          • Design tab
            • The element tree
            • The property editor
          • Workflow tab
          • Data tab
          • Styles tab
          • Plugins tab
          • Settings tab
            • Application settings
              • Custom headers/body
              • Visual settings
              • Social media sharing
              • Translating your app
              • Email settings
              • Collaboration
            • Custom domain and DNS
          • Logs tab
        • Tools
          • Key features
          • The search tool
          • The Issue Checker
          • The element tree
          • The element property editor
          • The debugger
          • Notes
        • Previewing your app
      • Transitioning to Bubble from...
        • JavaScript
        • HTML and CSS
        • SQL
    • Design
      • Elements
        • The element hierarchy
          • The element tree
        • The page
        • Containers
          • Groups
          • Repeating groups
          • Table elements
          • Popups
          • Floating groups
          • Group focus
        • Visual elements
        • Input forms
          • Text and numbers
          • Dates and time
          • File uploads
          • Selection controls
        • Reusable Elements
      • Styling
        • Color variables
        • Font variables
        • Styles
        • Custom Fonts
      • Responsive design
        • Building responsive pages
        • Legacy articles
          • The Basics (Legacy)
          • Building Responsive Pages (Legacy)
          • Migrating Legacy Pages
          • Tips When Designing (Legacy)
      • Templates
      • The Component Library
      • Importing from Figma
    • Data
      • The database
        • Data types and fields
        • Creating, saving and deleting data
        • Finding data
        • Displaying data
        • Protecting data with privacy rules
        • The database editor
        • Export/import data
          • Exporting data
          • Importing data (CSV)
        • Working with location data
        • Using Algolia
        • Database structure by app type
          • Marketplace Apps
          • Directory & Listings Apps
          • Social Network Apps
          • SaaS Apps
          • Project Management Apps
          • CRM Apps
          • Professional Services Apps
          • On-demand Apps
          • Documentation/ CMS Apps
          • Applicant Tracking System (ATS) Apps
          • Portfolio Apps
          • Gallery Apps
          • Online Store / Ecommerce Apps
          • Blog Apps
          • Messaging App
          • Dashboards
          • Building Block Apps
          • Bubble as a backend
      • Files
      • Images
      • Static data
        • App texts (translations)
        • Option sets
      • Temporary data
        • Custom states
        • URL parameters
      • User accounts
        • Authentication plugins
          • Facebook plugin
          • Fitbit plugin
          • Google plugin
          • Instagram plugin
          • LinkedIn plugin
          • Pinterest plugin
          • Slack plugin
          • Wistia plugin
          • YouTube plugin
        • Cookies set by Bubble
      • Time, dates and time zones
    • Logic
      • The frontend and backend
      • Workflows
        • Events
          • Frontend events
            • Recurring workflows
            • Custom events
          • Backend events
            • Database trigger events
        • Actions
        • API Workflows
      • Dynamic expressions
      • Conditions
      • Navigation
        • Single-page applications (SPA)
        • Multi-page applications
        • Page slugs
    • Workload
      • Understanding workload
        • Activity types
        • The workload calculation
        • Client-side and server-side processing
      • Tracking workload
        • Measuring
          • Using App Metrics
        • Monitoring
          • Workload notifications
          • Infinite recursion protection
      • Optimizing workload
        • Optimization framework
        • Optimization checklist
          • Page load
          • Searches
          • Workflows and actions
          • Backend workflows
        • Agency showcases
          • Minimum Studio
          • Neam
          • Support Dept
    • Security
      • Bubble's security features
      • Planning app security
      • Client-side and server-side
      • Bubble account security
      • App security
      • Page security
      • Database security
      • API security
        • API Connector security
        • Data API security
        • Workflow API security
      • Flusk
        • Overview
        • Flusk plan features
        • Getting started with Flusk
        • Flusk security tools
          • The Issues Explorer
          • Issue details
          • Tools and settings
            • Pages rating
            • Database rating
        • Flusk FAQ
      • Cookies
      • Security checklist
    • Publishing your app
      • Web app
      • Native mobile app
        • Global native mobile settings
        • iOS App Store
        • Google Play Store
        • Publishing FAQ
    • AI
      • Generate apps with AI
        • About AI app generation
      • AI page designer
      • Connect to AI agents
    • Maintenance
      • Collaborators
      • Version control
        • Best practices: Version control
        • Transitioning from the legacy version control
        • Terminology: Version control
        • Version Control (legacy)
      • Commenting
      • Database maintenance
        • Copying the database
        • Restoring database backups
        • Bulk operations
          • Bulk operation methods compared
        • Wiping change history
      • Performance
        • Hard limits
        • Capacity Usage (legacy)
        • Notes on queries
      • SEO
        • Introduction to SEO
        • SEO: App
        • SEO: Page
      • Testing and debugging
        • Introduction to testing and debugging
        • The debugger
        • The server logs
        • Supported browsers
      • API workflow scheduler
    • Integrations
      • API
        • Introduction to APIs
          • What is a RESTful API?
        • The Bubble API
          • Bubble API terminology
          • Authentication
            • How to authenticate
            • No authentication
            • As a User
            • As an admin
          • The Data API
            • Data API Privacy Rules
            • Data API endpoints
            • Data API requests
          • The Workflow API
            • Workflow API privacy rules
            • Workflow API endpoints
            • API workflows
              • Creating API workflows
              • Scheduling API workflows
              • Recursive API workflows
              • API Workflow Scheduler
              • Case: Stripe notifications
        • The API Connector
          • Authentication
          • API Connector security
          • API guides
            • OpenAI
              • Authentication
              • Calls
                • ChatGPT
                  • Chat
            • Google Translate
              • How to setup Google API keys
          • Streaming API
        • API security
        • Plugins that connect to APIs
        • API Glossary
      • Plugins
        • What Plugins Can Do
        • Installing and using Plugins
        • Authentication plugins
        • Special Plugins
      • SQL Database Connector
      • Bubble App Connector
      • WorkOS
        • WorkOS SSO
        • WorkOS API
    • Infrastructure
      • Sub-apps
      • Bubble release tiers
      • Hosting and scaling
        • How Bubble hosting works
        • Scaling with Bubble
        • CDN (Cloudflare)
        • Bubble app names
        • Domain and DNS
      • Compliance
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks and standards
    • Bubble for Enterprise
      • Hosting and infrastructure
        • Dedicated instance
          • The Dedicated editor experience
          • Technical specs
          • Main cluster dependencies
          • Customizable options
          • Migration process
            • Pre-migration
            • During migration
            • Post-migration
      • Security and compliance
        • Single sign-on (SSO)
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks
        • Bubble's security features
      • Admin and collaboration
      • Priority support
      • Billing and Payment Guideline for Dedicated Instances
  • Core Reference
    • Using the core reference
    • Bubble's Interface
      • Design tab
      • Design tab (Legacy)
      • Workflow tab
      • Data tab
      • Styles tab
      • Styles tab (Legacy)
      • Plugins tab
      • Settings tab
      • Logs tab
      • Template tab
      • Toolbar
      • Top and context menu options
      • Deployment and version control
        • Deployment & Version Control Dropdown (legacy)
      • Notes
    • Elements
      • General properties
      • General properties (Legacy)
      • Styling properties
      • Styling Properties (Legacy)
      • Responsive Properties
      • Responsive Properties (Legacy)
      • Conditional formatting
      • States
      • Page Element
        • Page Element (Legacy)
      • Visual Elements
      • Containers
      • Container Layout Types
      • Containers (Legacy)
      • Input Forms
      • Reusable Elements
      • Element Templates (legacy)
    • Workflows
    • Events
      • General events
      • Element events
      • Custom events
      • Recurring event
      • Database trigger event
    • Actions
      • Account
      • Navigation
      • Data (things)
      • Email
      • Element
      • Custom
    • Data
      • Data Sources
      • Operators and comparisons
      • Search
      • Privacy
    • Styles
    • API
      • The Bubble API
        • The Data API
          • Authentication
          • Data API endpoints
          • Data API requests
        • The Workflow API
      • The API Connector
        • Authentication
        • Adding calls
    • Bubble-made Plugins
      • AddtoAny Share Buttons
      • Airtable
      • API Connector
      • Blockspring
      • Box
      • Braintree
      • Bubble App Connector
      • Chart.js
      • Circle Music Player
      • Draggable Elements
      • Dropzone
      • Facebook
      • Fitbit
      • Full Calendar
      • Google
      • Google Analytics
      • Google Optimize
      • Google Places
      • Ionic Elements
      • iTunes
      • Slidebar Menu
      • LinkedIn
      • Localize Translation
      • Mixpanel
      • Mouse & Keyboard Interactions
      • Multiselect Dropdown
      • Progress Bar
      • Rich Text Editor
      • Rich Text Editor (Legacy)
      • Screenshotlayer
      • SelectPDF
      • Slack
      • Segment
      • Slick Slideshow
      • SQL Database Connector
      • Star Rating
      • Stripe
      • Tinder-like Element
      • Twitter
      • YouTube
      • Zapier
    • Application Settings
      • App plan
      • General
      • Domain / email
      • Languages
      • SEO / metatags
      • API
      • Collaboration
      • Sub-apps
      • Versions
  • Account & Marketplace
    • Account and billing
      • Pricing and plans
        • Plans and billing
        • Billing cycle
        • FAQ: Pricing and Workload
      • Account Management
      • Building Apps for Others
      • Selling on the Marketplace
      • Plans & Billing (legacy)
    • Official Bubble Certification
      • Hiring certified developers
    • Building Plugins
      • The Plugin Editor
      • General Settings
      • Updating to Plugin API v4
      • Adding API Connections
      • Building Elements
      • Building Actions
      • Loading Data
      • Publishing and versioning
      • Github Integration
    • Building Templates
    • Application and data ownership
    • Marketplace policies
    • Bug reports
  • Beta features
    • About the Beta features section
    • Native mobile apps 🔒
      • Introduction
        • What is a native mobile app?
        • Native mobile vs. web development
        • Differences in native and web elements
        • Native mobile app terminology
      • Building
        • Views and navigation
        • Native mobile actions
        • Components and gestures
        • Device resources
          • Location services
          • Camera/photo library
      • Previewing
      • Publishing
Powered by GitBook
On this page
  • How uploaded files are handled
  • Managing files in the Bubble editor
  • Uploading
  • Deleting files
  • Managing files in your app
  • Uploading
  • Saving the URL in the database
  • Uploading private files
  • Deleting files
  • Other ways to learn

Was this helpful?

  1. User manual
  2. Data

Files

This section covers how Bubble handles uploaded files and images and

Last updated 3 months ago

Was this helpful?

Bubble provides built-in tools for uploading and storing files and images, both within the editor and in your app.

File management can be a highly important aspect of your application, depending on your specific needs. Some apps require publicly accessible files, such as a photo-sharing platform or a marketplace displaying product images. Others need strict security measures to protect sensitive data, such as confidential documents, personal files, or employee records.

Many applications fall somewhere in between, managing a mix of public and private files. Some files may even change their visibility based on specific conditions—for example, a photo that only becomes visible if a privacy setting is marked as public = yes.

This article explores how to upload, display, download, and delete files in Bubble while ensuring proper security through privacy rules.

A note on plugins: Some plugins offer ways of uploading and managing files that may differ from Bubble's built-in features and how they are described here. If you use a plugin to upload and/or manage files, we recommend getting to to know the documentation for the plugin and any third-parties used for file storage, conversion and other external services. The instructions in this article for maintaining file privacy pertain specifically to Bubble's native file management features.

How uploaded files are handled

The Bubble database has two field types that support files: file and image.

Let's first look at how the mechanics of those features work:

The field in the database does not contain the actual file, but only a URL pointing to that file on another server. In other words, the file and image field types only contain a short string of text: the file's URL.

When you or one of your users upload a file using one of Bubble's built-in tools, it goes through the following steps:

  • The file is uploaded to a file storage server

  • That server returns a URL to reach that file

  • That URL can be saved to the database using a workflow

This logic comes with a few important points to note:

  • The size of your file (while important when the file is downloaded) does not affect the size of your database – it only contains the URL as text

  • When you delete the content of that field, you are only deleting the URL – not the file

  • Files are spread across Bubble's , ensuring a fast download

Managing files in the Bubble editor

Uploading

Files uploaded through the Bubble editor are not protected by . You should only upload files that are meant to be public.

Files can be uploaded directly in the Bubble editor in two ways:

File manager

By navigating to Data - File manager you can see and search for all files that have been uploaded. To upload a file, click the Upload button in the upper right corner, marked in red in the screenshot below:

The file manager differs between files that were uploaded in Development and Live. Click the link in the upper right corner to switch between the two.

The database manager

When you edit a database thing that has a file or image field, you can upload a file directly to that field. The file will be uploaded and the URL will be linked to the database thing.

Deleting files

Deleting files in the Bubble editor is done by going to Data - File manager. Select the files you want to delete with the checkbox in the list, and then click the Delete button in the upper right corner. Keep in mind that Development and Live are separate.

Also note that if you edit a database thing in the database editor and remove the file from it by clicking the Clear link, this only removes the URL saved on that thing – it does not delete the file.

Managing files in your app

Uploading

To allow users to upload files, you can choose between two Bubble-native elements:

  • File uploader

  • Image uploader

The elements both upload files and store their URLs in the database, but each offers a few key differences in their settings:

  • The image uploader

    • Offers a preview of the image

    • Accepts image formats

    • If an image is larger than 800 x 600 pixels, you can check a box to resize the image to these dimensions

  • The file uploader

    • Will show the filename and allow the user to download the file with a click

    • Accepts all file types

    • Lets you set a maximum file size in megabytes

If empty, both elements will open the standard operating system file selector.

When a file is uploaded by a user, it's immediately uploaded to the file storage server. This means that as soon as a file is uploaded, it technically has a live URL that can be viewed by anyone with the URL, even if you haven't saved the URL in the database yet.

To keep files private, see how to use privacy rules with files below.

Saving the URL in the database

After the file has been uploaded in one of the elements, it's value will return the URL of the image. You then need to use a workflow to save the URL in a field on the relevant data type.

Uploading private files

Private files are linked to a specific database record and inherit the privacy rules associated with that data type. For example, if a user uploads a profile photo to their user record, the image file will be protected according to the privacy rules set for the User data type.

To ensure a file remains private, a few additional settings must be configured:

Element settings

To set a file to be private, you need to first change some settings on the uploader element:

  1. First, check the box Make this file private

  2. A dynamic field will become visible where you can specify what database thing you want to attach the file to. In this example we have set the current user.

These two steps will ensure that the file is uploaded as a non-public file. We then need to check the Privacy Rules on the User data type to control who has access to it.

Privacy rules

In the beginning of this article we covered that a file upload essentially consists of two parts: the file itself and its URL. This becomes useful and important when we set up the privacy rules.

There are two settings that affect the privacy of a file:

  • The field in which the file is saved (visible when View all fields is unchecked) This setting hides the field in which the URL is saved: in other words, a user without access will not be able to see the URL, but if they were to get the URL somewhere else (for example shared by another user who has access) they would be able to access the file through the URL.

  • View attached files This setting makes the file itself unavailable to all users who are not authorized to see it. Even if they had the URL, trying to view the file would result in an error message.

It's important to note that the first setting alone is not considered a secure way to store a file. Since it's publicly available, anyone could view it if they had the URL, which means the data is obfuscated but not secure.

Only by securing the second setting (view attached files) can you know for sure that no unauthorized users will be able to access it.

Deleting files

If you simply clear a file or image field in a data type, only the file’s URL is removed from the database—the file itself remains stored and accessible. To permanently delete the file, free up storage space, and ensure it is no longer available online, you need to configure a specific deletion action:

The Delete an uploaded file action removes a specified file using its URL. In the example above, this action is used to delete a user's profile picture by referencing the Current User's Profile Image, which is of type image.

To ensure the database no longer references the deleted file, you should also include a Make changes to a thing action. This step clears the file or image field, ensuring it returns an empty value after deletion.

Other ways to learn

Video lessons
Related articles

How to use the file uploader element
How to delete files attached to things
The file and image uploader elements
The image and file fields hold the URLs of uploaded images and other files.
The file manager lets you update files. Click to enlarge.
Removing an image from the database using the Clear link does not delete the file, it only removes the URL from the database
After uploading the file, you need to save the URL to a field on the user.