Data type rating

If you are new to database security and privacy rules, we recommend you first read through our dedicated article on the subject:

Article: Security | Database security

Just like pages, your data types can be categorized based on their intended accessibility: some data is meant to be publicly available, while other data should only be accessed under specific conditions. However, a data type does not in itself contain any data, but is instead separated into fields, each of which contain data that can be public or sensitive.

As Bubble generates reports on the security of your data types and fields, it again needs to know how you as a developer intend for the access of each of your data type fields to be.

Automatic ratings

Bubble uses AI to assign a sensitivity rating to each of your fields. If any ratings seem inaccurate, you can manually adjust the sensitivity for individual fields as needed.

Manual ratings

Every field can be given the rating safe or sensitive by clicking on the rate in the page rating tool.

  • Safe: the data in the field can be accessible to anyone, including through the Data API.

  • Sensitive: the data in the field should be protected with privacy rules, and should not be accessible by anyone without the proper authentication.

Reviewing database sensitivity

Whenever you add a new data type or database field to your app, you’ll be prompted to review its sensitivity. These reviews help ensure your app remains secure and well-maintained by providing:

  • Alerts when potential vulnerabilities are identified.

  • More accurate assessments of issue severity.

  • Tailored security checks for your database.

Default settings and Predict AI

When a new database field is created, Bubble automatically assigns a sensitivity rating using AI. This rating is based on factors like the field’s name and type, and it will remain in place until you manually update it. The prediction model, like any automated process, can make mistakes, so it's important that you consider reviewing fields an ongoing process.

How to choose the right sensitivity rating

As a general guideline, any field containing data you wouldn’t want to be freely accessible should be marked as sensitive. Use the table below to determine the correct rating for your database fields:

Sensitivity
Content
Examples

🟢 Public

Public data

Blog content, eCommerce product name and description

🔴 Private

Personal or sensitive information

User's name, Company email, API tokens, Invoice file

Unsure about a rating?

If you're unsure how to classify a particular field, our team is here to help. Use the chat button in the bottom-right corner of the editor to connect with an agent. Provide some context about the database field in question, and we’ll guide you to the right decision.

Last updated

Was this helpful?