Data type rating
Just like pages, your data types can be categorized based on their intended accessibility: some data is meant to be publicly available, while other data should only be accessed under specific conditions. However, a data type does not in itself contain any data, but is instead separated into fields, each of which contain data that can be public or sensitive.
As Bubble generates reports on the security of your data types and fields, it again needs to know how you as a developer intend for the access of each of your data type fields to be.
Automatic ratings
Bubble uses AI to assign a sensitivity rating to each of your fields. If any ratings seem inaccurate, you can manually adjust the sensitivity for individual fields as needed.
Manual ratings
Every field can be given the rating safe or sensitive by clicking on the rate in the page rating tool.
Safe: the data in the field can be accessible to anyone, including through the Data API.
Sensitive: the data in the field should be protected with privacy rules, and should not be accessible by anyone without the proper authentication.
Reviewing database sensitivity
Whenever you add a new data type or database field to your app, you’ll be prompted to review its sensitivity. These reviews help ensure your app remains secure and well-maintained by providing:
Alerts when potential vulnerabilities are identified.
More accurate assessments of issue severity.
Tailored security checks for your database.
Default settings and Predict AI
When a new database field is created, Bubble automatically assigns a sensitivity rating using AI. This rating is based on factors like the field’s name and type, and it will remain in place until you manually update it. The prediction model, like any automated process, can make mistakes, so it's important that you consider reviewing fields an ongoing process.
How to choose the right sensitivity rating
As a general guideline, any field containing data you wouldn’t want to be freely accessible should be marked as sensitive. Use the table below to determine the correct rating for your database fields:
🟢 Public
Public data
Blog content, eCommerce product name and description
🔴 Private
Personal or sensitive information
User's name, Company email, API tokens, Invoice file
Unsure about a rating?
If you're unsure how to classify a particular field, our team is here to help. Use the chat button in the bottom-right corner of the editor to connect with an agent. Provide some context about the database field in question, and we’ll guide you to the right decision.
Last updated
Was this helpful?