Database rating

If you are new to database security and privacy rules, we recommend you first read through our dedicated article on the subject:

Article: Security | Database security

Just like pages, your data types can be categorized based on their intended accessibility: some data is meant to be publicly available, while other data should only be accessed under specific conditions. However, a data type does not in itself contain any data, but is instead separated into fields, each of which contain data that can be public or sensitive.

As Flusk generates reports on the security of your data types and fields, it again needs to know how you as a developer intend for the access of each of your data type fields to be.

Selecting a data type

Before you can assign a rating to a field, you need to pick which data type you want to work with. Flusk will fetch all data types from the selected app and show them. Clicking an data type will show you each field on that type.

Automatic ratings

Flusk will attempt to give each of your data type fields a rating on its own by using AI. Each of those fields can be overridden by clicking on the assigned rating.

Manual ratings

Every field can be given the rating safe or sensitive by clicking on the rate in the page rating tool.

  • Safe: the data in the field can be accessible to anyone, including through the Data API.

  • Sensitive: the data in the field should be protected with privacy rules, and should not be accessible by anyone without the proper authentication.

Reviewing database sensitivity

Whenever you add a new data type or database field to your app, you’ll be prompted to review its sensitivity. These reviews help ensure your app remains secure and well-maintained by providing:

  • Alerts when potential vulnerabilities are identified.

  • More accurate assessments of issue severity.

  • Tailored security checks for your database.

Default settings and Predict AI

When a new database field is created, Bubble automatically assigns a sensitivity rating using Predict AI. This rating is based on factors like the field’s name and type, and it will remain in place until you manually update it. The prediction model, like any automated process, can make mistakes, so it's important that you consider reviewing fields an ongoing process.

Reviewing fields manually

To ensure that the sensitivity ratings align with your app's unique requirements, you can review and adjust them manually. Simply navigate to the database tab, select the field you want to update, and choose the appropriate sensitivity rating from the dropdown menu.

How to choose the right sensitivity rating

As a general guideline, any field containing data you wouldn’t want to be freely accessible should be marked as sensitive. Use the table below to determine the correct rating for your database fields:

Sensitivity
Content
Examples

🟢 Not sensitive

Public data

Blog content, eCommerce product name and description

🔴 Sensitive

Personal or sensitive information

User's name, Company email, API tokens, Invoice file

Unsure about a rating?

If you're unsure how to classify a particular field, our team is here to help. Use the chat button in the bottom-right corner of the editor to connect with an agent. Provide some context about the database field in question, and we’ll guide you to the right decision.

Last updated

Was this helpful?