Bubble's security features

This article provides a general overview of the different security features Bubble as a platform offers.

Note: Should there be any inconsistencies between the content provided below and Bubble's official terms of use or other policy documents, the terms and provisions specified in Bubble's official documents shall take precedence and prevail. Always refer to Bubble's official legal documents for definitive guidance.

Bubble’s security features

Account access

Bubble provides robust security measures for your account, including industry-leading authentication methods, two-factor authentication (2FA), and Single Sign-On (SSO) capabilities.

Article: Bubble account security

Privacy rules

With Bubble's privacy rules, you can set specific conditions on who can search for, view, and modify data. By applying these rules, you make sure that sensitive information remains protected and accessible only to the intended users, safeguarding the integrity and confidentiality of your data.

Article: Privacy rules

Secure file hosting

Bubble's secure file hosting ensures that all your uploaded files, such as images, documents, or other media, are stored safely. These files can also be protected with privacy rules to prevent unauthorized access, making sure only you and permitted users can view or interact with them.

Article: Files

Workflow conditions

Workflow conditions in Bubble's editor give you the power to set particular criteria under which a certain action or workflow will operate. This means specific actions within your app will only run if your set conditions are met.

Article: Conditions

User authentication

Bubble's user authentication mechanism facilitates the verification of your end-users identity according to the most up-to-date security standards. By employing robust account creation and sign-in procedures and combining it with other security tools such as privacy rules and conditions, you have a high degree of control over who can access what in your app. Article: User authentication

Advanced DDoS protection

Bubble uses Cloudflare and an in-house (Distributed Denial of Service) protection system to monitor, track, and block even the most granular attacks so that your Bubble applications remain resistant to malicious disruption attempts.

HTTPS encryption

Bubble employs HTTPS encryption to ensure all data transmitted between your browser and Bubble's servers is encrypted.

Article section: What is the HTTPS protocol?

API authentication

With Bubble's Data API and Workflow API authentication, you're assured that any external requests to your Bubble applications are both authenticated and authorized. By setting up secure tokens or specific authentication methods, you maintain control over who has the ability to access your app's data and initiate workflows.

Article: The Data API Article: The Workflow API

Server logs

Bubble offers server logs, to capture various interactions and activities within the platform. These logs are invaluable for monitoring, troubleshooting, and ensuring your application's security and performance.

App preview

By default, Bubble's apps require a username and password to preview.

Last updated

#829: Flusk: more detailed Issue Descriptions

Change request updated