Privacy Rules are one of the most important concepts that every Bubbler needs to know, yet it is often ignored or misunderstood by Bubblers. If you want to build a truly secure app, you will need to know how to set Privacy Rules for your app.
Privacy Rules dictate who can view, modify, and access data in your app. It's essential to configure these rules correctly, to protect sensitive data, maintain user privacy, and comply with regulations like GDPR and CCPA.
What are privacy rules?
All the data that you store in Bubble is hosted on Bubble's server. Privacy Rules are rules that tell the server to send data to your user's browsers or modify the database only if your conditions are met.
Why is this important? This is because once the data reaches your user's device, it is no longer secure - if you return 100 items in your search, even if you show only 1 item to your user, the rest can be seen by an unintended receipient.
How do Privacy rules protect my data?
As illustrated by Bubble in the image above, Privacy Rules act as a 'firewall' for your data – every request from the User/API Client goes through a process of authentication before it's completed or rejected.
In the example of an eCommerce store, there would be both public data (accessible by anyone) and private data (protected by Privacy Rules) in your database:
- All Products should be public data and viewable by anyone (if not, no one will be able to buy anything)
- All Shopping carts should be private data and only be viewable by the user who created it (to keep the user's purchase history private)
You would need to set up privacy rules to protect the 'Shopping Cart' data.
How do I set up privacy rules?
Privacy Rules protect your data types in the following ways:
- You can stop specific fields from being viewed
- You can stop the data type from being found with Do a search for
- You can stop users from viewing uploaded files
- You can stop users from making changes with auto-binding
Expanding on Bubble's earlier example, let's try creating privacy rules for our shopping cart: