When you build on Bubble, we host your app for you. Let's talk about what that means for your app's security.

1. We take security extremely seriously.
​

We encrypt all traffic to Bubble.io over HTTPS (the green padlock on your address bar) and automatically pass through Cloudflare for domains to help worldwide accessibility and Distributed Denial of Service Protection (DDoS).
​
Our main cluster applications are hosted on AWS West Region. (This can be customized if you're on a Dedicated Plan.) We use up-to-date and patched servers to protect you from anything malicious. If your app goes viral and has spikes in activity, Bubble has you covered.
​
2. You control data privacy for your app.
​

You can control who accesses your data with Privacy Rules. You can set conditions for who can view, modify, search, or delete items of a certain data type. The condition is a dynamic expression that evaluates to "yes" or "no." Users who match the condition will have the permissions that you define, and everyone else will have the default permissions for that type.
​
Until you set privacy rules, all of your data types are open to the public, which may be appropriate in some instances, such as for like comments on a video.
​
3. We handle storing user passwords.
​

You may notice that the User data type in your app comes with a built-in field for email but not password. This is because all passwords are stored salted and encrypted on our end.
​
Bubble handles this part of your application's security, so both you, as its owner, and your users can feel confident signing up to a Bubble app.
​
We understand that many apps deal with sensitive information. We guarantee that we are a secure platform for you to build your application. From handling SSL, to giving you control over your data privacy, we are built for your protection.
​
​Challenge: Create your own privacy rules for a data type in your application and log in as different users to see the different permissions.