What are Bubble’s security protocols for my app’s data?

Our team takes security extremely seriously, as we do understand that many of our clients deal with sensitive information. The most important thing that you can do to keep your data secure is to define Privacy Rules within your applications; these rules are checked server-side whenever data is accessed in your application.

Bubble’s main cluster applications are hosted on AWS West Region (Oregon, US; this can be customized if you're on a Dedicated Plan) which maintains a state-of-the-art security infrastructure. We encrypt all traffic to bubble.io over https, and encourage and support our clients to use encryption on their own domains. All user passwords are stored salted and encrypted in our database; other user data is encrypted at rest (we're on AWS RDS). Our servers use up-to-date, patched versions of Linux and are constantly updated. SSL connection and Cloudflare integration are standard on all custom domains.

Security & Privacy

How is Bubble hosted?

What will happen to my app if Bubble shuts down?

Why am I getting pop-ups about entering my password and email, or autofilling my email when trying to type in a text input in the editor?

Can I choose where the AWS server for my Bubble app is hosted?