Our team takes security extremely seriously, as we do understand that many of our clients deal with sensitive information. The most important thing that you can do to keep your data secure is to define Privacy Rules within your applications; these rules are checked server-side whenever data is accessed in your application.
Bubble’s main cluster applications are hosted on AWS West Region (Oregon, US; this can be customized if you're on a Dedicated Plan) which maintains a state-of-the-art security infrastructure. We encrypt all traffic to bubble.io over https, and encourage and support our clients to use encryption on their own domains. All user passwords are stored salted and encrypted in our database; other user data is encrypted at rest (we're on AWS RDS). Our servers use up-to-date, patched versions of Linux and are constantly updated. SSL connection and Cloudflare integration are standard on all custom domains.