This app may share these data types with third parties: Location and Personal info.
This app may collect these data types: Location and Personal info.
Data is encrypted in transit.
Account deletion is available. You can request to delete collected data.
1. Infrastructure and Hosting:
Bubble is hosted on Amazon Web Services (AWS), which is compliant with industry standards like SOC 2, CSA, and ISO 27001.
AWS provides robust physical security, network isolation, and data encryption, forming the foundation of Bubble’s security.
Bubble also uses Cloudflare for DDoS protection and other web-based attack prevention.
2. Data Encryption and Security:
Bubble uses HTTPS encryption to secure data transmitted between users and the Bubble servers.
Data at rest is encrypted using AES-256 encryption provided by AWS RDS.
Bubble offers Data API and Workflow API authentication, ensuring external requests are authenticated and authorized.
3. User Authentication and Access Control:
Bubble implements user authentication with password hashing and salting to protect user data.
It offers options for email confirmations, two-factor authentication, and Single Sign-On (SSO) integrations.
Privacy rules allow users to control data access, ensuring that only authorized users can view or modify sensitive information.
4. Security Features and Practices:
Bubble uses automated code testing, vulnerability testing (including OWASP Top 10), and continuous monitoring technologies.
It offers features like server logs, app previews, and the ability to disable specific features for enhanced security.
Bubble also provides tools for managing account access, including backup codes and the option to enable multi-factor authentication.
5. Shared Security Responsibility:
Bubble and its users share responsibility for security.
Bubble is responsible for providing the security features and infrastructure, while users are responsible for maintaining secure account access and using Bubble’s settings correctly.
