Canvas Documentation
Bubble Best Practices
v3.8
v3.8
  • Introduction
  • Key Features
  • What's New
  • Canvas Design System Figma File
  • CANVAS FUNCTIONALITY
    • Getting Started
    • Branding & Design
    • Marketing Pages
    • Bubble Pages & Blocks
    • Roles & Permissions
    • Menus & Navigation
    • Data & Workflows
    • Emails & Alerts
    • Privacy rule checker
    • Miscellaneous
      • Setting up two factor authentication
      • Cookie and consent banner
      • Setting your password policy
      • Set up Payment info on Account page
      • Loading screen
      • Configuring multiple languages
      • Customizing your app's portal page colors
    • Reference
      • Pages
        • Index
        • Admin Portal
        • Account
        • Login
        • Legal
        • Reset Password
        • 404
      • Reusable elements
        • Header
        • Footer
        • Signup & Login
        • Cookies Permission
        • Widgets
          • App security
          • Header Widgets
          • Workflow Widgets
        • Admin Portal
          • Admin analytics
          • Admin email & templates
          • Admin header & footer
          • Admin legal popups
          • Admin branding, launch, and settings
          • Admin marketing pages
          • Admin portal canvas logic
          • Admin options settings
        • Menu Focus Elements
      • Data types
      • Option Sets
      • Backend Workflows
      • Design standards
        • Manually Building UI
  • Bubble Best Practices
    • Learning Bubble Basics
    • Principles
    • Database
    • Design
    • Security
    • SEO
    • Speed
    • Modularity
      • Data triggers
  • Canvas library
    • Page templates
      • Free Bubble Marketing Page
      • Premium Bubble Marketing Page
      • Centered Profile Page
      • Left-Justified Profile Page
      • Standard page
      • Toggle Tabs Page
      • Menu Page
      • Mobile Menu Page
      • Video List Page
      • Standard Portal / Dashboard Page
      • Simple Portal / Dashboard Page with Icons
      • Double Sidebar Portal Page Template
      • Search Page
      • Map Search Page with Toggle and Filters
      • Floating Map Search Page
      • Search Bar Page
      • Multi-Step Page With Progress Bar
      • Standard Multi-Step Process Page
      • Multi-Step Process Page with Sidebar
      • Gallery Profile or Product Page
      • Sidebar Profile Page
      • 2-Column Menu Tabs Page
      • 2-Column Checkout Page
      • 2-Column Video Chat Page
      • Vertical Multi-Step Page Template
    • Blocks
      • Monthly Calendar Scheduling Widget
      • No Reply Comments Thread
      • Nested Comments Thread (with Like and Reply)
      • Placeholder Group
      • List with Circular Progress Bar Repeating Group
      • Top Input Chat Widget
      • Bottom Input Chat Widget
      • Toggle Tabs Group
      • Single-Select or Multi-Select Pill Tabs Group
      • Settings group
      • To-Do List Repeating Group
      • Title Group with Button and Filters
      • Product Details Group With Progress Bar
      • Listing details with Icons and Menu Focus Group
      • Week Daily Availability Group
      • Frequently Asked Questions (FAQ) Repeating Group
      • Dismissible Module
      • Video Group
      • About Group
      • Add to Cart Group
      • Full Width Map with Directions Link
      • Location Module (Map and Directions)
      • Drag and Drop Repeating Group
      • Infinite Columns Horizontal Scroll Data Table with Fixed First Column
      • Expiration timer
    • Popups
      • Confirmation Popup
      • Message Popup
      • Image Popup
      • Video Popup
      • Vertical Scroll Popup
      • Edit Popup
      • Standard Form Popup
      • Subscribe Popup
      • Feedback / Contact Popup
      • Details Popup
      • Add List Popup
      • Advanced Form Popup
      • Rating Popup
      • Toggle Tabs Popup
      • Share Popup
      • Multi-Step Popup
      • Invoice Popup
      • Stripe Credit Card Purchase Popup
      • View Profile Popup
      • Send Message Popup
      • Multi-Select Pill Tabs Popup
      • Pricing Plans Popup
Powered by GitBook
On this page
  • Why privacy rules matter
  • How to use the checker
  • Review your database
  • Open the tool from the Canvas extension sidebar
  • Tell the tool how the data should be protected
  • Fix bugs and dismiss unimportant alerts
  • Export a report

Was this helpful?

  1. CANVAS FUNCTIONALITY

Privacy rule checker

PreviousEmails & AlertsNextMiscellaneous

Last updated 3 years ago

Was this helpful?

Scans Canvas applications for misconfigured privacy rules that expose private data to users.

Because the tool uses the Role option set associated with Users, it only works with Canvas apps made from the Base template in 2021 or later.

A professional license is required to use this feature

Why privacy rules matter

Privacy rules are your app's most important defense against exposing private data from your app's database. From user email addresses to transaction information, all data saved into the Bubble database needs to be protected by privacy rules.

These privacy rules are configured by the Bubble developer. We recommend setting them up while setting up your database in order to avoid additional work later on.

How to use the checker

Review your database

Before using the privacy rule checker, it's important to have a deep understanding of an app's database structure. If you are unaware of how certain features are used, it will be difficult to know which data should be shown to each type of user.

Ideally, review the DB and the app's user flows. Check where each data type is used in the app's design and logic, and what it is used for. Also look for

Open the tool from the Canvas extension sidebar

Tell the tool how the data should be protected

For the below screenshots, image a Twitter-like microblogging site where users can make short text Posts, start live streams with audio content, and some data is public. All data types can be set to public so logged-out users can see them, or "follower-only" so that only approved followers can see them.

Mark data types as private

For data types that contain any private data, mark them private. The tool will populate these by checking whether there are any privacy rules applied on a data type in order to know whether it should be private. If this tool has already been run on this app, the configuration from the previous test will be loaded here.

Note that in the above example, some data in the types marked as "private" are actually public to logged-out users. If a data type contains any data that is private in any situation, it should be marked as private.

Set up role-based rules

For each data type marked as private, set up the logic for each role. Often, admins will be able to see all data, logged in users will be able to see some data, and logged out users will be barred from viewing most data.

In the microblog example, Standard users can see all data about their own Posts. They can only see Some of the data types, because users can mark their posts as private.

There are often some fields that "everyone else" will never be able to see. Maybe users can see metrics about how many times their owned posts were viewed, which wouldn't be visible to "Everyone else".

In this app, many Users are public to logged out users. The tool will always have an alert if User emails are exposed to logged out users, but it won't automatically flag other fields that might contain private data.

Individual data fields cannot be marked as private within this UI. We only check at the data type level whether things may be exposed.

Checking for data on the individual data fields would be more granular, but more cumbersome for the developer to specify.

Fix bugs and dismiss unimportant alerts

Once you see which alerts are flagged (if any), modify the privacy rules to fix those alerts.

If you determine that an alert doesn't matter or isn't a serious issue, dismiss it and add a note explaining why. Notes will be accessible the next time the tool is run, as long as the same issue is still flagged.

Export a report

In case you'd like to save the results for later, you can export a report which contains some abridged information about your app's privacy rule setup. This report includes the privacy rules for each data type as well as any flagged alerts. Because the tool doesn't work on the data field level, the status of each individual data field's check boxes are not included in this report.