I’m not sure I understand, of course eveything is set up in the app, but I’m talking about privacy roles.
From the manual: https://manual.bubble.is/working-with-data/privacy-and-security.html
Until you set privacy roles, all data created by your users or yourself can be read by anyone. Anyone with some programming skills can view all your app’s data, even if there isn’t a page in your app that explicitly shows the data to users. That’s where privacy roles are important, they guarantee data is only shown to people to meet some criteria. Privacy rules are enforced on the server, which makes them secure.
When you create a new app, all data is open to the public. This is appropriate for things such as comments on a blog, where you want to share it with the world. However, many apps involve users submitting information that you don’t want to share with the world, such as their names and emails, or comments meant only for people they already know. Privacy rules are the tool Bubble gives you to protect that information and make sure it is safe. If you haven’t explicitly created privacy rules for a given thing, then the data is not secure.