TL;DR
Softr apps are only as secure as your Airtable configuration and Softr visibility rules. Configure user groups to control data access, use conditional visibility on blocks, and ensure your Airtable API connection has appropriate permissions. Don't store highly sensitive data in Airtable without understanding the security implications.
How Softr Security Works
Softr builds apps on top of Airtable data:
- Airtable connection: Uses API key to read/write data
- User authentication: Built-in user management
- Visibility rules: Control what users see
- User groups: Role-based access control
Airtable Security
Your Softr app inherits Airtable's security characteristics:
API Key Security
- Softr stores your Airtable API key/token
- Consider using a dedicated Airtable user for Softr
- This user should have minimal permissions
- Rotate API keys periodically
Airtable Base Configuration
- Don't store passwords or highly sensitive data
- Airtable isn't designed for HIPAA/PCI compliance
- Consider what happens if the base is accessed
Important: Airtable is a spreadsheet database, not a secure data store. Don't store passwords, social security numbers, or financial data without additional encryption and compliance measures.
User Authentication
Configure Softr's built-in authentication properly:
User Groups
- Create groups for different access levels
- Assign users to appropriate groups
- Use group-based visibility rules
- Regularly review group memberships
Authentication Settings
- Enable email verification
- Configure password requirements
- Set appropriate session timeouts
- Consider enabling Google/social login with MFA
Visibility Rules
Control what data users can access:
Block-Level Visibility
- Configure visibility for each block
- Filter data by logged-in user
- Use conditions to show/hide content
- Don't rely on hiding alone for security
Page-Level Access
- Restrict pages to specific user groups
- Configure redirect for unauthorized users
- Test access with different user types
Testing tip: Create test accounts in each user group and verify they can only see appropriate data. Check both the UI and browser network requests.
Data Filtering Best Practices
- Filter lists by user email or user ID
- Use linked records for ownership relationships
- Always filter at the query level, not just UI level
- Test filters with different user accounts
Security Checklist
- Dedicated Airtable account for Softr connection
- User groups configured for access control
- Visibility rules on all blocks with sensitive data
- Page access restricted by user group
- Email verification enabled
- No highly sensitive data in Airtable
- Testing completed with different user types
Is Softr secure for business applications?
Softr can be secure when properly configured. Security depends on your Airtable base permissions, Softr visibility settings, and user group configuration. Always configure conditional visibility and user permissions for sensitive data.
Can users see data they shouldn't in Softr?
Yes, if not properly configured. Softr's visibility rules and user groups must be set up to filter data. Don't rely on just not showing data in the UI. Configure proper filters so unauthorized data is never sent to the browser.
How does Softr connect to Airtable?
Softr connects to Airtable using an API key or personal access token. This connection has the permissions of the Airtable user. Consider using a dedicated Airtable account with minimal permissions for Softr connections.
Is Airtable secure enough for my data?
Airtable is secure for general business data. For highly sensitive data (PII, financial, health), consider whether Airtable meets your compliance requirements. Don't store passwords or unencrypted sensitive data.