Low-code platform: secure from the start, not after the fact
Protect your data from critical vulnerabilities. ondeva is the low-code platform built with Security by Design – and everything else you wished Bubble had.
Get a free assessment
What is the recently surfaced Bubble vulnerability?
A recent disclosure revealed that misconfigured Bubble apps could expose entire databases without authentication.
- Extract entire databases
- Bypass security controls like query sanitization
- Target any Bubble.io app using default configurations
In their response, Bubble asked users to check their privacy settings. Bubble follows a “shared responsibility” model: they provide the tools, but it’s up to each app builder to set up the proper privacy rules. In simple terms, privacy rules are the only thing that protects the app’s data. If they’re set up correctly, your data is safe. If not, it’s exposed.
What is security by design and why it matters?
Security by Design means building security into the core of the platform.
- Data is inaccessible unless explicitly shared
Developers must actively choose to expose data, drastically reducing the chances of accidentally leaving it open to the public. - Minimize risks from misconfigurations
You can avoid errors and mishaps when setting privacy rules. By designing security into the platform's core, we reduce the number of critical decisions developers have to make. Fewer decisions = fewer mistakes. - Aligns with GDPR standards
Privacy regulations like GDPR, HIPAA, and CCPA require that personal data be handled securely, often mandating that access be restricted by default. - Developers can focus on building, not patching
When the system is designed with security in mind, developers can build and launch faster without the checklists, obscure privacy rules, and exposed endpoints.
Common security challenges in Low-Code Platforms
Approximately 88% of cybersecurity breaches are caused by human error, emphasizing the need for systems that minimize manual security configurations.
Here are the main challenges of low-code platforms:
Unclear or complex privacy rules and settings
Complex privacy setting rules often cause developers to leave sensitive data open unintentionally.
- Many platforms rely on developers to manually set privacy rules.
- Users are often given broader permissions than needed.
Tech limitations and blind spots
There are platform-level gaps in infrastructure or monitoring capabilities.
- Exposed APIs for frontend data access that can be used to extract large datasets.
- Suspicious access activity can go unnoticed.
Why companies choose ondeva
We have a proven track record in developing software for German-based organizations requiring strict compliance, including public services, NGOs, and government banks. Plan, design, develop, and maintain software more quickly and cost-effectively:
Data safety & compliance
We use Security by Design principles, and your data is not accessible by default. There are no accidental leaks, and no privacy rules must be set up manually. We ensure all software on our platform is GDPR-compliant and data is safely managed.
Rapid app development
Why code from scratch when you can drag and drop flexible low-code components to get there sooner? ondeva aligns with Gartner’s continuous modernization framework, allowing you to quickly unify data across all points.
Integration everywhere
Manage API integrations, data points, and workflows in one place. Move records to the cloud, extend systems, or bring all the tools in your stack together. Work with the confidence that you won’t have to start elsewhere.
Leading in data security and compliance since 2015: Client stories
Meet the companies that operate and digitize their services with ondeva.
From the start, the start-up platform was envisioned as a large-scale project built with ondeva. It was a complete success!
"Our giant baby performs and scales"
Claudia Menz, CEO Gründerplattform
An NGO can now compile complex data independently, flexibly, and in a clear manner - without development resources.
“You've finally freed us from Excel!”
Internationally operating NGO
ondeva helped us create web applications and tools for startups and the self-employed in weeks instead of months!
“Delivering digital tools is easy as 123"
Benjamin Wölfing / AC, Everest
From design to deployment in 4 simple steps
ondeva can build apps and workflows 5 times faster and cheaper.
Step 1: Assess
We analyze your project, your expectations, and requirements
Step 2: Build
We develop the software in line with your requirements and budget using our proprietary low-code platform.
Step 3: Deploy
We continuously deploy and integrate, starting with the most essential features.
Step 4: Manage
If needed, we provide support post-release and build a long-term partnership with your non-technical users.
We’ll guide you along the way
Kickstart your project by building a strategic partnership with ondeva.
Schedule a call with Frank, our CEO, to learn about our offer.
Best practices for cloud security
These are the practices adopted across the industries for data security:
Zero Trust Architecture
In a Zero-Trust model, no user or system - whether inside or outside the network - is automatically trusted.
Least Privilege Access
Users and systems should be granted the minimum level of access necessary to perform their roles.
Encryption
Encryption turns readable data into unreadable code that requires a secret key to decrypt.
Regular Audits
Audits involve systematic reviews of your security posture, configurations, and access logs.
Unlock strategic risks and opportunities
Rapid development of risk management software with ondeva:
Visual setup
Design pages, construct backend logic, data tables, and APIs visually with no code required. With a visual builder, you can deploy your app faster. Everything from logic flows to automations is developed in a simple visual way.
Continuous integration & delivery
Your application is always up-to-date and ready to be deployed without the need to manage multiple development environments.
Gen AI-powered tools
Populate web pages with AI-generated content and images. Build AI apps, offering new ways to interact with your app through LLM and NLP. This dual benefit speeds up development and enhances user experience.
Choose any front-end stack
You can choose any coding framework or technology to build your app. Enjoy full flexibility and control of user experience, while the development platform handles all the infrastructure tasks.
Manage data in the cloud
A powerful data service to help you get started faster. Upload datasets, build tables, and manage data in compliance with GDPR. On the front end, you can provide dynamic data updates to users via graphics, maps, and CSV downloads.
Collaboration
Add team members and build collaboratively. You can assign roles and define the visibility of the app’s areas. Coordinate tasks in your team based on each member’s development or business experience.
Bubble didn’t work for you? See ondeva in action
Kickstart your project by building a strategic partnership with ondeva.
Schedule a call with Frank, our CEO, to learn about our offer.
ondeva and data security in low-code platforms FAQs
Find answers to the most common questions about ondeva and system integration.
Security by Design means that security is baked into the platform from the very beginning. This means that all data is private by default, developers must explicitly expose data to make it public, and misconfigurations of privacy settings do not lead to vulnerabilities.
The Bubble incident highlighted a key issue: users can be inattentive to privacy rules and configure these settings incorrectly. ondeva takes a different approach: we use Security by Design — your app’s data is secure even before you touch any settings.
Sensitive data isn’t exposed unless you deliberately choose to expose it. We believe platforms should make it hard to get security wrong — and that’s exactly what we’ve built.
Yes, absolutely. We can help you migrate by importing data and API connectors, rebuilding key workflows using our visual builder, and designing the interfaces and pages. This will give you a fresh start with stronger security and performance from day one.
