I would like to have a “private notes” feature in my app, but I want to assure my users that app admins won’t be able to read their private notes. Is there any way to do this? Thanks.
Hey @bookishguy,
If by “App Admins” you mean other users of your app with some additional admin privileges, then you can do the following:
- set up proper filtering in the list of notesz
- implement additional protection measures with Collections Permissions (Collection Permissions - Adalo Resources, see Other Collection permissions section) - select “Some Logged in User” and choose a relationship to User (who is the owner of the record - I assume here that Note can have only one User who have created it). With this measure record content won’t be returned at all for non-owner user.
If by “App Admins” you mean yourself and other users which have access to your app in Adalo App Builder, then this is becoming more complicated. The issue is that you have access to all records in all collections; so in order to make the notes truly private you will need to store them in an encrypted form. In theory, encryption could be done using a custom action and some 3rd party platform, or you can even store the data in an external database which allows using encryption. The issue here is that app user will have to decrypt the data to view their notes, and will require a private key to do it. This, in turn, will require storing this private key somewhere not in Adalo database, otherwise you will have the possibility to decrypt these notes by yourself.
This could be achieved by creating a custom component or some “hacky” workarounds, but I believe it is beyond no-code approach.
Hope this helps.
Best,
Victor.
Thanks, Victor! Unfortunately, it’s the latter. I can see how that will be complicated for any platform, let alone Adalo. My current plan is to have the user enter a pin (if possible) to see their private notes, which at least should prevent someone who picks up their phone from seeing that note easily - if they are already logged in to the app.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.