Thanks so much for raising this @erit, it’s a really important question and I completely understand the concern 
Data security and permissions are something we take extremely seriously at Tape, so let me walk you through how this actually works.
First, the key thing to understand: publishing an app does NOT mean it becomes publicly visible on the web. It won’t show up in search engines, it can’t be found by crawlers, and it’s not “public” in that sense at all.
What publishing actually does is generate a share link that only users with Full Access or Can Share permissions can see and distribute. Think of this link as a secret key embedded in the URL. Only people who already have a permission level that would allow them to share the app’s content anyway can access or pass along this link. So there’s no new security exposure created by publishing. And if you ever unpublish the app, the link becomes invalid immediately, access is revoked right away, just like when you remove someone from an app or workspace.
This is actually the same reason we require apps to be published before their records show up in relation pickers. Without this, a user could potentially leak information from an app they don’t have permission to access, which would be a privacy leak. The publishing step acts as a deliberate safeguard to make sure permissions are respected consistently.
In practice, it’s a symmetric permission concept: you already control which fields in related records are visible in forms, and you could also configure the relation picker or relation cards to show all available fields.
I hope this gives you the confidence to use publishing for your Vacancies app without worry. Your sensitive data (like whether a vacancy is filled, closing dates, internal documents) stays protected by your permission settings regardless.
Let me know if you have any other questions!
Cheers,
Leo