SkyPost ← Back to app

Privacy Policy

Last updated: June 2, 2026

SkyPost is a client for the Bluesky / AT Protocol network. This policy explains what data we handle and how.

What we collect

SkyPost collects as little as possible:

What we do not collect

Server-side proxying

SkyPost runs a backend proxy to work around browser CORS restrictions when fetching your timeline, images, and link previews. These requests are forwarded directly to the Bluesky API (bsky.social) and the responses are passed back to your browser. We do not log or store the content of those requests.

Bluesky / AT Protocol

All posts, likes, reposts, and follows are made directly via the AT Protocol using your own Bluesky credentials. SkyPost acts as a client on your behalf; it never gains independent access to your account.

Push notifications (optional)

If you enable push notifications, your browser's push subscription endpoint is stored on our server solely to deliver notifications to you. You can revoke this at any time in your browser settings or the SkyPost notification settings.

Payments (optional)

Payments are processed by Stripe. SkyPost never sees or stores your full card number. Stripe's privacy policy applies to payment data: stripe.com/privacy.

Cookies

SkyPost does not use cookies. Session state is stored entirely in your browser's localStorage and IndexedDB.

Children's privacy

SkyPost is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

If we make material changes, we will update the date at the top of this page. Continued use of SkyPost after changes constitutes acceptance.

Contact

Questions? Open an issue or reach out via Bluesky: @skypost.app.