Privacy Policy
Last updated: June 17, 2026
The short version: SkyPost is a third-party client for the Bluesky / AT Protocol network, available on the web, iOS, and Android. Your posts, follows, and account live on Bluesky — not with us. We collect as little as possible, we don't show ads, we don't use advertising or analytics trackers, and we never sell your data.
This policy applies to the SkyPost web app (skypost.app), the SkyPost iOS app, and the SkyPost Android app (collectively, "SkyPost"). It is published by the developer of SkyPost ("we," "us"). By using SkyPost you agree to this policy.
1. Information stored on your device
Most of your data never leaves your device. SkyPost stores the following locally (in browser storage on the web, or app storage on iOS/Android):
- Your Bluesky login. Your handle and the app password you sign in with are kept on your device to talk to Bluesky on your behalf. We strongly recommend using a Bluesky app password, not your main password. Your password is never sent to or stored on our servers.
- App settings & appearance (theme, fonts, layout, feeds).
- Your content within the app — drafts, scheduled-post drafts, your meme/sticker library, and similar — stored on the device that created it.
Signing out and/or uninstalling the app removes this local data.
2. Information sent to our servers
SkyPost runs a small backend. The only personal data we keep server-side is what's needed for specific features:
- Your Bluesky DID (a public account identifier) — used to look up and store your Pro subscription entitlement, so Pro unlocks across web, iOS, and Android with one membership.
- Push token — if you enable notifications, the device/browser push token is stored solely to deliver notifications to you. You can revoke this any time in your device/browser settings.
- Scheduled posts & tag groups — if you use scheduling or tag groups, those entries are stored (keyed to your DID) so they sync across your devices and can be published at the scheduled time.
To work around browser network restrictions, our backend also proxies some requests (timeline, images, link previews) to the Bluesky API. The content of those requests is forwarded and returned to you; we do not log or retain it.
3. Device permissions (iOS & Android)
The mobile apps request permissions only when needed for a feature you use:
| Permission | Why |
|---|---|
| Photos / Media | To attach images or videos to a post, and to set a background image. |
| Camera | To take a photo/video to attach to a post. |
| Microphone / Camera (Live Rooms) | Only if you join or host a live audio/video room. |
| Notifications | To send you Bluesky activity alerts you've opted into. |
4. AI features (optional)
SkyPost includes optional AI features, such as generating image alt-text. When you choose to use one, the relevant content (e.g., the image you ask to describe) is sent to our processing worker and to Google (Gemini) to produce the result, then returned to you. We do not use your content to train models. AI features can be turned off entirely in Settings, after which no data is sent to any AI service.
5. GIFs
If you search for GIFs, your search query is sent to the GIF provider (Klipy or Giphy, depending on your setting) to return results. Their privacy policies apply to those queries.
6. Live audio/video rooms
If you join or host a live room, your real-time audio/video is transmitted to other participants via LiveKit infrastructure for the duration of the session. Room media is not recorded or stored by SkyPost.
7. Push notifications
Notifications are delivered through the platform push service: Firebase Cloud Messaging (Google) on Android, Apple Push Notification service (Apple) on iOS, and the Web Push standard in browsers. We store only the push token required to reach your device, and only while notifications are enabled.
8. Payments & subscriptions
SkyPost Pro is an optional subscription. Payments are handled entirely by the relevant payment provider — SkyPost never sees or stores your card details:
- iOS: Apple In-App Purchase / App Store.
- Android (Play Store): Google Play Billing.
- Web & direct downloads: Stripe.
We store a record of your entitlement status (active/expired and tier) keyed to your Bluesky DID, plus the processor's subscription/customer identifier, so your Pro status works across your devices. We do not receive your full payment-card number from any processor.
9. Bluesky / AT Protocol
All posts, likes, reposts, follows, and other actions are made directly via the AT Protocol using your own Bluesky credentials, and are governed by Bluesky's privacy policy. SkyPost acts as a client on your behalf and never gains independent access to your account.
10. What we do not do
- We do not show ads or use advertising/analytics tracking SDKs.
- We do not sell or rent your data to anyone.
- We do not store your Bluesky password or your Bluesky content on our servers.
- We do not use cookies for tracking. State is kept in your device's local storage.
11. Data retention & deletion
Local data is removed when you sign out or uninstall. For data we hold server-side (entitlement record, push token, scheduled posts, tag groups), you can request access or deletion at any time:
- Disable notifications to remove your push token; delete scheduled posts/tag groups in-app to remove those entries.
- To request deletion of your remaining server-side data, contact us (below) with your Bluesky handle. Cancelling a subscription is done through the store you purchased it from (Apple, Google Play) or via the Stripe billing portal.
12. Children's privacy
SkyPost is not directed to children under 13, and we do not knowingly collect personal data from them. Because content comes from the Bluesky network, user-generated material may not be suitable for all ages.
13. Your regional rights
Depending on where you live (e.g., the EEA/UK under GDPR, or California under the CCPA/CPRA), you may have rights to access, correct, delete, or port your personal data, and to object to certain processing. We honor these requests — contact us to exercise them. We do not "sell" or "share" personal information as those terms are defined under California law.
14. Third-party services
SkyPost relies on these providers; their own privacy policies apply to data they process:
- Bluesky / AT Protocol — your social account & content
- Google — Firebase Cloud Messaging (push), Gemini (AI features), Google Play Billing (Android purchases)
- Apple — App Store / In-App Purchase & push (iOS)
- Stripe — web/direct payments
- Klipy / Giphy — GIF search
- LiveKit — live audio/video rooms
- Fly.io — backend hosting
15. Changes to this policy
If we make material changes, we will update the date at the top of this page. Continued use of SkyPost after changes constitutes acceptance.
16. Contact
Questions or data requests? Reach out via Bluesky at @skypost.app.