Privacy Policy

Last updated: April 4, 2026

1. Information We Collect

Account information: When you log in via AT Protocol OAuth, we receive your DID (decentralized identifier), handle, and access tokens. We do not receive or store your password.

Content you create: Lists, items, and other records you create are written to your AT Protocol PDS and indexed locally to provide the Service.

Automatically collected: We collect IP addresses, User-Agent strings, and request metadata in server logs for security monitoring and abuse prevention.

2. How We Use Your Information

3. Data Storage and Security

Access tokens and cryptographic keys are encrypted at rest using AES-128 symmetric encryption. Session cookies are signed, HTTP-only, and transmitted only over HTTPS.

Your content data is stored on your AT Protocol PDS (controlled by you) and cached in our database for display purposes.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties. We may disclose information if required by law or to protect the safety of our users.

5. Data Retention

Session data is retained while your account is active and deleted upon logout. Server logs are retained for a limited period for security monitoring and are automatically rotated.

Since your content lives on your AT Protocol PDS, you can delete it at any time through any AT Protocol client.

6. Your Rights

You can:

7. Cookies

We use a single session cookie to maintain your login state. We do not use tracking cookies or third-party analytics.

8. Changes to This Policy

We may update this policy at any time. Changes will be reflected by the "Last updated" date above.

9. Contact

For privacy-related questions, contact us via our Bluesky account or open an issue on our project repository.

Registry[.]Blue
Terms of Service Privacy Policy Image by freepik