The short version
- Your credentials are stored only on your device — never on any Bsky Dreams server.
- All API calls go directly from your device to bsky.social. There is no Bsky Dreams backend.
- We do not collect analytics, crash reports, or behavioral data of any kind.
- We do not sell, share, or monetize your data.
- Your cross-device preferences are stored in your own Bluesky AT Protocol repository — not ours.
- You can delete all local data by logging out and uninstalling the app.
1. Who We Are
Bsky Dreams is a third-party client for the Bluesky social network, built by Learning is Change. The web app is available at bskydreams.com and the iOS app is available on the App Store.
Bsky Dreams is not affiliated with, endorsed by, or operated by Bluesky Social PBC or the AT Protocol team.
Questions about this policy: ben@bskydreams.com
2. What Data We Collect
Bsky Dreams collects as little data as possible. Here is the complete list:
Account credentials
When you log in, your Bluesky handle and App Password are stored locally on your device:
- Web app: stored in your browser's
localStorage, on your device only. - iOS app: stored in your device's Keychain, encrypted at rest by iOS.
These credentials are transmitted only to bsky.social to create and refresh your session. They are never sent to any Bsky Dreams server (there is none), never logged, and never stored anywhere other than your device.
Session tokens
After a successful login, bsky.social issues short-lived access and refresh tokens (JWTs). These are stored alongside your credentials and used to authenticate API calls. They expire automatically and are refreshed transparently.
Content you create
Posts, replies, images, videos, and direct messages that you compose in Bsky Dreams are submitted directly to bsky.social via the AT Protocol. Bsky Dreams does not retain copies of this content — it lives in your Bluesky AT Protocol Personal Data Server (PDS).
Your preferences and saved searches
Settings like your default feed tab, accent color, saved search channels, and seen-post history are stored in two places:
- Locally: Web app uses
localStorage; iOS app uses SwiftData on-device storage. - Cross-device sync: If you are logged in, preferences and seen-post history are written to your own Bluesky AT Protocol repository under the collection
app.bsky-dreams.prefsandapp.bsky-dreams.seen. This data is stored in your repository on Bluesky's infrastructure — not on any Bsky Dreams server. It is readable by any AT Protocol client you authorize.
What we do not collect
- No analytics or usage tracking of any kind
- No crash reports or error logs sent to us
- No device identifiers (IDFA, IDFV, or similar)
- No IP address logs
- No advertising profiles
- No email address (unless you email us directly for support)
3. Data Summary Table
| Data Type | Collected? | Where Stored | Sent To | Linked to You? |
|---|---|---|---|---|
| Bluesky handle | Yes | Your device only | bsky.social only | Yes |
| App password | Yes | Your device only (encrypted) | bsky.social only | Yes |
| Session tokens (JWT) | Yes | Your device only | bsky.social only | Yes |
| Posts & replies you create | No (not by us) | Your Bluesky PDS | bsky.social only | Yes (public) |
| Photos & videos you upload | No (not by us) | Bluesky CDN | bsky.social only | Yes (public) |
| Saved search channels | Yes | Device + your AT Protocol repo | bsky.social (your own repo) | Yes |
| Seen-post history | Yes | Device + your AT Protocol repo | bsky.social (your own repo) | Yes |
| Accent color / UI prefs | Yes | Device only | Nobody | No |
| Analytics / usage data | No | — | — | — |
| Crash reports | No | — | — | — |
| Advertising identifiers | No | — | — | — |
4. Third-Party Services
Bsky Dreams makes network requests to the following third-party services at runtime. No personal data beyond what is described below is shared with any of them.
bsky.social and api.bsky.chat (Bluesky Social PBC)
All social data — your feed, posts, profiles, notifications, and direct messages — is fetched from and sent to Bluesky's AT Protocol API. Your use of these services is governed by Bluesky's Privacy Policy.
api.klipy.com (Klipy)
Used only when you open the GIF picker. Trending GIF searches are sent to Klipy's API to return GIF results. No account or identity information is included in these requests — only the search term. Governed by Klipy's Privacy Policy.
api.allorigins.win (Web app only)
Used only when generating a link preview while composing a post. The URL you are previewing is sent to allorigins.win as a CORS proxy to fetch Open Graph metadata. No login credentials or personal data are included.
plc.directory
Used by the iOS app when uploading videos to resolve your Bluesky DID document and identify your Personal Data Server. Your DID (a public, non-sensitive identifier) is sent. No credentials are included.
Google Fonts (iOS app only)
The iOS app bundles the Syne and Inter fonts locally — no Google Fonts network requests are made at runtime.
GitHub Pages (web app only)
The web app is hosted on GitHub Pages. GitHub may log IP addresses and request metadata per their standard infrastructure logging. Governed by GitHub's Privacy Statement.
5. iOS App — Specific Practices
Keychain storage
The iOS app stores your Bluesky handle, app password, and session tokens in the iOS Keychain with the kSecAttrAccessibleAfterFirstUnlock protection level. This data is encrypted by iOS and is not accessible to other apps.
Photo library access
The app requests access to your photo library only when you tap the image or video attachment button in the compose screen. Photos and videos you select are uploaded directly to bsky.social. Bsky Dreams does not retain copies.
Camera roll — save to photos
The app requests write access to your photo library only when you explicitly tap "Save to Camera Roll" in the image lightbox viewer. No photos are saved without this action.
Push notifications
If you grant notification permission, the app uses iOS Background App Refresh to check for new Bluesky notifications (likes, replies, follows, mentions) and deliver local notifications on your device. This check contacts bsky.social using your stored session token. No notification content is routed through any Bsky Dreams server — the check is made directly from your device to bsky.social.
Share Extension
The Share Extension (which lets you share images, videos, and URLs from other apps into Bsky Dreams) temporarily stores shared files in an App Group container on your device. This data is read by the main app immediately and then cleared. Nothing is sent anywhere until you explicitly post it from the Compose screen.
Background processing
The app registers for iOS Background App Refresh solely to check for new notifications. No other background activity occurs.
6. Data Retention and Deletion
Deleting local app data
- Web app: Go to Settings → "Forget saved login" to clear your credentials. To clear all local data including saved channels and seen posts, open your browser's developer tools → Application → Local Storage → clear all entries for bskydreams.com.
- iOS app: Go to Settings → Clear Seen Posts to clear your viewing history. To clear all app data including credentials, go to iOS Settings → Bsky Dreams → and delete the app. All Keychain entries are removed on uninstall.
Deleting cloud-synced preferences
Your cross-device preferences stored in your AT Protocol repository (app.bsky-dreams.prefs and app.bsky-dreams.seen) can be deleted via the AT Protocol API or any AT Protocol-compatible tool. We do not have access to delete these records on your behalf — they are in your repository.
Deleting Bluesky content
Posts, images, videos, and messages you have sent through Bluesky are governed by Bluesky's Privacy Policy. You can delete them from any Bluesky client.
7. Children's Privacy
Bsky Dreams is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through this app, please contact us at ben@bskydreams.com and we will take steps to delete it.
8. Security
Because Bsky Dreams has no backend server, there is no central database to breach. Your credentials live on your device and are only ever transmitted to bsky.social over HTTPS.
We recommend using a Bluesky App Password (not your main account password) with Bsky Dreams. App Passwords are scoped, revocable credentials — if one is ever compromised, you can revoke it from bsky.app without affecting your account or other connected apps.
Create or manage your App Passwords: Log into bsky.app → Settings → Privacy and Security → App Passwords.
9. Tracking and Advertising
Bsky Dreams does not track users across apps or websites. We do not use advertising networks, behavioral advertising, or cross-app tracking technologies. There is no analytics SDK embedded in either the web app or the iOS app.
10. Changes to This Policy
If we make material changes to this policy, we will update the "Last updated" date at the top of this page and note the change in the app's release notes. Continued use of Bsky Dreams after changes constitutes acceptance of the updated policy.
The full history of this file is publicly visible in the Bsky Dreams GitHub repository.
11. Contact
Questions, concerns, or requests related to this privacy policy:
- Email: ben@bskydreams.com
- Bluesky: @laserdiscleftist.bsky.social
- GitHub: github.com/bhwilkoff/Bsky-Dreams/issues