Bsky Dreams

Privacy Policy

Last updated: March 2026  ·  Applies to bskydreams.com and the Bsky Dreams iOS app

The short version

1. Who We Are

Bsky Dreams is a third-party client for the Bluesky social network, built by Learning is Change. The web app is available at bskydreams.com and the iOS app is available on the App Store.

Bsky Dreams is not affiliated with, endorsed by, or operated by Bluesky Social PBC or the AT Protocol team.

Questions about this policy: ben@bskydreams.com

2. What Data We Collect

Bsky Dreams collects as little data as possible. Here is the complete list:

Account credentials

When you log in, your Bluesky handle and App Password are stored locally on your device:

These credentials are transmitted only to bsky.social to create and refresh your session. They are never sent to any Bsky Dreams server (there is none), never logged, and never stored anywhere other than your device.

Session tokens

After a successful login, bsky.social issues short-lived access and refresh tokens (JWTs). These are stored alongside your credentials and used to authenticate API calls. They expire automatically and are refreshed transparently.

Content you create

Posts, replies, images, videos, and direct messages that you compose in Bsky Dreams are submitted directly to bsky.social via the AT Protocol. Bsky Dreams does not retain copies of this content — it lives in your Bluesky AT Protocol Personal Data Server (PDS).

Your preferences and saved searches

Settings like your default feed tab, accent color, saved search channels, and seen-post history are stored in two places:

What we do not collect

3. Data Summary Table

Data Type Collected? Where Stored Sent To Linked to You?
Bluesky handle Yes Your device only bsky.social only Yes
App password Yes Your device only (encrypted) bsky.social only Yes
Session tokens (JWT) Yes Your device only bsky.social only Yes
Posts & replies you create No (not by us) Your Bluesky PDS bsky.social only Yes (public)
Photos & videos you upload No (not by us) Bluesky CDN bsky.social only Yes (public)
Saved search channels Yes Device + your AT Protocol repo bsky.social (your own repo) Yes
Seen-post history Yes Device + your AT Protocol repo bsky.social (your own repo) Yes
Accent color / UI prefs Yes Device only Nobody No
Analytics / usage data No
Crash reports No
Advertising identifiers No

4. Third-Party Services

Bsky Dreams makes network requests to the following third-party services at runtime. No personal data beyond what is described below is shared with any of them.

bsky.social and api.bsky.chat (Bluesky Social PBC)

All social data — your feed, posts, profiles, notifications, and direct messages — is fetched from and sent to Bluesky's AT Protocol API. Your use of these services is governed by Bluesky's Privacy Policy.

api.klipy.com (Klipy)

Used only when you open the GIF picker. Trending GIF searches are sent to Klipy's API to return GIF results. No account or identity information is included in these requests — only the search term. Governed by Klipy's Privacy Policy.

api.allorigins.win (Web app only)

Used only when generating a link preview while composing a post. The URL you are previewing is sent to allorigins.win as a CORS proxy to fetch Open Graph metadata. No login credentials or personal data are included.

plc.directory

Used by the iOS app when uploading videos to resolve your Bluesky DID document and identify your Personal Data Server. Your DID (a public, non-sensitive identifier) is sent. No credentials are included.

Google Fonts (iOS app only)

The iOS app bundles the Syne and Inter fonts locally — no Google Fonts network requests are made at runtime.

GitHub Pages (web app only)

The web app is hosted on GitHub Pages. GitHub may log IP addresses and request metadata per their standard infrastructure logging. Governed by GitHub's Privacy Statement.

5. iOS App — Specific Practices

Keychain storage

The iOS app stores your Bluesky handle, app password, and session tokens in the iOS Keychain with the kSecAttrAccessibleAfterFirstUnlock protection level. This data is encrypted by iOS and is not accessible to other apps.

Photo library access

The app requests access to your photo library only when you tap the image or video attachment button in the compose screen. Photos and videos you select are uploaded directly to bsky.social. Bsky Dreams does not retain copies.

Camera roll — save to photos

The app requests write access to your photo library only when you explicitly tap "Save to Camera Roll" in the image lightbox viewer. No photos are saved without this action.

Push notifications

If you grant notification permission, the app uses iOS Background App Refresh to check for new Bluesky notifications (likes, replies, follows, mentions) and deliver local notifications on your device. This check contacts bsky.social using your stored session token. No notification content is routed through any Bsky Dreams server — the check is made directly from your device to bsky.social.

Share Extension

The Share Extension (which lets you share images, videos, and URLs from other apps into Bsky Dreams) temporarily stores shared files in an App Group container on your device. This data is read by the main app immediately and then cleared. Nothing is sent anywhere until you explicitly post it from the Compose screen.

Background processing

The app registers for iOS Background App Refresh solely to check for new notifications. No other background activity occurs.

6. Data Retention and Deletion

Deleting local app data

Deleting cloud-synced preferences

Your cross-device preferences stored in your AT Protocol repository (app.bsky-dreams.prefs and app.bsky-dreams.seen) can be deleted via the AT Protocol API or any AT Protocol-compatible tool. We do not have access to delete these records on your behalf — they are in your repository.

Deleting Bluesky content

Posts, images, videos, and messages you have sent through Bluesky are governed by Bluesky's Privacy Policy. You can delete them from any Bluesky client.

7. Children's Privacy

Bsky Dreams is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through this app, please contact us at ben@bskydreams.com and we will take steps to delete it.

8. Security

Because Bsky Dreams has no backend server, there is no central database to breach. Your credentials live on your device and are only ever transmitted to bsky.social over HTTPS.

We recommend using a Bluesky App Password (not your main account password) with Bsky Dreams. App Passwords are scoped, revocable credentials — if one is ever compromised, you can revoke it from bsky.app without affecting your account or other connected apps.

Create or manage your App Passwords: Log into bsky.app → Settings → Privacy and Security → App Passwords.

9. Tracking and Advertising

Bsky Dreams does not track users across apps or websites. We do not use advertising networks, behavioral advertising, or cross-app tracking technologies. There is no analytics SDK embedded in either the web app or the iOS app.

10. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page and note the change in the app's release notes. Continued use of Bsky Dreams after changes constitutes acceptance of the updated policy.

The full history of this file is publicly visible in the Bsky Dreams GitHub repository.

11. Contact

Questions, concerns, or requests related to this privacy policy: