Privacy Policy

Skyposter lets people connect a Bluesky account through ATProto OAuth and publish approved image posts through the official API.

We do not collect Bluesky passwords. Access is granted through Bluesky's authorization flow and stored only on the server.

When you connect a Bluesky account, we may store:

• your Bluesky handle, DID, avatar, and profile metadata;
• OAuth state and session data needed to publish posts;
• post text, tags, media count, and publishing result metadata;
• operational logs needed to diagnose publishing issues.

We use this information only to:

• connect and verify Bluesky accounts;
• publish approved posts to connected Bluesky accounts;
• refresh OAuth access when needed;
• debug failed publishing requests.

We do not sell connected account data, run advertising profiles, or use it for unrelated purposes.

Skyposter uses ATProto OAuth scopes such as atproto and transition:generic so the app can act only as the account that approved access.

OAuth state and session data are stored on the server and encrypted before being saved. They are never exposed to browser JavaScript.

Production infrastructure should run over HTTPS, and access should be limited to authorized operators.

Disconnecting removes stored OAuth session data for the connected Bluesky account from Skyposter. Published Bluesky posts are not deleted by disconnecting.

For questions about this Privacy Policy or connected account data, contact Skyposter at help@bskyposter.xyz.