Privacy Policy
Last Updated: February 24, 2026
Overview
This policy explains how we handle your data and what protections are in place.
What We Store
We store nothing.
bspace does not store any of your data on our servers. All your data is stored directly on your personal data server (PDS) on the AT Protocol network, which you control.
How Your Data Works
When you use bspace:
- Your OAuth credentials are temporary: When you log in with Bluesky, you receive an access token. This token is stored only in your browser's localStorage for the duration of your session.
- All requests are client-side: Every API call to read or write data is made directly from your browser using JavaScript. bspace has no server in the middle inspecting, logging, or storing your requests.
- Your data lives on your PDS: All links, recommendations, and settings are written directly to your personal data server on the AT Protocol network. You own your data.
- Your session is ephemeral: The moment you refresh the page or close your browser, your access token and session are gone. You'll need to log in again next time.
What bspace data looks like
When you make a post or edit your bspace settings the following post types are stored on your AT Protocol personal data server (entirely under your control):
- com.bspace.link records: Your recommendations, links, categories, and descriptions
- com.bspace.rss records: Your RSS feed URLs, titles, and descriptions
- com.bspace.settings records: Your display preferences (which sections to show/hide)
RSS Feed Feature
Important Note on RSS Feed Rendering:
When you use the RSS feed rendering feature (clicking the "RENDER" button), bspace fetches RSS feed content from external sources. To work around browser CORS restrictions, the following happens:
- Primary method: Requests are first sent through a public CORS proxy service (allorigins.win)
- Fallback method: If the public proxy fails, requests are sent through our server's own proxy
- Data exposure: Using the public CORS proxy means that service can see your RSS feed URLs and content while in transit
- Privacy consideration: If you prefer to avoid third-party proxies, the application will automatically use the fallback to our server when the public proxy is unavailable
What we recommend: If you have privacy concerns about RSS feeds being visible to public proxies, consider disabling the RSS feature or contacting us about alternatives.
What We Don't Do
❌ We don't store your data on our servers
❌ We don't track your activity or usage patterns
❌ We don't log API requests or responses
❌ We don't sell or share your data with third parties
❌ We don't require you to create an account with us
❌ We don't use cookies to track you across sessions
Technical Details
bspace Architecture:
- bspace is a static HTML/JavaScript application
- All application logic runs in your browser using JavaScript
- Communication happens directly between your browser and AT Protocol PDS endpoints
- No requests pass through bspace servers
Session Expiry
Your session is tied to your browser session:
- Refresh the page: Your access token is lost, you're logged out
- Close the browser: Your access token is lost, you're logged out
- Clear browser storage: Your access token is lost, you're logged out
- You can manually log out at any time
Your Rights
Because your data is stored on your own AT Protocol PDS:
- You have full control over your data at all times
- You can delete your data anytime by deleting records from your PDS
- You can export your data using AT Protocol tools
- You can use your bspace data with any other AT Protocol application
- You are not dependent on bspace for access to your data
bspace is an independent community project built on the AT Protocol. Not affiliated with Bluesky PBC.