Privacy Policy

Last updated: January 6, 2026

What Data We Collect

When you use ATProto Heatmap to visualize your activity, we collect and store the following information:

  • Your Bluesky handle (e.g., @username.bsky.social)
  • Your Decentralized Identifier (DID)
  • Your public profile information (display name, avatar, bio)
  • Your public post records including:
    • Record URIs
    • Timestamps
    • Collection types (posts, replies, likes, reposts, etc.)
  • Aggregated activity counts

How We Use Your Data

Your data is used solely to:

  • Generate your activity heatmap visualization
  • Display collection breakdowns and statistics
  • Cache data to improve performance and reduce API calls
  • Generate Open Graph preview images for social sharing

Data Source

All data collected is already publicly available via the AT Protocol (ATProto) network. We do not access any private or non-public information. The data is retrieved using standard ATProto APIs that any application can use to access public posts and profiles.

Opting Out of Public Indexing

ATProto Heatmap respects the AT Protocol's standard opt-out mechanism for public indexing. If you have applied the !no-unauthenticated label to your Bluesky profile, our service will not collect or display your data.

To opt out of public indexing services like ATProto Heatmap:

  1. Apply the !no-unauthenticated label to your Bluesky profile
  2. This label indicates you do not want unauthenticated access to your data
  3. Services that respect this label (including ATProto Heatmap) will not index your profile

If you have already been indexed and apply the label afterward, you can also use the "Reset Data" feature to remove your cached data from our system.

Data Retention

Your data is stored indefinitely to provide fast access to your heatmap. However, you have the right to request deletion of your data at any time.

Your Rights

Under GDPR, CCPA, and similar privacy regulations, you have the following rights:

  • Right to know: You can see what data we've collected about you
  • Right to deletion: You can request deletion of your cached data
  • Right to opt-out: You can choose not to use this service

How to Delete Your Data

To delete your cached data from our system:

  1. Visit your profile page on ATProto Heatmap
  2. Click the menu button (three dots) in the profile header
  3. Select "Reset Data" or "Delete My Data"
  4. Confirm the deletion

This will permanently remove all cached data associated with your handle from our database.

Data Security

We use industry-standard security practices to protect your data:

  • Data is stored in secure, encrypted databases (Supabase/PostgreSQL)
  • All connections use HTTPS encryption
  • Access to data is restricted and logged

Third-Party Services

We use the following third-party services:

  • Supabase: For database hosting and storage
  • Netlify: For hosting and serverless functions
  • AT Protocol Network: For fetching public data

These services have their own privacy policies which govern how they handle data.

Analytics

We do not use any analytics or tracking services. We do not collect any information about your browsing behavior beyond what's necessary to provide the heatmap service.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.

Contact

If you have any questions about this privacy policy or wish to exercise your rights, please contact us through the GitHub repository for this project.

Back to Home