Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict how Bluesky uses it.
This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are meaningful tools for users to manage their personal data, but they are qualified by the phrase 'depending on what laws apply,' meaning the rights available to you depend on your jurisdiction and may not be universally available to all Bluesky users.
Interpretive note: The practical scope of deletion rights is uncertain given the AT Protocol's decentralized architecture; the policy does not address the extent to which Bluesky can remove content from third-party network nodes.
Users in the EU, UK, California, Brazil, and other jurisdictions with privacy rights laws can request access to, correction of, or deletion of their personal data from Bluesky by contacting privacy@bsky.app, though the practical scope of deletion rights may be limited by the decentralized AT Protocol architecture.
How other platforms handle this
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to access your personal information, the right to correct inaccurate data, the right to delete your data, the right to portability, the right to object to processing, and ...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Your Privacy Rights. Depending on what laws apply to your Personal Data, you may have the right to: Request Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the "right of data portability"); Request Correction of your personal information where it is inaccurate, incomplete, or outdated. We may provide self-service tools for you to update your personal information; Request Deletion, Anonymization or Blocking of personal information including when processing is based on your consent, or when processing is unnecessary, excessive or noncompliant (also known as the "right to be forgotten"). Request to Opt-Out of Certain Processing Activities if we engage in certain data processing activities that give you a right of opt-out under applicable privacy laws; Request Restriction of or Object to our processing of your personal information; Withdraw your Consent to our processing of your personal information.— Excerpt from Bluesky's Bluesky Privacy Policy
(1) REGULATORY LANDSCAPE: This provision reflects rights under GDPR Articles 15-22 for EU/EEA users, UK GDPR equivalents, CCPA/CPRA rights for California residents, LGPD rights for Brazilian users, and equivalent provisions under other applicable state privacy laws. The qualification 'depending on what laws apply' is legally accurate but creates a two-tier user rights framework based on jurisdiction. Relevant enforcement authorities include EU national DPAs, the UK ICO, Brazil's ANPD, and California's Privacy Protection Agency. (2) GOVERNANCE EXPOSURE: Medium. The rights are broadly stated and consistent with applicable law, but the interaction between deletion rights and the AT Protocol's decentralized architecture creates a practical enforceability gap that is not addressed in this provision. The document's reliance on 'depending on what laws apply' means users in jurisdictions without strong statutory rights may have limited recourse. (3) JURISDICTION FLAGS: EU and UK users have the most comprehensive statutory rights under GDPR and UK GDPR. California residents have CCPA rights including deletion, portability, and opt-out of sale. Users in states without specific privacy legislation may have limited enforceable rights. The jurisdictional dependency of rights access creates potential for inconsistent user experience. (4) CONTRACT AND VENDOR IMPLICATIONS: Data subject rights workflows must be coordinated across all processors and subprocessors receiving personal data. The policy's statement that Bluesky 'may provide self-service tools' for correction suggests that not all rights are currently exercisable through automated means, which may affect response time compliance under GDPR's one-month obligation. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a documented data subject rights response process with tracked response times to meet GDPR's one-month deadline. The interaction between deletion requests and AT Protocol distributed data should be documented in user-facing communications and internal procedures. Self-service tools for data correction and portability should be audited for completeness and accessibility.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are meaningful tools for users to manage their personal data, but they are qualified by the phrase 'depending on what laws apply,' meaning the rights available to you depend on your jurisdiction and may not be universally available to all Bluesky users.
Users in the EU, UK, California, Brazil, and other jurisdictions with privacy rights laws can request access to, correction of, or deletion of their personal data from Bluesky by contacting privacy@bsky.app, though the practical scope of deletion rights may be limited by the decentralized AT Protocol architecture.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.