Privacy Policy

Nubecita is a native Android client for the Bluesky social network, built on the AT Protocol. We designed Nubecita to be a quiet, calm reading experience — and that extends to how it handles your data. This policy explains what Nubecita collects, what it does not, and the choices you have.

The short version

• Nubecita does not operate a server that stores your personal data.
• Nubecita signs you into Bluesky using AT Protocol OAuth. Your credentials are entered on Bluesky's own login screen — Nubecita never sees your password.
• Authentication tokens are stored encrypted on your device only.
• Posts, follows, and any account activity live on your Bluesky account at your Personal Data Server (PDS, e.g. bsky.social), not on Nubecita's servers.
• Nubecita uses Firebase Analytics and Firebase Crashlytics (operated by Google) for basic, aggregated usage analytics and crash reporting. Analytics can be turned off in the app's Settings.
• Nubecita contains no advertising and no third-party advertising trackers.
• If you buy the optional Nubecita Pro subscription, payment is handled by Google Play and subscription status by RevenueCat. Your Bluesky identity is never shared with them.

Information Nubecita stores on your device

• OAuth tokens — short-lived access and refresh tokens issued by your PDS, stored in Android's encrypted credential storage and bound to your device via DPoP (Demonstration of Proof-of-Possession).
• Cached content — posts, profiles, images, and videos you have viewed recently, stored locally so the app can render quickly and work briefly offline. You can clear this at any time from Android Settings → Apps → Nubecita → Storage.
• App preferences — your chosen theme, feed selections, your analytics opt-out choice, and similar settings, stored locally on your device.

Analytics and crash reporting

Nubecita uses two Firebase services from Google to keep the app reliable:

• Firebase Analytics collects pseudonymous information about how the app is used — for example, app open events, which screens are viewed, the app version, device model, Android version, language, country derived from your IP address, and a randomly generated app-instance identifier. This information is sent to Google and is used only to understand app health and feature usage. Nubecita does not collect the Android Advertising ID and does not use this data for advertising or personalization.
• Firebase Crashlytics sends a crash report to Google when the app crashes. Crash reports contain technical details such as the stack trace, device model, OS version, app version, the state of the app at the time of the crash, and a randomly generated installation identifier. Crash reports do not include the contents of your posts, messages, drafts, or account credentials.

You can disable usage analytics at any time from the app's Settings screen. When analytics are disabled, Nubecita stops sending analytics events to Firebase from your device.

Google's handling of Firebase data is governed by the Firebase Privacy and Security documentation and Google's Privacy Policy.

Purchases and subscriptions

Nubecita Pro is an optional subscription. The free app collects no purchase data because there is nothing to buy. If you do subscribe:

• Google Play processes the payment. Nubecita never sees or stores your card or payment details.
• RevenueCat (a third-party subscription-management service) validates and tracks your subscription status on our behalf. It receives the Google Play purchase token, a randomly generated, anonymous app-user identifier, and basic purchase metadata (platform, product id, country, and purchase / renewal / expiry timestamps).
• Your Bluesky identity is never shared. Pro is linked only to that anonymous identifier and your Google Play account — not to your Bluesky handle or DID. We do not send your handle, DID, or any post content to RevenueCat or Google Play Billing.
• Aggregate reporting. Subscription events (purchase, renewal, cancellation) may be forwarded from RevenueCat to Firebase Analytics to monitor overall subscription health. These are pseudonymous and are not used for advertising.

RevenueCat's handling of this data is governed by its Privacy Policy. You can cancel anytime in Google Play → Subscriptions; to request deletion of the subscription data RevenueCat holds, contact privacy@nubecita.app.

Information sent to third parties

Nubecita communicates with the following services on your behalf:

• Your Personal Data Server (typically Bluesky's bsky.social). All posting, reading, following, messaging, and notification activity goes through your PDS. Their handling of your data is governed by Bluesky's Privacy Policy.
• Media hosts referenced in posts you view (image and video CDNs, link previews). The host of any embedded content will see your IP address when your device fetches it, the same way a web browser does.
• Google (Firebase Analytics and Crashlytics), as described in the previous section. If you subscribe to Pro, Google Play Billing also processes your payment.
• RevenueCat, for subscription management if you buy Nubecita Pro, as described under "Purchases and subscriptions" above.

All network traffic from Nubecita to these services is sent over HTTPS.

Permissions Nubecita requests

• Internet access — required to talk to Bluesky.
• Photos / media access — only when you choose to attach an image or video to a post. Selected media is uploaded directly to your PDS.
• Notifications — only if you opt in. Notification delivery uses standard Android system facilities and the events you choose to subscribe to on your PDS.

Data security

Nubecita relies on platform protections for the data it holds on your device. OAuth tokens are stored in Android's encrypted credential storage and are bound to your device via DPoP, so an exfiltrated token cannot be replayed from another device. All network requests use HTTPS. Nubecita does not operate any server that holds your personal data, so there is no Nubecita-side account database that could be breached.

Children's privacy

Nubecita is not directed to children under 13. Bluesky's terms set the minimum age for an account; please consult Bluesky's policies for details.

Your choices

• Turn off usage analytics from the in-app Settings screen at any time.
• Sign out at any time from inside the app. Signing out revokes the locally stored OAuth tokens.
• Clear the app's local data from Android Settings → Apps → Nubecita → Storage at any time.
• Uninstall the app to remove all locally stored data.
• Manage or cancel a Nubecita Pro subscription anytime in Google Play → Subscriptions.
• To delete your Bluesky account itself, use the controls provided by your PDS (e.g. on bsky.social).

Open source

Nubecita is open source. You can review exactly what the app does at github.com/kikin81/nubecita.

Changes to this policy

If this policy changes in a material way, the "Last updated" date at the top of this page will change and the revised policy will be posted at this URL before the change takes effect.

Contact

Questions about this policy can be sent to privacy@nubecita.app or filed as an issue on the GitHub repository.