Mastodon vs Bluesky

Followers-only and direct posts may be stored on other servers, and the policy warns that server operators or recipients may view, screenshot, copy, or resh​are them. In practice, these messages are not treated as truly private.

The service records your login IP address and says the latest IP address used may be stored for up to 12 months. That is a meaningful amount of identity-linked metadata retention.

The policy says Mastodon does not sell or trade your personal information. That reduces the risk of ad-tech style sharing or monetization of your data.

You can request and download an archive of your content, including posts, media, and profile images. This makes it easier to back up your data or move on from the service.

The policy says you may irreversibly delete your account at any time. That gives users a clear exit path, though deletion is permanent.

Cookies are used to recognize your browser and associate it with your account, as well as save preferences. This is standard, but it does mean persistent browser tracking on the site.

Server logs containing IP addresses are retained, if kept at all, for no more than 90 days. That is a relatively limited retention period for operational logs.

Your information may be used for moderation, including checking for ban evasion by comparing IP addresses. This is a normal platform operation, but it means account and network activity are used for enforcement.

Direct messages are not end-to-end encrypted and may be accessed for trust and safety purposes. Users should not treat Bluesky DMs as highly confidential communications.

Posts, profile, likes, follows, and blocks are public by design. This makes social graph and activity data broadly visible rather than private by default.

Even if you delete your account, copies of your content may remain on other services using the AT Protocol. In practice, deletion across the decentralized network may not be fully enforceable.

Most disputes must go through a 60-day informal process and then binding individual arbitration instead of court. This usually makes it harder to bring claims publicly or use normal court procedures.

Users generally cannot participate in class or representative actions against Bluesky. That reduces leverage for small-value claims that are impractical to pursue individually.

Bluesky says it does not sell or share personal data for targeted advertising. That's a meaningful privacy-positive commitment compared with many social platforms.

Depending on location, users can request access, correction, deletion, portability, restriction, objection, and review of automated decisions. These are substantial privacy rights, especially for users in stronger-regulation jurisdictions.

You keep ownership of what you post, but grant Bluesky a worldwide, royalty-free license to reproduce, adapt, distribute, display, moderate, and promote that content. This is broad enough to cover product use and marketing uses.

Bluesky keeps data while your account is active and may retain it longer for trust and safety, disputes, audits, legal compliance, and claims. The policy does not give firm deletion deadlines for many categories.

If something goes wrong, Bluesky's financial liability is generally limited to US$100, except in narrow cases like fraud, gross negligence causing death or personal injury, or non-waivable statutory rights.

The terms explicitly say you can delete your account at any time in settings. A built-in deletion flow is more user-friendly than requiring manual support requests.

If your account is suspended or restricted, you can appeal using an in-app tool or email within two weeks. EU/EEA users also retain access to out-of-court review and local courts.