← Back to blento

Privacy Policy

Last updated: April 18, 2026

1. Overview

blento is built on the AT Protocol. Your site content lives in your own Personal Data Server (PDS) under your atmosphere account. This policy explains what limited data blento itself handles and how we comply with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Digital-Services Data Protection Act (TDDDG, formerly TTDSG).

2. Definitions

  • AT Protocol (atproto): the open decentralized protocol that the Service is built on. See atproto.com.
  • Atmosphere: the open network of applications and services built on the AT Protocol. Bluesky is one application in the atmosphere; blento is another.
  • Atmosphere account: your identity on the atmosphere, represented by a DID (decentralized identifier) and a handle. You can use the same account across any atmosphere service, including blento.
  • Personal Data Server (PDS): the server that hosts the data for your atmosphere account. It stores your records (including the cards you create on blento) and is the canonical home of your content. You can self-host your PDS or use one operated by a provider.

3. Controller

The controller responsible for processing under Art. 4(7) GDPR is:

Florian Killius
Email: hello@blento.app

We have not appointed a data protection officer; we are below the thresholds of § 38 BDSG. For any data-protection inquiries, contact the address above.

4. Categories of Data and Legal Bases

4.1 Authentication (atproto OAuth)

When you sign in, we initiate an OAuth flow with your PDS. We receive and store, in a session cookie and in server-side session storage, an access token, a refresh token, your DID, and your handle. We do not receive or store your password.

  • Purpose: authenticating you and keeping you signed in.
  • Legal basis: Art. 6(1)(b) GDPR (performance of the service you requested).
  • Retention: until you sign out or the refresh token expires / is revoked.
  • Storage of auth tokens on your device: legally necessary for the service you requested under § 25(2) Nr. 2 TDDDG; no consent required.

4.2 Your DID and handle

Used to load and save your bento grid records from and to your PDS.

  • Legal basis: Art. 6(1)(b) GDPR.
  • Retention: for as long as your account is active.

4.3 Cached content (Cloudflare KV)

To speed up rendering and reduce load on third-party APIs, we cache public PDS records, profile data, and third-party card data in Cloudflare Workers KV. Typical cache lifetimes range from 1 hour (e.g. Last.fm listens, events) to 24 hours (profile and PDS records), up to 30 days for generated Open Graph images. Cached entries expire automatically.

  • Purpose: performance and reduction of third-party API load.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the Service efficiently).
  • Retention: as stated above; expires automatically.

4.4 Server and request logs

Cloudflare, our hosting provider, processes standard request metadata (IP address, user agent, timestamp, URL) for security, abuse prevention, and delivery of the Service. We do not maintain long-term logs ourselves; Cloudflare's default retention applies (typically a few days).

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and reliable service).

4.5 Aggregate analytics

We collect cookieless, aggregate pageview statistics using Cloudflare Workers Analytics Engine. Each pageview records the visited page, a coarse country code derived from the visitor's IP address (the IP itself is not stored by us), and the hostname of the referring website if any. Individual visitors are not tracked across pages or sessions, and no persistent identifier is stored on your device.

  • Purpose: understanding aggregate site usage to guide improvements.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring usage in a privacy-preserving way).
  • Retention: up to 90 days, after which Cloudflare automatically deletes the data.

4.6 Third-party embeds

Cards can embed content from third parties (Bluesky, YouTube, GitHub, Last.fm, map providers, etc.). When a page containing such a card is loaded, the visitor's browser makes requests to those providers, which may process the visitor's IP address and other request metadata under their own privacy policies. We do not control that processing.

5. Recipients and Processors

  • Cloudflare, Inc. (USA) — hosting, CDN, Workers runtime, KV storage. Acts as a processor under Art. 28 GDPR based on Cloudflare's Data Processing Addendum.
  • Your PDS provider (the operator of your atmosphere account's data server) — receives your records when you save them.
  • Third-party card providers (e.g. Bluesky, GitHub, YouTube, Last.fm, map providers) — when embedded, they receive visitor request data directly.

6. International Data Transfers

Cloudflare processes data in the United States and globally. Transfers are safeguarded by:

  • Cloudflare's certification under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023); and
  • EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) as a fallback.

Third-party card providers process data in their own jurisdictions under their respective safeguards.

7. Cookies and Similar Technologies

We use only strictly necessary cookies / local storage entries for authentication (§ 25(2) Nr. 2 TDDDG). We do not use cookies or tracking technologies for analytics, advertising, or profiling. No consent banner is required.

8. Your Rights

Under the GDPR you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure / "to be forgotten" (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR) — including a general right to object at any time, on grounds relating to your particular situation
  • Right not to be subject to automated decision-making (Art. 22 GDPR) — we do not carry out any such processing
  • Right to withdraw consent at any time, where processing is based on consent (Art. 7(3) GDPR) — we currently do not rely on consent for any processing

To exercise any of these rights, email hello@blento.app.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Alt-Moabit 59–61, 10555 Berlin, Germany
www.datenschutz-berlin.de

You may also lodge a complaint with any other supervisory authority, in particular in the Member State of your habitual residence.

10. Data Deletion

Because your site content lives in your PDS, you can delete it directly via any atproto client or by editing your site. Cached copies on our side expire automatically. For account deletion or requests covering data beyond what you can delete yourself, email hello@blento.app.

11. Children

The Service is not directed at children. In Germany, the consent of a holder of parental responsibility is required for children under the age of 16 (Art. 8 GDPR). We do not knowingly process personal data of children under 16.

12. What We Don't Do

  • We do not sell your personal data.
  • We do not run advertising or cross-site tracking.
  • We do not build behavioural profiles of you.
  • We do not carry out automated decision-making in the sense of Art. 22 GDPR.

13. Changes

We may update this policy. Material changes will be announced on this page, and where they materially affect your rights we will give reasonable advance notice.

14. Contact

Questions about this policy? Reach out via:

made with blento
Imprint · Privacy