Last updated: March 3, 2026
1. Introduction
Babesky operates the websites babesky.com, babesky.app, and babesky.blog (together, “the Platform,” “we,” “us,” or “our”). We provide an adult content creator directory powered by the Bluesky social network, with exclusive tools for Patreon subscribers.
This Platform contains adult content and is intended solely for users 18 years of age or older.
This Privacy Policy explains how we collect, use, store, and share your personal information, and describes the rights you have regarding your data under applicable law including the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
2. Data Controller
Babesky
[email protected]
For privacy-related enquiries, data requests, or complaints, contact us at the address above. We aim to respond to all requests within the timeframes required by applicable law.
If you are located in the EU/EEA or UK and we have not appointed a local representative, you may contact your national data protection authority directly (see Section 12).
3. Information We Collect
3a. Public Creator Profile Data
We collect and index publicly available profile information from the Bluesky social network (AT Protocol) for creators who have a mutual follow relationship with our designated source accounts. This includes:
- Bluesky decentralized identifier (DID), handle, and display name
- Profile avatar and biography text
- Links voluntarily published in the creator’s bio (including links to external platforms such as OnlyFans, Fansly, personal websites, wishlists, and payment pages)
- Follower count, following count, and post count
- Thumbnails and previews of recent publicly posted media
- Bluesky account creation date
- Whether the profile is set to restrict unauthenticated viewers
CCPA category: Identifiers; Internet or other electronic network activity information; Inferences drawn from the above.
This data is sourced from Bluesky’s public API and was voluntarily and publicly published by the creator on the Bluesky network. If your Bluesky profile is set to restrict unauthenticated viewers, your profile will be excluded from our public directory.
If you are a creator listed in our directory and wish to be removed, contact us at [email protected].
3b. Authentication Data (Users Who Sign In With Bluesky)
When you sign in using your Bluesky account, we collect:
- Your Bluesky decentralized identifier (DID), which is a permanent public identifier on the Bluesky network
- Your Bluesky handle
- A session token linked to your session (stored server-side; see Section 7)
We do not store your Bluesky password. Sign-in is handled via Bluesky’s OAuth 2.0 protocol with PKCE and DPoP cryptographic binding.
CCPA category: Identifiers.
3c. Patreon Membership Data (Patreon Subscribers Who Link Their Account)
If you choose to link your Patreon account to verify your subscriber status, we receive the following from Patreon via OAuth:
- Patreon member ID, full name, and username
- Patreon email address (received during the OAuth handshake to verify your identity)
- Membership tier (Supporter, VIP, or Bankroller)
- Subscription status (active, lapsed, or cancelled)
- Most recent charge date (used to calculate a grace period if your subscription lapses)
We do not receive or store your Patreon payment details or billing information.
CCPA category: Identifiers; Commercial information (subscription tier/status).
3d. Promotional Media Submissions (VIP and Bankroller Tier Subscribers Only)
VIP and Bankroller tier subscribers may submit promotional content for potential feature on the Platform. When you submit, we collect:
- Media files you upload (images and/or video, up to 50 MB per file)
- Optional alt text you provide for each file
- An optional external link you provide (e.g., a link to your content platform)
- Optional notes describing your submission
- Your Bluesky DID and handle (captured from your active session)
- Your Patreon member ID (captured from your linked Patreon account)
- Submission timestamp and review status
CCPA category: Identifiers; Audio, electronic, visual, or similar information; Internet or other electronic network activity information.
3e. Technical and Server Data
When you interact with the Platform, Cloudflare automatically logs standard server data including IP address, browser type and user agent, pages accessed, timestamps, and HTTP request/response details. This processing occurs on Cloudflare’s infrastructure.
CCPA category: Identifiers; Internet or other electronic network activity information.
4. Lawful Basis for Processing (GDPR)
This section applies to users in the EU, EEA, and UK.
| Processing Activity | Lawful Basis (Art. 6) | Additional Basis Where Applicable |
|---|---|---|
| Indexing public creator profiles | Legitimate interests (Art. 6(1)(f)) — to provide a publicly useful creator directory | Data manifestly made public by the data subject (Art. 9(2)(e)) |
| Bluesky authentication & session management | Performance of a contract / steps prior to contract (Art. 6(1)(b)) | — |
| Patreon membership verification | Performance of a contract (Art. 6(1)(b)) | — |
| Processing promo media submissions | Performance of a contract (Art. 6(1)(b)) | — |
| Server/technical logs | Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, debugging | — |
Legitimate interests assessment: Where we rely on legitimate interests, we have determined that our interest in providing a creator discovery platform does not override creators’ fundamental rights, given that the data is limited to information creators have voluntarily and publicly published on the Bluesky network. Creators who wish to opt out may request removal (see Section 12).
5. Special Category and Sensitive Personal Information
GDPR (EU/EEA/UK)
Our Platform indexes creators on an adult content directory. The profile data we index is limited to information creators have voluntarily and publicly shared on the Bluesky social network. We rely on Article 9(2)(e) GDPR — data which has been manifestly made public by the data subject — as the basis for processing any data that could reveal information about a person’s sexual life or preferences in this context.
We do not require creators to disclose information about their sexual orientation or preferences, and we do not infer or record such information beyond what creators have chosen to make publicly visible on their own Bluesky profiles.
CCPA/CPRA (California)
Under CCPA, “sensitive personal information” may include data that reveals sexual orientation or sexual activity. We do not independently collect or infer this information. The only data we index in relation to adult content is what creators have publicly and voluntarily published on the Bluesky platform and chosen to associate with their profile.
We do not use sensitive personal information for purposes beyond those necessary to provide the Platform’s core functionality. You have the right to limit the use of your sensitive personal information; see Section 12.
6. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Powering the public creator directory and search | Public Bluesky profile data |
| Authenticating your session on the Platform | Bluesky DID, handle, session token |
| Verifying Patreon subscriber tier and enabling gated features | Patreon membership data |
| Reviewing and potentially featuring submitted promotional content | Promo media submissions |
| Security monitoring, abuse prevention, and debugging | Server logs, IP addresses |
| Calculating featured status and grace periods for Patreon subscribers | Patreon subscription status and charge date |
We do not use your data for advertising, profiling for marketing purposes, or automated decision-making that produces legal or similarly significant effects.
7. Cookies and Session Tokens
We use a single first-party session cookie:
| Cookie | Purpose | Duration |
|---|---|---|
bsky_session |
Maintains your signed-in state after Bluesky authentication | 30 days, refreshed on each visit; deleted on sign-out |
This cookie is HttpOnly (inaccessible to JavaScript), Secure (transmitted over HTTPS only), and SameSite=Lax. It stores only a random session token — no personal data is embedded in the cookie itself.
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. We do not use Google Analytics, Meta Pixel, or similar tracking services.
Cookie consent: This cookie is strictly necessary to provide the signed-in service you request. Under the ePrivacy Directive, strictly necessary cookies do not require separate consent.
8. Sharing and Disclosure of Your Data
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
We may disclose personal information in the following limited circumstances:
Service providers (data processors): We use Cloudflare, Inc. as our infrastructure and hosting provider. Cloudflare processes data on our behalf as a data processor under a Data Processing Addendum. Data processed by Cloudflare includes server logs and stored data (database and media storage).
Bluesky and Patreon: OAuth authentication flows involve data exchange with Bluesky (Hellthread Inc.) and Patreon, Inc. These are direct relationships between you and those services, governed by their own privacy policies.
Legal compliance: We may disclose personal data if required by law, court order, or to protect the rights, property, or safety of the Platform, our users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected users as required by applicable law.
We do not otherwise sell, rent, or share personal information with third parties.
9. International Data Transfers (GDPR)
This section applies to users in the EU, EEA, and UK.
We and our service providers are based in the United States. When personal data from the EU/EEA/UK is transferred to the US, we rely on the following transfer mechanisms:
- Cloudflare, Inc. participates in the EU-US Data Privacy Framework (DPF), certified for transfers from the EU/EEA, and the UK Extension to the DPF for UK transfers.
- Patreon, Inc. — transfers are subject to Standard Contractual Clauses (SCCs) as incorporated in Patreon’s data processing terms.
- Bluesky (Hellthread Inc.) — Bluesky’s AT Protocol is a decentralised public network; profile data you publish on Bluesky is already publicly available globally. Sign-in data is subject to Bluesky’s own transfer mechanisms.
You may request a copy of the applicable transfer safeguards by contacting us.
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Creator profile data | Retained while the creator has an active mutual follow relationship with our source accounts. Soft-deleted (made non-public) if the relationship ends; permanently deleted upon verified removal request. |
| Session tokens | 30 days from last activity, or immediately upon sign-out |
| Patreon membership data | Retained while your Patreon account is linked. Deleted upon unlinking or verified deletion request. |
| Promotional media submissions | Retained indefinitely for operational purposes unless you request deletion |
| Server/Cloudflare logs | Per Cloudflare’s standard log retention policies |
When we delete personal data, we will do so from active systems within a reasonable period. Residual copies may remain in automated backups for a limited time before being overwritten.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Cryptographic session tokens stored in HttpOnly, Secure, SameSite cookies
- OAuth 2.0 with PKCE and DPoP (Demonstrating Proof-of-Possession) for Bluesky sign-in
- HTTPS for all data in transit
- Access controls on database and storage systems
- All API keys and secrets managed via secure environment configuration, never committed to source code
No method of transmission or storage is 100% secure. If you become aware of a security issue, please contact us immediately at [email protected].
12. Your Privacy Rights
Rights for EU/EEA/UK Residents (GDPR / UK GDPR)
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”), subject to applicable legal exceptions.
- Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds.
- Rights related to automated decision-making (Art. 22): We do not carry out automated decision-making that produces legal or similarly significant effects.
To exercise these rights, contact us at [email protected]. We will respond within 30 days (extendable by a further two months for complex requests, with notice to you).
Right to lodge a complaint: You have the right to lodge a complaint with your national data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner’s Office (ICO).
Rights for California Residents (CCPA/CPRA)
California residents have the following rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
- Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information we maintain about you.
- Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required, but you may confirm this by contacting us.
- Right to limit use of sensitive personal information: You may request that we limit our use of sensitive personal information to what is necessary to provide the Platform. Contact us to exercise this right.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, or provide a different level of service based on your exercise of rights.
To exercise these rights, contact us at [email protected] or submit a verifiable consumer request. We will respond within 45 days; we may extend this by an additional 45 days with notice if reasonably necessary.
Authorised agents: California residents may designate an authorised agent to submit requests on their behalf. We may require verification of the agent’s authority before processing the request.
Financial incentives: We do not offer financial incentives in exchange for the collection or retention of personal data.
General Rights (All Users)
- Creators listed in the directory: You may request removal of your profile from our directory by contacting us at [privacy contact email]. We will process removal requests promptly.
- Patreon unlinking: You may unlink your Patreon account at any time via the dashboard. This removes your Patreon membership data from our systems and disables Patreon-gated features.
- Sign-out: Signing out immediately invalidates your session token.
13. Do Not Sell or Share My Personal Information
We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. This applies to all users, including California residents under CCPA/CPRA.
14. Children’s Privacy
This Platform contains adult content and is strictly intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18 years of age. If you have reason to believe a minor has submitted data to us, contact us immediately at [privacy contact email] and we will take steps to delete that information as soon as practicable.
15. Third-Party Links
Our Platform may display links extracted from creator bios (e.g., links to OnlyFans, Fansly, or personal websites). These third-party websites operate under their own privacy policies, and we have no responsibility or liability for their practices. We encourage you to review their policies before interacting with those sites.
16. Changes to This Privacy Policy
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will take reasonable steps to notify users, such as posting a prominent notice on the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.
17. Contact Us
For all privacy requests, data subject rights requests, creator removal requests, or complaints:
Email: [email protected]
Website: https://babesky.com
We aim to acknowledge all requests within 5 business days and resolve them within the timeframes required by applicable law.