Skip to main content
Sifa Docs

Privacy and data

What's public, what's on your provider, what's in Sifa's database, and what happens when you delete. The full picture of where your data lives and who can see it.

Sifa is a professional network, so the design assumption is "people will look at this." Your profile is public by default. The full picture of where data lives and who can see it has more nuance though. This page is the reference.

What's public

Your profile, by default, is fully public. That means:

  • Anyone with the URL can view it. No login required.
  • Search engines index it (it's in the sitemap).
  • AI agents and crawlers can read it. The page returns 200 to anyone.
  • Logged-out humans see the same thing logged-in humans see. No "hide some fields from non-members" mode.

This is on purpose. A portable professional profile only works as a public reference, somewhere you can link to from your CV, your email signature, your conference bio. If you wanted half-public, LinkedIn already does that.

Want to keep something private? Leave it off your profile. Records you don't create can't be displayed.

What's not public

Some things you do on Sifa aren't surfaced on your public profile:

  • Likes / reposts / follows. These get written to your provider but Sifa doesn't render them on your profile. See Activity feed for which record types Sifa treats as "Did" rather than "Made".
  • Drafts in the profile editor before you save.
  • Blocks and mutes. Stored on your account, used by Sifa to filter what you see, but not surfaced on your profile.

A heads-up though: just because Sifa doesn't render them doesn't mean they're secret. Many of these (likes, follows, blocks) are written to your provider as standard AT Protocol records and are visible to any other Atmosphere app that wants to look. The privacy story comes from the protocol, not from Sifa.

Where data lives

DataWhere it livesWho can read it
Your profile records (id.sifa.profile.*)Your provider's PDSThe public (records are publicly readable on AT Protocol)
Your posts, follows, etc. (app.bsky.*)Your provider's PDSThe public
Your endorsements (id.sifa.endorsement)Your provider's PDSThe public
Sifa's index of all the aboveSifa's database (the AppView)Anyone making API requests; rendered on the public profile
Your OAuth session tokenSifa's database, hashedOnly Sifa's server; expires periodically
Email address (if you provided one)Sifa's database, encrypted at restOnly Sifa's server; never displayed; used for transactional email
Analytics on your visitsSifa's database (aggregate only); GlitchTip for error monitoringSifa's team

The AppView is a cache, not the source of truth. Delete a record from your provider and the AppView removes it from its index within seconds (via the firehose). Sifa doesn't retain copies after deletion.

What Sifa stores beyond your records

Sifa's own database holds things that aren't AT Protocol records:

  • Session tokens (hashed) so you stay logged in.
  • OAuth grant metadata so Sifa knows what you authorised.
  • Anti-abuse signals: rate-limit counters, sybil-detection scores, moderation labels. Private to Sifa.
  • Analytics: page-view counts, search-query frequencies. Aggregated only. No per-user logs of "Alice viewed Bob's profile."
  • Error monitoring: when a request fails, Sifa sends a Sentry-compatible error report to its GlitchTip instance. Reports may include the page URL and an error stack trace. PII is stripped before send.

None of this is exposed via the public profile. None of it leaves the Sifa AppView's database. No third-party trackers, no advertising pixels, no Google Analytics.

Deleting things

Three levels of "delete":

Delete one record. Open the item in your profile editor and remove it. The id.sifa.profile.* record is deleted from your provider. The AppView sees the deletion on the firehose and removes it from your profile within seconds.

Delete everything Sifa-specific. Account settings has a delete-Sifa-data button that walks all id.sifa.* collections on your account and removes each record. Your underlying Atmosphere account (Bluesky, Eurosky, etc.) is untouched. Only the records in the Sifa namespace go.

Delete your Atmosphere account. This is a provider-level action. You do it on your provider's settings page, not on Sifa. Your DID is deactivated, all your records (across all apps) are released. Sifa's AppView sees the deactivation and stops rendering your profile.

The first two are reversible: re-add the data and it's back. The third is irreversible after a grace period that varies by provider.

What survives if you leave Sifa

If you delete your Sifa-specific records but keep your Atmosphere account:

  • Your Sifa profile (https://sifa.id/p/<handle>) returns 404 once the id.sifa.profile.self record is gone.
  • Your AT Protocol identity (DID, handle, all other records) is untouched.
  • Endorsements other people gave you are owned by their provider. They don't disappear from those accounts when you leave Sifa.

What survives if Sifa shuts down

If Sifa as a company / project goes away:

  • Your id.sifa.* records stay on your provider, fully readable, indefinitely.
  • The sifa.id website goes dark, so the profile URLs stop loading.
  • The AT Protocol lexicons we published (id.sifa.*) remain valid open schemas. Any other app can adopt them and render the same records, so a successor profile site can read your existing Sifa data without you doing anything.
  • The lexicon repo (singi-labs/sifa-lexicons) is MIT-licensed and would persist as long as GitHub does.

That's the "your data isn't held hostage" promise, made concrete.

Requesting your data

No need to request it. It's already on your provider, where you have direct access. See Your data on a provider for how to inspect or export it via pdsls.dev or the AT Protocol API.

Need a copy of any Sifa-side metadata (session logs, analytics) for compliance reasons? Open an issue or email the team. EU users have GDPR rights of access and erasure. We honour both.

Want to go deeper

Move your account to another provider

Migrate your Atmosphere account from one provider to another without losing followers, posts, profile data, or Sifa records. Browser tools and CLI options.

On this page

What's publicWhat's not publicWhere data livesWhat Sifa stores beyond your recordsDeleting thingsWhat survives if you leave SifaWhat survives if Sifa shuts downRequesting your dataWant to go deeper