Skip to main content

Trust and data

You don't have to trust us with your data, because we don't hold it. Your identity and records live in your own data server. Here's what Sifa ID runs, where, and how.

How trust works here

On most networks you hand your data to a company and hope they look after it. Sifa works the other way around. Your identity and your records live in your own data server on AT Protocol, the open network Bluesky also runs on. They're yours, wherever you go.

Sifa is an app that reads and aggregates your public records and writes new ones only with your permission. Trusting Sifa isn't handing over custody, because the data was never ours to hold. Leave whenever you like and it comes with you.

What we store, and what we don't

Your canonical profile lives in your data server, not our database. To keep search and your profile pages fast, Sifa keeps a derived index of public records, plus a few things that have to live with us: your notification settings, notes you write about people, and short-lived caches (5 to 15 minutes) that are never written to the database. We don't build advertising profiles, and we don't process special-category data.

At a glance

Sub-processors

The only third parties that process your personal data for us. Both are in the EU.

ProviderPurposeLocation
HetznerHosting (servers and database)Germany
ScalewayTransactional email (only if you turn on notifications)France

What we run ourselves

Open-source software on our own servers in Germany. No CDN, no third-party telemetry.

  • PostgreSQL Database
  • Valkey Cache
  • Caddy Reverse proxy and TLS
  • Umami Analytics, cookieless and self-hosted
  • GlitchTip Error monitoring, self-hosted

Security

  • Encrypted in transit. HTTPS everywhere, with HSTS preloaded for two years.
  • No passwords to leak. You sign in with AT Protocol OAuth, so we never hold a password. Your session is an opaque, httpOnly cookie.
  • Hardened responses. Content-Security-Policy, X-Content-Type-Options, Referrer-Policy and a strict Permissions-Policy on every response.
  • Rate limiting and CORS. Requests are rate-limited, and cross-origin access is restricted to known origins.
  • Validated and sanitized. Every API input is validated with Zod, and user content is sanitized with DOMPurify.
  • Monitored and backed up. Errors go to self-hosted GlitchTip, and data is backed up daily.

How long we keep things

DataKept for
Unclaimed profilesCached up to 5 minutes, never written to our database
Your profile and activityKept until you delete it
Server logsAt most 30 days
Consent records3 years after deletion (legal obligation)

Sifa also relies on public AT Protocol infrastructure run by others (relays and identity services). Every dependency, dataset, and open-source project is listed on our credits page.

Open where it counts

The schemas that define your Sifa data and the SDK that reads them are open source (MIT), so anyone can check how your data is structured and used. The apps themselves (this website and the backend) aren't open source yet. It all lives on our GitHub.

Your rights and control

  • Export everything, any time, for free: download your data.
  • Delete your account and the data we hold: account settings.
  • Control how discoverable you are: privacy settings.
  • Take your profile to another app: it's portable by design, no export-and-reimport needed.

For the full legal detail (legal bases, retention, and how to reach us), see our privacy policy and terms.

Who runs Sifa

Sifa is built by Singi Labs in the Netherlands. Not a faceless brand: you can see who's behind it and what we're building on our about page.

Found a security issue? Email us at security@sifa.id and we'll take a look.

Last updated July 2026.