Privacy Policy
Last updated: 2026-05-01
What we collect
- Paste content you submit, the language you choose, the visibility flag, and the expiry you set.
- A salted, peppered SHA-256 hash of your IP address, used only for rate limiting and abuse detection. The raw IP address is never persisted.
- A short-lived session token, if you choose to sign in.
What we don’t do
- No third-party analytics, no advertising trackers, no fingerprinting.
- No selling or sharing of paste content with third parties.
- No reading the contents of private (password-gated) pastes for any purpose other than serving the requesting client.
Retention
Paste content is retained until its expires_at timestamp, after which it is purged. Burn-after-read pastes are purged on the first successful view. Deleted pastes are soft-deleted (marked purged) and the content is overwritten or removed according to the operator’s retention policy.
Reports and abuse
Abuse reports include the reporter’s hashed IP and the reason text. Reports about a paste are retained for as long as needed to action them.
Security
Passwords on private pastes are hashed before storage. Transport is over TLS when served behind the recommended deployment topology. We make no other security guarantee — do not paste secrets you cannot afford to lose.
Your rights
You can delete any paste you own from your dashboard. For requests beyond self-service, contact the deployment operator.