Privacy

No accounts, no analytics, no tracking cookies. We store only what’s needed to make pastes work.

• On create: encrypted ciphertext + metadata (iv, optional salt, PBKDF2 params if used, createdAt, expiresAt, plaintext size, one-time flag) in KV.
• One-time pastes: a Durable Object keeps a hash of the one-time token, timestamps, redeemed flag, and the KV key; on first redemption the KV entry is deleted.
• Keys/plaintext: keys never leave your browser; plaintext is never sent to the server. If no password is set, the key lives only in the URL #key=… fragment.
• Abuse protection: your IP is sent to Cloudflare Turnstile for verification; we do not store it.
• Expiry: when set, the KV entry is removed at expiry; “Never” persists until manual/operational cleanup.

← Back