Privacy Policy

Summary: CryptoPaste encrypts your secret locally in your browser with AES-GCM; the server receives only ciphertext. The decryption key and IV are embedded in the link you share, so the server cannot decrypt the stored data.

Data we process

• Secrets: Stored on the server only as ciphertext until expiry. Intended for one-time viewing.
• Metadata: Minimal request logs may be kept for operational/security purposes.

Retention & deletion

Secrets are stored in memory, and expire per the selected timeframe.

Cookies & local storage

• Theme & language: Stored in your browser localStorage to remember your preferences.

Cloudflare security cookie (cf_clearance)

We do not set marketing or analytics cookies. Our security/CDN provider, Cloudflare, may set a strictly necessary cookie called cf_clearance when their bot-protection challenge is used on this site.

• Provider: Cloudflare, Inc. (set on our domain while Cloudflare protection is active)
• Purpose: Stores proof that a visitor passed a Cloudflare challenge so the visitor is not repeatedly challenged and can reach our origin server.
• Type: Essential/strictly necessary; not used for advertising or cross-site tracking.
• Lifetime: ~30 minutes.
• Security attributes: Sent only over HTTPS and usually uses SameSite=None; Secure.
• Legal basis (EU/EEA): Necessary to provide the service and our legitimate interests in site security; consent is not required for this cookie.

If you block or delete this cookie, parts of the site protected by Cloudflare may not work properly, or you may be asked to complete a challenge again.

Learn more in Cloudflare’s documentation: Cloudflare cookies and Challenge passage.