Privacy Policy
Last updated: January 6, 2025
Privacy First, Always
This Privacy Policy describes how GhostPaste ("we", "us", or "our") handles information when you use our service. We are committed to protecting your privacy through zero-knowledge encryption and minimal data collection practices.
The Short Version ๐ก๏ธ
We can't see your code. We don't track you. We don't sell data. Your pastes are encrypted before they reach us. Privacy isn't just a feature - it's our foundation.
1. Information We DON'T Collect
Thanks to our zero-knowledge architecture:
- We cannot see your unencrypted code or content
- We do not track individual users
- We do not use analytics or tracking cookies
- We do not collect email addresses or personal information
- We do not have user accounts or profiles
- We do not log IP addresses for tracking
- We cannot access your encryption keys
We're Privacy Blind ๐
Imagine we're wearing a blindfold - we literally can't see your code because it's encrypted before it reaches us. No tracking, no profiling, no creepy stuff.
2. What We Store
We only store:
- Encrypted blobs: Your code, encrypted client-side
- Metadata: Creation time, expiry time, file count
- Hashed Passwords: If you set a password (we can't reverse it)
- Random IDs: To identify your pastes
All encryption happens in your browser. We never receive or store plaintext content or encryption keys.
Just Encrypted Gibberish ๐
Our database looks like random nonsense because everything is encrypted. Even if someone hacked us (please don't!), they'd just get encrypted blobs they can't read.
3. How Our Encryption Works
Your privacy is protected by:
- Client-side encryption: AES-256-GCM in your browser
- Key generation: Unique key for each paste
- URL fragments: Keys in # part (never sent to server)
- Zero-knowledge: We can't decrypt even if asked
- Open source: Verify our code yourself
Fort Knox for Code ๐ฐ
Your code gets locked in a digital safe before leaving your computer. The key? Only you have it. We just store the locked safe. Military-grade encryption, zero access.
4. Server Logs & Infrastructure
For service operation and security:
- Cloudflare may log requests for DDoS protection
- Temporary error logs for debugging (no personal data)
- No long-term IP address storage
- No user behavior tracking
- Logs are automatically purged
Basic Operations Only ๐ง
Cloudflare helps protect against attacks and keeps things fast. They might see you visited, but not what you shared. We keep logs minimal and delete them quickly.
5. Cookies & Local Storage
We use minimal browser storage:
- Theme preference: Light/dark mode choice
- No tracking cookies: Zero, zilch, nada
- No third-party cookies: Just us here
- No analytics: We don't need to know
Cookie Diet ๐ช
We're on a strict cookie diet - only the essential one to remember if you like dark mode. No tracking cookies, no ads, no nonsense.
6. Data Sharing & Third Parties
We share your data with:
- Nobody: We don't sell data
- No one: We don't trade data
- Zero third parties: Your data stays with us
- Not even governments: We can't decrypt it anyway
Exception: Cloudflare provides our infrastructure, but they only see encrypted data.
Your Data = Fort Knox ๐ฆ
We don't have a business model based on your data. We can't sell what we can't see. Even if the FBI asked nicely, we couldn't help - we don't have the keys!
7. Data Retention & Deletion
Your data is automatically deleted:
- After your set expiry time (1 hour to 30 days)
- Immediately for one-time view pastes
- When you manually delete with your password
- Default retention: 30 days maximum
Deleted means deleted - we don't keep backups of user content.
Auto-Cleanup Crew ๐งน
Your pastes self-destruct based on your settings. One-time views? Gone after viewing. Set an expiry? Poof, it's gone. We're not a permanent storage service.
8. Your Rights
You have the right to:
- Use the service anonymously
- Delete your content anytime (with password)
- Not be tracked or profiled
- Review our open-source code
- Run your own instance
You're in Control ๐ฎ
No accounts, no tracking, no BS. Use it, delete it, inspect the code, or run your own. Your data, your rules. We're just here to help you share code safely.
9. Policy Updates
We may update this policy to reflect changes in our practices or for legal reasons. Updates will be posted here with a new "Last updated" date. Significant changes will be highlighted.
Keeping You Posted ๐ฌ
If we change something important, we'll update the date. But honestly, our core promise won't change: we can't see your stuff, and we like it that way.
10. Contact Us
Questions about privacy? Reach out:
- GitHub Issues: Ask a Question
- Source Code: Verify Our Claims
Privacy Questions? ๐ค
We're transparent about everything. Check our code, ask questions, suggest improvements. Privacy is a community effort. Built with ๐ป and ๐ค.
Privacy by Design
Not just a policy, but a promise. Your code stays yours, always.