Privacy Policy

Overview

HashPaste is designed to be privacy-first by default. All text processing, compression, and encryption happens entirely within your browser. We do not operate a backend paste storage service.

Data Collection

HashPaste does not collect, store, log, or process:

• Paste contents
• Passwords or encryption keys
• IP addresses
• User identifiers
• Cookies or tracking data

How HashPaste Works

When you create a paste, the content is compressed and optionally encrypted directly in your browser. The resulting data is embedded in the URL fragment (the part after #).

URL fragments are never sent to the server as part of HTTP requests. This means the paste content is never transmitted to us.

Encryption

If you choose to use a password, HashPaste encrypts your text using AES-GCM with a key derived via PBKDF2. Encryption and decryption occur entirely on your device.

HashPaste never sees or stores your password.

Cookies & Tracking

HashPaste does not use cookies, analytics, trackers, fingerprinting, or third-party scripts.

Third-Party Services

HashPaste does not embed third-party services that receive paste data. Hosting providers may receive standard web server requests for loading the site itself, but paste contents are not included.

Data Retention

Since HashPaste does not store paste data, there is nothing to retain or delete on our servers. Paste availability depends entirely on the URL being preserved by the user.

Changes to This Policy

If this privacy policy changes, the updated version will be published on this page with a revised date.

Contact

If you have questions about this privacy policy, you can contact us via the contact page listed in the footer.