◈ NullPaste
Privacy
NullPaste is built to collect as little as possible. There are no accounts, no analytics, and no third-party trackers.
What we collect
We store the paste content you submit and its settings (expiry, burn-after-read, whether a password is set). We do not require or collect names, emails, or any account information. We do not run analytics or load third-party trackers. An optional CAPTCHA (Cloudflare Turnstile) is only loaded if the operator enables it.
IP addresses
Raw IP addresses are never written to logs or the database. To prevent abuse, rate limiting uses a one-way hashed (HMAC-SHA256) identifier rather than the raw address.
Passwords & encryption
Paste passwords are hashed with Argon2 on the server and never stored in plain text. When you enable end-to-end encryption, the content is encrypted in your browser and the key lives only in the share link, so the server cannot read it. A password alone is not the same as end-to-end encryption — for highly sensitive secrets, prefer encryption.
Retention & deletion
Timed pastes are removed automatically when they expire, and burn-after-read pastes are deleted the first time they are opened. Pastes set to never expire come with a one-time delete code so you can remove them whenever you choose. See the FAQ for details.
Links are unlisted, not secret
Anyone who has the link to a paste without a password can read it. Individual paste pages are marked noindexso search engines don't list them, but treat links like private, unlisted addresses.