FAQ
How secure is this?
Content is encrypted in your browser before it leaves. The key stays in the , which browsers don't send to servers per . We only store . Even with full database access, your content is unrecoverable without the key.
What URLs do I get?
Two separate URLs: a decryption URL to view/share the paste, and a deletion URL to manually delete it. Keep them separate. The decryption URL contains the key; the deletion URL contains a token we hash and store.
I lost my decryption URL. Can you recover it?
No. The key only exists in your URL. Without it, the data is unrecoverable. By design. We never see the key, so we can't help you.
I lost my deletion URL. Can I still delete the paste?
No. The deletion token is only given once at creation. You'll need to wait for expiration, or use burn-after-reading if you enabled it.
How does burn-after-reading work?
The server verifies you possess the decryption key before releasing the ciphertext, then deletes atomically. The recipient can still save content after viewing, but the paste itself is gone.
Should I use quantum mode?
Default is fine for most cases. Quantum mode adds for protection against future quantum computers. Tradeoff: URLs grow from ~88 bytes to ~4.3KB. Use it for data that needs to stay secure for decades.
Why should I trust you?
You don't have to. The code is open source. Encryption happens client-side before anything leaves your browser. Verify it yourself, or self-host if you prefer.
Size limit?
2MB. Enough for code and configs. For larger files, use something else.
Expiration options?
1 hour, 1 day, 1 week, 30 days, or never. Expired pastes are deleted automatically.