Encrypted in your browser. The key lives in the link, never on our server. Burned the first time it's read.
This paste is destroyed the moment it's opened — it can be read once. Open it only when you're ready. (This click is what fetches it, so link previews and scanners can't burn it for you.)
When you create a paste, your browser generates a random 256-bit key and nonce and encrypts your text with AES-256-GCM via the Web Crypto API — before anything leaves your device. It is end-to-end encrypted: only the people you share the link with can decrypt it. Browsers never send the part after # to a server, so only they ever hold the key.
A link looks like https://zeropaste.pangaea.id/#[link-id]:[key]. The link-id (before the colon) is what the server uses to look up the encrypted blob — that part is sent when your browser fetches the paste. The key after the colon is the AES-256-GCM key that decrypts it; it stays in the URL fragment (after #) and your browser never sends it to the server. Anyone with the whole link can read the paste once — but the stored data is useless without the key half.
No. We never store your raw text. The server only receives opaque ciphertext (nonce + encrypted bytes, base64) and stores exactly that — it never sees your plaintext or your key. The operator is mathematically unable to read a paste.
There is nothing readable to share. Every paste is end-to-end encrypted and we never hold the key, so a subpoena or a server seizure would yield only ciphertext we cannot decrypt — and most pastes are already gone (burn-on-read). We keep no accounts, no emails, and no logs of paste contents, so there is no profile to hand over either.
Pastes are ephemeral. They vanish whichever comes first: deleted the moment they are first read (burn-on-read), or removed after a 7-day backstop if never opened. Nothing is kept beyond that, and there is no “keep forever” option.
The link works exactly once. The first time anyone opens it, the server returns the encrypted blob and immediately deletes it — so a second visit (or a snooping link-scanner that beat you to it) finds nothing. It's a self-destructing message: if the page shows you the text, you also know no one read it before you.
Yes — up to about 190 KB of text per paste (256 KB of ciphertext). Anything larger is rejected.
Yes, per IP address. A token bucket allows a burst of 10 new pastes, refilling 1 every 6 seconds (about 10 per minute sustained). Going over returns HTTP 429. Reading a paste is never rate-limited. Operators can tune these values.
On Cloudflare's free plan, Workers KV allows roughly 100,000 reads/day and 1,000 writes/day with 1 GB of storage. Because each new paste is one KV write, that is the practical ceiling of about 1,000 new pastes per day. The exact paste counter and the rate limiter run on SQLite-backed Durable Objects, which are also free-plan eligible.
End to end in Rust compiled to WebAssembly, deployed on Cloudflare. The backend is a single Cloudflare Worker (via workers-rs) handling storage and burn-on-read; the frontend is Rust→WASM driving the UI and calling the browser's native Web Crypto. Storage is Cloudflare KV for ciphertext plus two Durable Objects (counter + rate limiter). No JavaScript app code, no servers to run.
ZeroPaste is built and operated by Pangaea — pangaea.id.