Privacy & Terms
Last updated 30 June 2026
What we can — and can't — see
ZeroPaste is end-to-end encrypted. Your text is encrypted in your browser with AES-256-GCM before it is sent; the decryption key lives only in the link fragment (after #) and never reaches our servers. We store, and can only ever see, opaque ciphertext. We cannot read your pastes, and neither can anyone who seizes or subpoenas our storage.
What we store
- Ciphertext, under a random id, until it is read once (burn-on-read) or expires (7-day backstop) — whichever comes first.
- No accounts, no email, no paste contents logged.
- A short-lived, per-IP rate-limit counter to prevent abuse. It is not linked to paste contents and is not used to profile you.
Hosting and request delivery are provided by Cloudflare, which processes requests (including your IP address) as our infrastructure provider.
Acceptable use
Because we cannot see paste contents, we rely on you. Do not use ZeroPaste to store or distribute unlawful content, malware, phishing, or to harass others, and do not attempt to overwhelm or abuse the service. We may rate-limit or block traffic to protect the service.
Reporting abuse
Report abuse or security issues to sales@pangaea.id (see also /.well-known/security.txt). Because pastes are encrypted and ephemeral, we generally cannot retrieve or decrypt a specific paste — please include the full link if you want us to attempt removal before it expires.
No warranty; ephemerality
The service is provided “as is,” without warranty. Pastes are ephemeral by design: once read or expired they are gone and unrecoverable — there is no backup, undo, or recovery. Don't rely on ZeroPaste as durable storage.
ZeroPaste is built and operated by Pangaea (pangaea.id). This page is a plain-language summary, not legal advice; have counsel review it before relying on it for a public launch.