← back to ZeroPaste

Privacy & Terms

Last updated 30 June 2026

What we can — and can't — see

ZeroPaste is end-to-end encrypted. Your text is encrypted in your browser with AES-256-GCM before it is sent; the decryption key lives only in the link fragment (after #) and never reaches our servers. We store, and can only ever see, opaque ciphertext. We cannot read your pastes, and neither can anyone who seizes or subpoenas our storage.

What we store

Hosting and request delivery are provided by Cloudflare, which processes requests (including your IP address) as our infrastructure provider.

Acceptable use

Because we cannot see paste contents, we rely on you. Do not use ZeroPaste to store or distribute unlawful content, malware, phishing, or to harass others, and do not attempt to overwhelm or abuse the service. We may rate-limit or block traffic to protect the service.

Reporting abuse

Report abuse or security issues to sales@pangaea.id (see also /.well-known/security.txt). Because pastes are encrypted and ephemeral, we generally cannot retrieve or decrypt a specific paste — please include the full link if you want us to attempt removal before it expires.

No warranty; ephemerality

The service is provided “as is,” without warranty. Pastes are ephemeral by design: once read or expired they are gone and unrecoverable — there is no backup, undo, or recovery. Don't rely on ZeroPaste as durable storage.


ZeroPaste is built and operated by Pangaea (pangaea.id). This page is a plain-language summary, not legal advice; have counsel review it before relying on it for a public launch.