Pastehere is designed to be privacy-first. To run the service we store: your room code, your end-to-end-encrypted messages and files (ciphertext only — we can't read them), basic routing metadata (timestamps, which device sent an item, and sizes), each device's public key and an access token so we can authorize it, and your IP address briefly to rate-limit abuse.
We use data solely to run pastehere: room codes connect your devices, and your encrypted messages and files are stored so every device in the room can load them. We do not analyze, profile, sell, or advertise against your data.
All content shared through pastehere is encrypted end-to-end. This means only your devices can decrypt and read the messages. We physically cannot access your content — even if we wanted to.
No analytics companies, no advertisers, no data brokers. The only third party involved is our infrastructure provider (Supabase), which hosts the database, file storage, and realtime sync that run the service. The message content they hold is end-to-end encrypted, so they can't read it either.
Your encrypted messages and files stay until you remove them — delete an item, clear the room, or destroy the room, which permanently deletes everything in it. There's no timed auto-expiry, though you can enable auto-cleanup to drop the oldest items once a room reaches 80% of its storage. IP records used for rate-limiting are discarded within about an hour.
Pastehere doesn't use cookies at all. Your encryption keys and device identity live in your browser's local storage (IndexedDB) and never leave your device — there are no tracking, analytics, or advertising cookies.
Questions about privacy? Contact us at hello@pastehere.app
Last updated: May 2026