Privacy Policy
Last updated: January 14, 2026
1Data We Do NOT Collect
- ✓We do not store your IP address alongside your notes.
- ✓We do not (and physically cannot) read the content of your encrypted notes.
- ✓We do not sell, share, or monetize any user data.
- ✓We do not use tracking cookies or third-party analytics that identify you.
2Data We Do Collect
Encrypted Blobs
We temporarily store the encrypted string of text you submit. This data is unreadable without the decryption key (which we never receive). The blob is automatically and permanently deleted after it is read once or when it expires.
Standard Access Logs
Our hosting provider (Vercel) may temporarily record request metadata (like timestamps and general region) for security and debugging purposes. This is standard infrastructure logging and is not linked to message contents.
3Cookies & Local Storage
We do not use tracking cookies. We may use browser local storage solely to facilitate the encryption process on your device. This data never leaves your browser and is not transmitted to our servers.
4Third-Party Services
Upstash Redis: Used for temporary, encrypted data storage with automatic expiration.
Vercel: Our hosting provider. May collect anonymous performance metrics.
5Data Retention
All encrypted notes are automatically deleted after being read or when their expiration time is reached (whichever comes first). We do not maintain backups of deleted notes. Once it's gone, it's gone forever.
6Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
Questions?
If you have any questions about this privacy policy or our practices, please contact us at:
hello@pasteonce.link