Short version: We store only encrypted data we cannot read. We do not track you, profile you, sell your data, or use cookies. The encryption key never reaches our server. This policy exists to be transparent about the very little data we do handle.
DevPaste is a zero-knowledge encrypted secret-sharing service operated by DevStudioAl (devstudioal.com). When this policy says "we", "us", or "our", it refers to DevStudioAl.
If you have any questions about this policy, contact us at: [email protected]
Understanding how DevPaste works is essential to understanding this privacy policy:
The following table describes every field stored in our database for each paste:
| Field | What it is | Readable by us? |
|---|---|---|
id |
A random 32-character alphanumeric identifier | Yes โ but meaningless alone |
encrypted_content |
AES-256-GCM ciphertext of your content | No โ unreadable without the key |
iv |
Cryptographic initialization vector (not secret) | Yes โ but useless without the key |
password_hash |
bcrypt hash of your optional password (if set) | No โ one-way hash, cannot be reversed |
expires_at |
Unix timestamp when the paste will be deleted | Yes |
burn_after_read |
Flag: whether to delete on first view | Yes |
created_at |
Unix timestamp of paste creation | Yes |
We do not store: your IP address in the database, your name, email, browser, device, location, or any identifier linked to you personally.
To prevent brute-force attacks on password-protected pastes, we apply rate limiting. This requires temporarily holding your IP address in server memory.
Important: IP addresses used for rate limiting are held in memory only โ they are never written to the database, never logged to disk, and are automatically cleared after 10 minutes or upon a successful unlock. They are not used for any other purpose.
Server access logs (if any) generated by the hosting infrastructure may capture IP addresses at the network level. These are outside our direct control and are subject to the hosting provider's own retention and privacy policies.
DevPaste loads fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser loads a font, Google may receive your IP address and browser information as part of the request. This is governed by Google's Privacy Policy.
No other third-party services, scripts, CDNs, or external resources are loaded by DevPaste. There are no social media buttons, no embedded iframes from third parties, and no external JavaScript.
All pastes are automatically and permanently deleted based on your chosen expiry setting:
If Burn After Read is enabled, the paste is deleted immediately after it is viewed for the first time โ regardless of the expiry setting.
Deletion is permanent. There is no archive, no backup of paste content, and no way to recover a deleted paste.
The following technical security controls are in place:
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
In practice, because DevPaste stores no personal identifiers, we have no technical way to link stored data to a specific individual. A paste ID alone is not sufficient to establish identity. We cannot connect an IP address (which we do not store) to a paste.
To exercise any of these rights, contact us at [email protected].
DevPaste is not directed at children under the age of 16. We do not knowingly collect any data from children under 16. If you believe a child under 16 has used this service, please contact us and we will take appropriate action.
DevPaste is fully open source. The complete source code is publicly available at github.com/DevStudioAl/devpaste. Anyone can audit the code to verify the privacy claims made in this document are technically accurate and that no hidden data collection exists.
We may update this Privacy Policy from time to time. Changes will be reflected by an updated "Last updated" date at the top of this page. Continued use of DevPaste after a change constitutes acceptance of the updated policy.
We will not make changes that reduce your privacy rights without clearly communicating those changes.
For any privacy-related questions, requests, or concerns: