Tools
Tools Privacy
Security model, limitations, and what the server can see.
Privacy model
Paste and Saf are designed so plaintext never leaves your browser. Paste links are
self-contained and store encrypted data inside the URL fragment, which browsers
never send to the server.
What the server can see
- Requests for pages and assets (standard HTTP metadata like IP and user agent).
- The path you visit (for example, /tools/paste/abc123).
- Whether you loaded a page (but not the fragment contents).
What the server cannot see
- Paste plaintext or ciphertext (it never leaves your browser).
- Decryption keys stored in the URL fragment or your passphrase.
- FHE demo inputs or outputs (the demo runs entirely in your browser).
- PQC demo keys, messages, and signatures (they stay in-memory).
- Saf passphrases or local files (Saf is fully offline).
Limitations to understand
- If you lose the fragment or passphrase, data is unrecoverable.
- Anyone with the link + passphrase can decrypt the paste.
- Fragments are stored in browser history; avoid sharing links on untrusted devices.
- Local device security still matters (malware can read plaintext).
- Browser extensions can access page content and URL fragments.
- Clipboard managers and browser history may store fragments.