Privacy Policy

Thanks to our zero-knowledge architecture, we do NOT have access to:

• The content of your pastes (encrypted before transmission)
• Your encryption keys (never leave your browser)
• Your passwords for password-protected pastes
• Who decrypts your pastes (keys are in URL fragments, invisible to servers)
• Decrypted versions of your content

Even if law enforcement subpoenaed us, we could only provide encrypted blobs that are mathematically impossible to decrypt without the key.

To operate the service, we collect minimal technical data:

We use collected data only for:

• Service Operation: Storing and serving encrypted pastes
• Abuse Prevention: Identifying spam, malware distribution, and illegal activity
• Performance: Optimizing server response times and reliability
• Support: Responding to user inquiries and issues
• Legal Compliance: Responding to valid legal requests (for metadata only)

We never sell, rent, or share your data with third parties for marketing purposes.

We use minimal cookies:

• Essential Cookies: Session management, authentication (if logged in)
• LocalStorage: Draft auto-save, theme preferences, consent status (stored locally only)
• Aggregate Usage Data: We collect anonymous, aggregate traffic information such as referring domains and general traffic sources. This data contains no personally identifiable information, is not linked to individual users, and is used solely to understand how visitors find CloakBin.
• Analytics (consent-based): If you accept analytics, we additionally use cookieless, privacy-focused analytics to understand detailed usage patterns. No tracking cookies are set. You can decline at any time.

We do NOT use tracking cookies or advertising pixels. Detailed analytics are opt-in and cookieless.

• Pastes: Deleted automatically after expiration or burn-after-read
• Inactive Anonymous Pastes: Auto-deleted after 45 days of no views
• Inactive Free Account Pastes: Auto-deleted after 90 days of no views
• Security Data: IP addresses and access metadata retained for up to 90 days for abuse prevention, then automatically purged
• Account Data: Retained until account deletion

We use trusted third-party services for:

• Hosting & CDN: Content delivery and server infrastructure
• Database: Encrypted data storage (only ciphertext is stored)
• Payment Processing: Secure payment handling for premium subscriptions
• Authentication: If you sign up (e.g., OAuth providers)
• Umami Analytics: Privacy-friendly analytics, loaded only after explicit cookie consent
• Google Fonts: Font delivery for the code editor

These services may process technical metadata (IP addresses, timestamps) according to their own privacy policies.

You have the right to:

• Access: Request what data we have about you
• Deletion: Request account and paste deletion
• Correction: Update incorrect account information
• Portability: Export your account data
• Objection: Object to data processing (may limit service functionality)

Contact us at our contact page to exercise these rights.

We protect your data through:

• End-to-end encryption (AES-256-GCM)
• HTTPS/TLS for all connections
• Secure database encryption at rest
• Regular security audits
• Minimal data collection principle

CloakBin is not intended for children under 13. We do not knowingly collect data from children. If you believe we have data from a child, contact us immediately.

We may update this policy as our service evolves. Material changes will be announced via email (if you have an account) or a notice on our website.

Questions about privacy? Contact us at our contact page.