Back to Home
CloakBin CloakBin

Privacy Policy

Last Updated: December 20, 2025

Zero-Knowledge Privacy

CloakBin is built on zero-knowledge encryption. This means we cannot read your pastes, even if we wanted to. Your content is encrypted in your browser before transmission, and we never have access to the encryption keys.

What We DON'T Collect

Thanks to our zero-knowledge architecture, we do NOT have access to:

  • The content of your pastes (encrypted before transmission)
  • Your encryption keys (never leave your browser)
  • Your passwords for password-protected pastes
  • Who views your pastes (keys are in URL fragments, invisible to servers)
  • Decrypted versions of your content

Even if law enforcement subpoenaed us, we could only provide encrypted blobs that are mathematically impossible to decrypt without the key.

What We DO Collect

To operate the service, we collect minimal technical data:

Encrypted Paste Data

  • Encrypted content (unreadable without key)
  • Paste ID (random identifier)
  • Expiration timestamp
  • Language/syntax hint (for highlighting)
  • Creation timestamp
  • Burn-after-read flag (if enabled)

Server Logs (Temporary)

  • IP addresses (for abuse prevention, retained 30 days max)
  • Request timestamps
  • HTTP headers (User-Agent, etc.)
  • Error logs

Account Data (If You Sign Up)

  • Email address
  • Username (if provided)
  • Account creation date
  • Subscription status (free or premium)

How We Use Your Data

We use collected data only for:

  • Service Operation: Storing and serving encrypted pastes
  • Abuse Prevention: Identifying spam, malware distribution, and illegal activity
  • Performance: Optimizing server response times and reliability
  • Support: Responding to user inquiries and issues
  • Legal Compliance: Responding to valid legal requests (for metadata only)

We never sell, rent, or share your data with third parties for marketing purposes.

Cookies & Tracking

We use minimal cookies:

  • Essential Cookies: Session management, authentication (if logged in)
  • LocalStorage: Draft auto-save, theme preferences (stored locally only)

We do NOT use tracking cookies, analytics that track individuals, or third-party advertising pixels.

Data Retention

  • Pastes: Deleted automatically after expiration or burn-after-read
  • Inactive Free Pastes: Auto-deleted after 30-90 days of no views
  • Server Logs: Retained for maximum 30 days, then deleted
  • Account Data: Retained until account deletion

Third-Party Services

We use these trusted third-party services:

  • Vercel: Hosting and CDN (subject to their privacy policy)
  • MongoDB Atlas: Database storage (encrypted data only)
  • Authentication Provider: If you sign up (e.g., OAuth providers)

These services may process technical metadata (IP addresses, timestamps) according to their own privacy policies.

Your Privacy Rights

You have the right to:

  • Access: Request what data we have about you
  • Deletion: Request account and paste deletion
  • Correction: Update incorrect account information
  • Portability: Export your account data
  • Objection: Object to data processing (may limit service functionality)

Contact us at our contact page to exercise these rights.

Security Measures

We protect your data through:

  • End-to-end encryption (AES-256-GCM)
  • HTTPS/TLS for all connections
  • Secure database encryption at rest
  • Regular security audits
  • Minimal data collection principle

Children's Privacy

CloakBin is not intended for children under 13. We do not knowingly collect data from children. If you believe we have data from a child, contact us immediately.

Changes to This Policy

We may update this policy as our service evolves. Material changes will be announced via email (if you have an account) or a notice on our website.

Contact Us

Questions about privacy? Contact us at our contact page.