Security

Before your data is sent to our servers, it is encrypted in your browser.
• Server has zero knowledge of your uploaded data.
• Your data is safe from cases like a server breach, malicious employees or a government subpoena.
• The only record/log of your paste data is on your computer.
• If you lose your encryption key, you will not be able to decrypt your data.
• Data is encrypted and compressed in the browser using the AES-256-GCM algorithm.

We use the AES-256-GCM (military grade) algorithm to encrypt your paste data. This is a very secure algorithm and is used by many companies to encrypt their sensitive data.
• Virtually uncrackable using any brute force methods. It would take approximately 2.29*10^32 years to brute force/crack (with quantum computers). Our universe is 1.38*10^10 years old, so cracking AES-256 would take 200 times longer than the universe has been around!
• Uses a 256-bit key. (A 256-bit key is a 78 digit number.)
• Low overhead. (Great performance. Fast encryption/decryption.)
• Used by high profile companies/organizations such as the NSA, FBI, Google Cloud, etc.
• Future proof. As mentioned above, the use of a 256-bit key means that it will be a very long time before it is cracked.
• Authenticated encryption: Combines encryption and authentication (your password, if provided) in a single operation. Provides both confidentiality and integrity.
• GCM: Galois/Counter Mode. A mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance.
• Secure against replay attacks (replay attacks are when an attacker intercepts a message and resends it at a later time).
• Advanced Encryption Standard (AES) short explanation:

We use PlanetScale to host our database. PlanetScale is a very secure database hosting service.

• How PlanetScale keeps your data safe!
• PCI DSS Level 1 compliant (the highest level of security for businesses that handle over 6 million $ transactions per year).
• 256-bit AES encryption at rest.
• 256-bit TLS encryption in transit.
• Automatic encrypted backups.
• Automatic failover.

We use Vercel to host our website. Vercel is a very secure hosting service.

• Vercel Security
• More on Vercel Security
• SOC 2 Type II compliant. (The SOC 2 Type II report is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.)
• ISO 27001 certified. (ISO 27001 is the international standard that describes best practice for an ISMS (information security management system).)
• GDPR compliant.
• PCI DSS compliant.
• Uses multi-layered security architecture. Combines people, processes, and technology to protect our hosted data.
• Failover strategy: has a failover strategy (AWS Global Accelerator) that ensures that our website is always up.
• Data encryption: AES-256 encryption at rest.
• Data encryption: HTTPS/TLS 1.3 encryption in transit.
• DDOS protection: Vercel has a built in DDOS protection system.
• Data backups: Vercel automatically backs up our data to ensure that we never lose any hosted data.

We use Cloudflare to host our CDN. Cloudflare is a very secure CDN hosting service.

• Cloudflare Security
• Cloudflare is the leading provider of CDN services. Serving 26 million Internet properties, in any given day, CloudFlare handles more traffic than Amazon, Wikipedia, X (formerly Twitter), Apple, PayPal, eBay and Instagram combined.
• Cloudflare has a 99.99% uptime guarantee.
• Cloudflare has 200+ data centers.
• Cloudflare has 35+ Tbps of network capacity.
• Cloudflare operates a vast global network of data centers strategically located around the world. This extensive network provides security, performance, reliability, and availability to users.
• Web Application Firewall (WAF): Cloudflare’s WAF protects websites from malicious attacks, such as SQL injection attacks, cross-site scripting, and comment spam.
• Cloudflare’s WAF is based on the OWASP ModSecurity Core Rule Set (CRS), a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls.
• Cloudflare DDOS Protection short explanation:

Secure in our context means that the data is encrypted and cannot be read by anyone else (even us) in ANY way.

Encrypted in our context means that the data is encrypted but can be deciphered by us (we would never do this unless we had to).

When you choose to not use a password, your data is secure but can be read by anyone who has the link to your paste.

When you choose to use a password, your data is secure and can only be read by people who have the link to your paste and the password.

You lose some security when you post with an account. This is because we have to store your data in our database. We do not store your password in plain text, we hash it with a salt. This means that if someone were to get access to our database, they would not be able to read your data.

You want to post a paste without an account and you want it to be 100% secure (100% encrypted). You can do this by choosing to use a password.

You want to post with an account, but you want it to be 100% encrypted (not secure). You can do this by choosing to use a password.