Privacy Policy

Last updated: December 25, 2024

Privacy by Design

DecentPaste is built from the ground up with privacy as a core principle. The app uses peer-to-peer networking, end-to-end encryption, and local-only storage. Your clipboard data never touches our servers because we don't have any.

The DecentPaste App

Data We Don't Collect

The DecentPaste application does not collect, transmit, or store any of your data on external servers. Here's what stays on your device:

  • Clipboard content - Your copied text is encrypted and synced directly between your devices over your local network.
  • Device identity keys - Your cryptographic keys are generated and stored locally in an encrypted vault.
  • Paired device information - Information about your paired devices is stored locally.
  • Usage analytics or telemetry - We don't track how you use the app. Zero analytics.

How Your Data is Protected

End-to-End Encryption (AES-256-GCM)

All clipboard data is encrypted before transmission using AES-256-GCM, a military-grade encryption standard. Only your paired devices can decrypt the content.

Secure Key Exchange (X25519 ECDH)

When pairing devices, encryption keys are derived using X25519 elliptic curve Diffie-Hellman. The shared secret is mathematically computed on both devices - it's never transmitted over the network.

Encrypted Local Storage (IOTA Stronghold)

All sensitive data (keys, paired devices, clipboard history) is stored in an encrypted vault protected by your PIN. The vault uses Argon2id key derivation to protect against brute-force attacks.

Local Network Only

DecentPaste uses mDNS for device discovery and libp2p for peer-to-peer communication. Your data travels only over your local network - never through the internet or any external servers.

No Accounts Required

DecentPaste doesn't require you to create an account, provide an email address, or share any personal information. You simply install the app, set a PIN, and start syncing.

This Website (decentpaste.com)

Unlike the app, this website uses analytics to help us understand how visitors discover and interact with our landing page. This helps us improve the website experience.

Analytics We Use

We use Amplitude for website analytics. This may collect:

  • Page views and navigation patterns
  • Button clicks and interactions
  • Download button clicks
  • Session duration and web vitals
  • Referrer information (how you found us)
  • General device/browser information
Note: This analytics is only on the website. The DecentPaste application itself contains zero analytics or tracking.

Third-Party Services

DecentPaste uses the following third-party services:

  • GitHub - For hosting releases, source code, and issue tracking.
  • Amplitude - For website analytics only (not in the app).
  • Google Fonts - For loading the Outfit and Plus Jakarta Sans font families on this website.

Open Source Transparency

DecentPaste is fully open source under the Apache-2.0 license. You can audit our code yourself to verify our privacy claims:

View Source on GitHub

Contact

If you have questions about this privacy policy or DecentPaste's privacy practices, please open an issue on our GitHub repository.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. Since DecentPaste doesn't collect your email, we cannot notify you directly of changes - please check back periodically.