Security

Privacy here is a technical mode.

No toggle makes data safe by itself. This page states the threat model and the limits of every mode.

01

Minimum exposure by default

New pastes are unlisted: they stay out of the catalog, sitemap, and internal search. The address uses 12 cryptographically random Base58 characters, but a secret URL is not a replacement for a password or encryption.

02

End-to-end encryption before upload

In E2E mode the browser encrypts one document containing the title, format, language, and text with AES-256-GCM. The key stays in the #k= fragment, which browsers do not send to the server. A lost key cannot be recovered.

03

A password protects delivery, not storage

The password is hashed with bcrypt and checked before a response. The server still stores plaintext in this mode. If the server must not see the content, use E2E; the two modes are intentionally mutually exclusive.

04

Burn-after-reading is atomic

The recipient explicitly clicks “Reveal.” Of several concurrent requests, only one receives the payload; it becomes unavailable immediately afterward. E2E burn uses an irreversible key verifier, so a slug alone cannot consume the paste.

05

The viewer does not execute content

Raw output uses text/plain and nosniff. Markdown does not enable raw HTML. Editor, viewer, and cabinet use strict CSP, no-store, and load no analytics or user-provided admin scripts.

06

Network data is minimized

IP addresses are used for limits and view deduplication only as HMAC hashes. Expired and deleted rows stop being served immediately; a background process scrubs the payload and later removes the technical tombstone.

When not to use Maralys Paste

Use a secrets manager for long-lived secrets, version control for collaboration, and file storage for binaries. Maralys Paste is designed only for short-form text sharing.