Privacy Policy
Effective date: 9/18/25
Flashpaper is a privacy-first, one-time secret sharing service. This policy explains our data collection, retention, and security practices.
What we store
- Encrypted Content Only: We store text secrets (max 4 KB) and file secrets (max 25 MB) exclusively as ciphertext. Plaintext is never written to disk.
- Operational Metadata: We retain minimal metadata necessary to operate the service, such as filenames, file sizes, expiration times, and burn status.
- Security Logs: To prevent abuse and rate-limit requests, we log IP addresses, coarse geolocation, and non-reversible HMACs of your IP and User-Agent. These logs are automatically purged after 30 days.
What we do not store
- No Plaintext: We never store unencrypted secret content.
- No Passphrases: Passphrases are used transiently in memory to derive encryption keys and are immediately discarded.
- No Tracking: We do not use third-party analytics, tracking cookies, or external content delivery networks (CDNs).
Data Processing & Security
Flashpaper employs strict security measures to protect your data:
- Encryption: All data is encrypted in transit via TLS and at rest as ciphertext.
- Atomic Deletion: Burn-after-read secrets are permanently deleted from the database and filesystem immediately upon the first access attempt.
- Cache Prevention: Secret-revealing endpoints emit strict cache-control headers (
Cache-Control: no-store, Pragma: no-cache, Referrer-Policy: no-referrer).
Note: Flashpaper is not an end-to-end encrypted platform. While our infrastructure is highly hardened and key material is secured by hardware (TPM), secrets without a passphrase rely entirely on the server’s integrity. If the server were fully compromised, those secrets could theoretically be exposed. For highly sensitive data, we strongly recommend adding a passphrase so the decryption key remains exclusively yours.
Legal Bases & Data Sharing
- Legitimate Interests: We process IP addresses and security logs under the legitimate interest of securing the service and preventing abuse.
- No Data Sales: We do not sell personal information. Data is only shared with essential infrastructure providers (under contract) or when required by law.
Your Rights & Choices
- Data Deletion: Secrets are automatically and permanently destroyed once they expire or are read. Security logs are purged strictly after 30 days.
- Regional Rights (e.g., GDPR/CCPA): Users in applicable jurisdictions have the right to access, restrict, or request early deletion of their data (e.g., security logs). Contact us to exercise these rights.
- No PII: We strongly advise against including personally identifiable information (PII) within your secrets.
Contact Us
If you have questions or wish to exercise your data rights, please contact us at: support@sturdystatistics.com