textdrop.sh

Privacy Policy

Effective date: May 13, 2026

1. Overview

textdrop.sh is designed to collect as little information as possible. Content you share is encrypted in your browser before it reaches our servers. Non-password pastes store the data key server-side so links and raw text access work without a password. For password-protected pastes, the raw data key is wrapped with a key derived from your password client-side, and your password is never transmitted to or stored by the server.

2. Information We Store

Paste data

All paste data is stored in an in-memory data store and deleted automatically when the paste expires or is burned.

Abuse reports

When you submit an abuse report, we collect the paste URL, the reason and details you provide, your IP address, and optionally your email address if you choose to include it. This information is used solely to review and act on the report and is retained only as long as necessary to resolve it.

Server logs

Our hosting infrastructure may log standard HTTP request metadata (IP address, User-Agent, timestamp, request path) for a limited retention period for security and abuse prevention purposes. We do not correlate these logs with paste content.

3. Information We Do Not Have

4. Analytics

We use Google Analytics 4 and Vercel Analytics to collect aggregate, anonymized usage data (page views, session counts, referrers, browser and device types). These services may set cookies and collect IP addresses subject to their own privacy policies. We do not use analytics to track individual users across sessions.

Vercel Speed Insights collects Core Web Vitals timing data to help us monitor performance. No personally identifiable information is associated with this data.

5. Error Monitoring

We use a third-party error monitoring service to capture application errors and performance data. When an error occurs, a report is sent containing the stack trace, error message, browser and OS type, and the page URL. We have configured this service to minimize data collection; it does not collect or transmit IP addresses, cookies, or HTTP request headers. Screen recording is disabled to protect your content. Error reports are used solely to diagnose and fix bugs.

6. Cookies

We do not set any first-party cookies. Third-party analytics services (Google Analytics, Vercel Analytics) may set cookies in accordance with their own policies. You can block these cookies via your browser settings or a content blocker; the core Service functions without them.

7. Data Sharing

Empowered Technology LLC does not sell or share your data with third parties for advertising or marketing purposes. We may disclose server logs to law enforcement when required by valid legal process. Because we do not store plaintext paste content, stored paste bodies are not kept as readable text. For non-password pastes, we hold the data key needed to serve the paste. For password-protected pastes, we do not hold the password or raw data key.

8. Data Retention

Paste data is stored only until its configured expiry time (maximum 30 days) or until it is read if burn-after-read is enabled. After expiration the data is automatically purged from our data store. Server logs are retained for a limited period (typically 30–90 days) and then deleted.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has submitted personal data through the Service, contact us and we will delete it.

10. Changes to This Policy

We may update this Policy from time to time. The effective date at the top of this page will reflect the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the updated Policy.

11. Contact

Privacy questions or requests? privacy@textdrop.sh

Terms of Service · Back to textdrop.sh