// FAQ
Short, straight answers. The long version is on How it works.
Is Niska really private?

As private as you make it. Files and pastes can be encrypted, and the key stays in your link rather than our database. We never store it, so once we've served your request we can't open your content again. We don't track, profile, or run ads. We're also honest: we keep operational logs and we see your IP to run the service. The full picture is on How it works.

What happens to my files?

They live on our servers until they expire, you delete them, or (if you set one-time access) until the first download. Encrypt them and what we store is ciphertext, not your file. The share link is randomised so it can't be guessed.

Can you read my pastes?

Only if you don't encrypt them. An encrypted paste is encrypted in your browser before it reaches us, and decrypted in your browser when you open it. The key stays in the link's #fragment, which your browser never sends us, so we only ever store ciphertext we can't read.

What do you log?

Operational access logs, method, path, status, IP, timing, to run and debug the service and stop abuse. Not a profile of you. Secret query parameters (keys, passwords) are redacted before anything is written. There's a real, redacted log line on How it works.

Do you use cookies? Why is there no consent banner?

Three functional cookies (your session, its refresh, and CSRF protection) and zero tracking cookies. Consent banners exist to ask permission for tracking. We don't track, so there's nothing to ask.

Why don't I need an account?

Because most of what Niska does doesn't need one. Sharing a file, a paste, or a lookup all work without signing in. An account is only worth it if you want to keep track of what you've shared and save your settings.

Is Niska open source?

Not right now. That means trust can't lean on "read the code," so it leans on How it works, on what you can verify in your browser's network tab, and eventually a third-party audit.

How do I report a security issue?

See /.well-known/security.txt, it lists how to reach us. Good-faith reports are always welcome.

Still curious about the mechanics? How it works walks through exactly what runs where. The bigger picture is on About.