As private as you make it. Files and pastes can be encrypted, and the key stays in your link rather than our database. We never store it, so once we've served your request we can't open your content again. We don't track, profile, or run ads. We're also honest: we keep operational logs and we see your IP to run the service. The full picture is on How it works.
They live on our servers until they expire, you delete them, or (if you set one-time access) until the first download. Encrypt them and what we store is ciphertext, not your file. The share link is randomised so it can't be guessed.
Only if you don't encrypt them. An encrypted paste is encrypted in your
browser before it reaches us, and decrypted in your browser when you open it. The key stays in
the link's #fragment, which your browser never sends us, so we only ever store
ciphertext we can't read.
Operational access logs, method, path, status, IP, timing, to run and debug the service and stop abuse. Not a profile of you. Secret query parameters (keys, passwords) are redacted before anything is written. There's a real, redacted log line on How it works.
Three functional cookies (your session, its refresh, and CSRF protection) and zero tracking cookies. Consent banners exist to ask permission for tracking. We don't track, so there's nothing to ask.
Because most of what Niska does doesn't need one. Sharing a file, a paste, or a lookup all work without signing in. An account is only worth it if you want to keep track of what you've shared and save your settings.
Not right now. That means trust can't lean on "read the code," so it leans on How it works, on what you can verify in your browser's network tab, and eventually a third-party audit.
See /.well-known/security.txt, it lists how to reach us. Good-faith reports are always welcome.
Still curious about the mechanics? How it works walks through exactly what runs where. The bigger picture is on About.