Encryption happens in your browser. The key lives in the URL fragment — the server never sees it.
Controller: paste.m4ch.net operator — privacy@m4ch.net.
What we process. Paste ciphertext, initialisation vector, random paste ID, expiry timestamp — stored until the chosen expiry (max 24 hours), then deleted. The decryption key never reaches the server. The reverse proxy logs request metadata (IP address, User-Agent, path, status) for up to 7 days for abuse prevention.
Lawful basis. Legitimate interest (GDPR Art. 6(1)(f)): operating and protecting the service. No profiling, no tracking, no cookies.
Your rights. Access, rectification, erasure, restriction, portability, objection (GDPR Art. 15–21). Paste erasure is automatic at expiry; for log-data requests or any other concern, contact privacy@m4ch.net. You may also lodge a complaint with your supervisory authority.