Privacy Policy
Last Updated: February 25, 2026
HTTPaste ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Chrome extension and web service.
Chrome Web Store Limited Use Disclosure
HTTPaste uses Chrome DevTools network data only to provide the user-facing features of capturing, reviewing, and sharing network requests that you choose to inspect or save. We do not sell this data, we do not use it for advertising, and we do not transfer it except when needed to provide the service you request, comply with law, or protect against abuse.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address and name (via OAuth providers like Google or GitHub)
- Network Request Data: HTTP request and response data you choose to share through our extension
1.2 Automatically Collected Information
- Usage Data: Features you use, frequency of use
- Technical Data: Browser type, extension version
- Authentication State and Session Data: Session cookies on httpaste.com and local extension state used to determine whether you are signed in
- DevTools Network Data: Network request and response details visible in the HTTPaste DevTools panel for the tab you are inspecting
2. How We Use Your Information
We use the collected information to:
- Provide the HTTPaste service and core functionality
- Store and share network requests you choose to save
- Authenticate your account and maintain your session
- Improve our service and develop new features
- Respond to your support requests
- Communicate important service updates
3. Data Storage and Security
3.1 Storage
- Network request data is stored securely on MongoDB Atlas
- Free tier: Data retained for 3 days
- Pro tier: Data retained for 30 days
- You can manually delete any shared request at any time
3.2 Security
- All data transmissions are encrypted using HTTPS
- Authentication uses industry-standard OAuth 2.0
- We implement appropriate security measures to protect your data
- API keys and sensitive headers are automatically redacted
4. Data Sharing and Disclosure
4.1 Shared Links
- When you create a shareable link, the request data becomes accessible to anyone with that link
- You control what you share and can delete shared links at any time
4.2 Third Parties
We do not sell your personal data to third parties.
We use third-party services for:
- MongoDB Atlas: Database hosting
- Vercel: Web hosting
- Google Analytics: Website analytics
- Google/GitHub: OAuth authentication
- LemonSqueezy: Payment processing (for Pro users)
4.3 Legal Requirements
We may disclose your information if required by law or to:
- Comply with legal obligations
- Protect our rights and safety
- Prevent fraud or abuse
5. Cookies and Tracking
We use cookies for:
- Authentication: Maintaining your login session
- Preferences: Remembering your settings
- Analytics: Understanding how the service is used (Google Analytics)
You can control cookies through your browser settings. Note that disabling cookies may affect functionality.
The extension itself reads HTTPaste session cookies only to check whether you are signed in. Analytics cookies, if present, apply to the HTTPaste website rather than the extension package.
6. Your Rights and Choices
You have the right to:
- Access: View your account data and shared requests
- Delete: Remove your account and all associated data
- Export: Download your shared request data
- Opt-out: Disable analytics cookies
- Correct: Update your account information
To exercise these rights, contact us at hello@saadgulzar.dev
7. Data Retention
- Free Tier: Shared requests deleted after 3 days
- Pro Tier: Shared requests deleted after 30 days (or when storage limit reached)
- Account Data: Retained until you delete your account
- Deleted Data: Permanently removed within 30 days of deletion request
8. Children's Privacy
HTTPaste is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.
9. International Data Transfers
Your data may be stored and processed in the United States or other countries where our service providers operate. By using HTTPaste, you consent to this transfer.
10. Regional Privacy Rights
10.1 For EU/EEA Residents (GDPR)
Under the General Data Protection Regulation, you have additional rights:
- Right to object to data processing
- Right to data portability
- Right to lodge a complaint with your data protection authority
- Right to withdraw consent at any time
Legal Basis for Processing: Contract performance (providing the service), Legitimate interests (improving the service), Consent (when required)
10.2 For California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect
- Know whether we sell or share personal information (we don't)
- Access your personal information
- Request deletion of your personal information
- Non-discrimination for exercising your rights
We do not sell personal information.
10.3 For Other Regions
We respect privacy rights regardless of location and will honor reasonable requests for data access, correction, or deletion.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Provide details about the breach and steps taken
- Offer guidance on protecting your information
- Comply with applicable breach notification laws
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for major changes)
13. Chrome Extension Permissions
Our Chrome extension requests the following permissions:
- DevTools panel: To display network requests from the tab you are inspecting
- storage: To store your preferences and authentication state locally
- tabs: To open HTTPaste pages from extension actions
- cookies: To detect your authentication status
- https://httpaste.com/*: To communicate with HTTPaste API and authentication endpoints
The extension reads network request details from Chrome DevTools so you can inspect them in the HTTPaste panel. Those details are only uploaded to HTTPaste when you explicitly choose to share or save a request.
14. Contact Us
If you have questions about this Privacy Policy or our practices, please contact us:
- Email: hello@saadgulzar.dev
- Website: https://httpaste.com
- GitHub: https://github.com/isaadgulzar/HTTPaste/issues
Summary (TL;DR)
- ✅ The extension reads DevTools network data locally so you can inspect it
- ✅ Request data is uploaded only when you choose to share it
- ✅ We don't sell your data to anyone
- ✅ Shared links are accessible to anyone with the URL
- ✅ Free tier: 3-day retention, Pro tier: 30-day retention
- ✅ You can delete your data anytime
- ✅ We use industry-standard security
- ✅ OAuth for authentication (Google/GitHub)
Your privacy matters to us. We're developers too, and we built HTTPaste with privacy in mind.
This privacy policy was last updated on February 25, 2026.