Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address and name (via OAuth providers like Google or GitHub)
• Network Request Data: HTTP request and response data you choose to share through our extension

1.2 Automatically Collected Information

• Usage Data: Features you use, frequency of use
• Technical Data: Browser type, extension version
• Authentication Tokens: Stored locally in your browser for session management

2. How We Use Your Information

We use the collected information to:

• Provide the HTTPaste service and core functionality
• Store and share network requests you choose to save
• Authenticate your account and maintain your session
• Improve our service and develop new features
• Respond to your support requests
• Communicate important service updates

3. Data Storage and Security

3.1 Storage

• Network request data is stored securely on MongoDB Atlas
• Free tier: Data retained for 3 days
• Pro tier: Data retained for 30 days
• You can manually delete any shared request at any time

3.2 Security

• All data transmissions are encrypted using HTTPS
• Authentication uses industry-standard OAuth 2.0
• We implement appropriate security measures to protect your data
• API keys and sensitive headers are automatically redacted

4. Data Sharing and Disclosure

4.1 Shared Links

• When you create a shareable link, the request data becomes accessible to anyone with that link
• You control what you share and can delete shared links at any time

4.2 Third Parties

We do not sell your personal data to third parties.

We use third-party services for:

• MongoDB Atlas: Database hosting
• Vercel: Web hosting
• Google/GitHub: OAuth authentication
• LemonSqueezy: Payment processing (for Pro users)

4.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal obligations
• Protect our rights and safety
• Prevent fraud or abuse

5. Cookies and Tracking

We use cookies for:

• Authentication: Maintaining your login session
• Preferences: Remembering your settings
• Analytics: Understanding how the service is used (Google Analytics)

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

6. Your Rights and Choices

You have the right to:

• Access: View your account data and shared requests
• Delete: Remove your account and all associated data
• Export: Download your shared request data
• Opt-out: Disable analytics cookies
• Correct: Update your account information

To exercise these rights, contact us at hello@saadgulzar.dev

7. Data Retention

• Free Tier: Shared requests deleted after 3 days
• Pro Tier: Shared requests deleted after 30 days (or when storage limit reached)
• Account Data: Retained until you delete your account
• Deleted Data: Permanently removed within 30 days of deletion request

8. Children's Privacy

HTTPaste is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

9. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers operate. By using HTTPaste, you consent to this transfer.

10. Regional Privacy Rights

10.1 For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights:

• Right to object to data processing
• Right to data portability
• Right to lodge a complaint with your data protection authority
• Right to withdraw consent at any time

Legal Basis for Processing: Contract performance (providing the service), Legitimate interests (improving the service), Consent (when required)

10.2 For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information we collect
• Know whether we sell or share personal information (we don't)
• Access your personal information
• Request deletion of your personal information
• Non-discrimination for exercising your rights

We do not sell personal information.

10.3 For Other Regions

We respect privacy rights regardless of location and will honor reasonable requests for data access, correction, or deletion.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide details about the breach and steps taken
• Offer guidance on protecting your information
• Comply with applicable breach notification laws

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for major changes)

13. Chrome Extension Permissions

Our Chrome extension requests the following permissions:

• DevTools panel: To display network requests from the tab you are inspecting
• storage: To store your preferences and authentication state locally
• tabs: To open HTTPaste pages from extension actions
• cookies: To detect your authentication status
• https://httpaste.com/*: To communicate with HTTPaste API and authentication endpoints

We only access data when you explicitly use the extension's sharing feature.

14. Contact Us

If you have questions about this Privacy Policy or our practices, please contact us:

• Email: hello@saadgulzar.dev
• Website: https://httpaste.com
• GitHub: https://github.com/isaadgulzar/HTTPaste/issues