Privacy Policy

Last Updated: February 25, 2026

HTTPaste ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Chrome extension and web service.

Chrome Web Store Limited Use Disclosure

HTTPaste uses Chrome DevTools network data only to provide the user-facing features of capturing, reviewing, and sharing network requests that you choose to inspect or save. We do not sell this data, we do not use it for advertising, and we do not transfer it except when needed to provide the service you request, comply with law, or protect against abuse.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address and name (via OAuth providers like Google or GitHub)
  • Network Request Data: HTTP request and response data you choose to share through our extension

1.2 Automatically Collected Information

  • Usage Data: Features you use, frequency of use
  • Technical Data: Browser type, extension version
  • Authentication State and Session Data: Session cookies on httpaste.com and local extension state used to determine whether you are signed in
  • DevTools Network Data: Network request and response details visible in the HTTPaste DevTools panel for the tab you are inspecting

2. How We Use Your Information

We use the collected information to:

  • Provide the HTTPaste service and core functionality
  • Store and share network requests you choose to save
  • Authenticate your account and maintain your session
  • Improve our service and develop new features
  • Respond to your support requests
  • Communicate important service updates

3. Data Storage and Security

3.1 Storage

  • Network request data is stored securely on MongoDB Atlas
  • Free tier: Data retained for 3 days
  • Pro tier: Data retained for 30 days
  • You can manually delete any shared request at any time

3.2 Security

  • All data transmissions are encrypted using HTTPS
  • Authentication uses industry-standard OAuth 2.0
  • We implement appropriate security measures to protect your data
  • API keys and sensitive headers are automatically redacted

4. Data Sharing and Disclosure

4.1 Shared Links

  • When you create a shareable link, the request data becomes accessible to anyone with that link
  • You control what you share and can delete shared links at any time

4.2 Third Parties

We do not sell your personal data to third parties.

We use third-party services for:

  • MongoDB Atlas: Database hosting
  • Vercel: Web hosting
  • Google Analytics: Website analytics
  • Google/GitHub: OAuth authentication
  • LemonSqueezy: Payment processing (for Pro users)

4.3 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal obligations
  • Protect our rights and safety
  • Prevent fraud or abuse

5. Cookies and Tracking

We use cookies for:

  • Authentication: Maintaining your login session
  • Preferences: Remembering your settings
  • Analytics: Understanding how the service is used (Google Analytics)

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

The extension itself reads HTTPaste session cookies only to check whether you are signed in. Analytics cookies, if present, apply to the HTTPaste website rather than the extension package.

6. Your Rights and Choices

You have the right to:

  • Access: View your account data and shared requests
  • Delete: Remove your account and all associated data
  • Export: Download your shared request data
  • Opt-out: Disable analytics cookies
  • Correct: Update your account information

To exercise these rights, contact us at hello@saadgulzar.dev

7. Data Retention

  • Free Tier: Shared requests deleted after 3 days
  • Pro Tier: Shared requests deleted after 30 days (or when storage limit reached)
  • Account Data: Retained until you delete your account
  • Deleted Data: Permanently removed within 30 days of deletion request

8. Children's Privacy

HTTPaste is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

9. International Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers operate. By using HTTPaste, you consent to this transfer.

10. Regional Privacy Rights

10.1 For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights:

  • Right to object to data processing
  • Right to data portability
  • Right to lodge a complaint with your data protection authority
  • Right to withdraw consent at any time

Legal Basis for Processing: Contract performance (providing the service), Legitimate interests (improving the service), Consent (when required)

10.2 For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect
  • Know whether we sell or share personal information (we don't)
  • Access your personal information
  • Request deletion of your personal information
  • Non-discrimination for exercising your rights

We do not sell personal information.

10.3 For Other Regions

We respect privacy rights regardless of location and will honor reasonable requests for data access, correction, or deletion.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about the breach and steps taken
  • Offer guidance on protecting your information
  • Comply with applicable breach notification laws

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for major changes)

13. Chrome Extension Permissions

Our Chrome extension requests the following permissions:

  • DevTools panel: To display network requests from the tab you are inspecting
  • storage: To store your preferences and authentication state locally
  • tabs: To open HTTPaste pages from extension actions
  • cookies: To detect your authentication status
  • https://httpaste.com/*: To communicate with HTTPaste API and authentication endpoints

The extension reads network request details from Chrome DevTools so you can inspect them in the HTTPaste panel. Those details are only uploaded to HTTPaste when you explicitly choose to share or save a request.

14. Contact Us

If you have questions about this Privacy Policy or our practices, please contact us:

Summary (TL;DR)

  • ✅ The extension reads DevTools network data locally so you can inspect it
  • ✅ Request data is uploaded only when you choose to share it
  • ✅ We don't sell your data to anyone
  • ✅ Shared links are accessible to anyone with the URL
  • ✅ Free tier: 3-day retention, Pro tier: 30-day retention
  • ✅ You can delete your data anytime
  • ✅ We use industry-standard security
  • ✅ OAuth for authentication (Google/GitHub)

Your privacy matters to us. We're developers too, and we built HTTPaste with privacy in mind.

This privacy policy was last updated on February 25, 2026.