← Back to Pasteable

Trust & Security

A clipboard manager sees a lot. So Pasteable is built local-first: your history is encrypted on your device, cloud sync is optional and end-to-end encrypted, and we do not sell your data or show ads. Here is exactly how that works — no marketing fog.

Local-first by default

Your history lives on your device.

Encrypted at rest

Sealed by macOS Keychain / Windows DPAPI / Linux libsecret.

Optional E2E sync

The cloud copy is unreadable without your key.

Sensitive content blur

Passwords & API keys hidden in the shelf.

Password-manager skip

1Password, Bitwarden & others ignored by default.

No ads, no data sale

Crash reports are opt-in and never include clips.

Stripe payments

Card numbers never touch our servers.

Your history is encrypted on your device

The full content of every item you copy — text, code, links, images — and its metadata are encrypted at rest in the local database using a key sealed by your operating system's secure storage (macOS Keychain, Windows DPAPI, or Linux libsecret). Short titles and previews stay unencrypted so you can search and see snippets. Nobody can read your history by copying the database file off your machine.

Sync is optional and end-to-end encrypted

Cross-device sync stays off until you sign in and turn it on. When it is on, items are encrypted on your device before they are uploaded, so the cloud copy in Firebase is unreadable without your key. Firebase adds TLS in transit and encryption at rest on top. You can turn sync off or sign out at any time, and you can clear what is in your account from the app or by deleting your account.

Sensitive content stays private

Pasteable skips captures from known password managers (1Password, Bitwarden, LastPass, Dashlane, and similar) by default, and you can add your own ignored apps, file types, and formats. With “Blur sensitive content” on, passwords and API keys are visually hidden in the shelf so shoulder-surfers and screenshots do not leak them.

What we do not do

  • We do not read, scan, or analyze your clipboard contents.
  • We do not sell or rent your data to third parties.
  • We do not use your data to train models.
  • We do not show advertising.
  • We do not receive your password — Firebase Auth manages sign-in.
  • We do not see your card number — Stripe handles payments.

Diagnostics are opt-in

Pasteable writes a local crash log to your app data directory if it hits an error. Sending crash reports to us is opt-in and off by default. If you enable it, reports may include error messages, app version, and platform — never clipboard contents.

Your data, your controls

  • Delete individual items or your entire history from the app.
  • Export your history from Settings → Data.
  • Set automatic retention limits by days and item count.
  • Disable sync, sign out, or request full account deletion.

Private by default, powerful when you want it

Start local-only and free. Add end-to-end encrypted sync across all your devices whenever you are ready.

Download for Mac
or download forMac·Windows·Linux

Looking for the legal details? Read our Privacy Policy.