Privacy Policy

Effective date: 17 May 2026 App: ByteGuard Paste (Android, package net.byteguard.paste) Publisher: enim · Contact: enim@byte-guard.net

ByteGuard Paste is a thin client for the public paste service at paste.byte-guard.net. This policy explains what the app collects, what it does not, and what choices you have.

1. What the app sends to our server

When you create a paste, the app sends to paste.byte-guard.net:

• The text content you typed or shared into the app.
• Your chosen language tag (e.g. python, plaintext).
• Your chosen expiry window (1h, 24h, 7d, 30d, never).
• An optional paste password if you set one. The server stores only the SHA-256 hash of the password; the plaintext password is never persisted on the server.

We do not attach any account identifier, advertising identifier, device identifier, IP-based fingerprint, email, name, or contact list to these requests. The service is anonymous — there is no sign-in.

Standard web-server access logs (timestamp, IP address, user-agent, requested path) are retained for up to 14 days for abuse mitigation and then deleted. These logs are never sold or shared.

2. What the app stores on your device

The app keeps a local history of pastes you have created on this device:

• Paste ID, public URL, language, expiry choice, creation timestamp, and a flag indicating whether you set a password.

It does not store the paste content locally. When you re-open a paste, the app re-fetches the content from the server.

Passwords are never saved on the device. If a paste is password-protected, you will be prompted each time you view it.

You can clear the on-device history at any time via Settings → Clear all history. This does not remove the paste from the public server.

3. Crash reporting and analytics

To help us fix bugs, the app uses Google Firebase Crashlytics to collect crash reports (stack traces, device model, OS version, app version). It also uses Google Firebase Analytics to collect aggregate, anonymous usage events (such as how often the create-paste flow is completed).

Neither feature attaches your paste content, paste IDs, passwords, or any personally identifying information.

You can turn either off at any time in Settings → Privacy:

• Crashlytics opt-out — stops sending crash reports.
• Analytics opt-out — stops sending anonymous usage analytics.

Choices are applied immediately and persist on the device.

4. Advertising

The app displays a single banner advertisement at the bottom of the history screen, served by Google AdMob (Google Mobile Ads SDK). AdMob is what funds the free backend hosting.

To serve and measure ads, AdMob receives:

• Your device’s Google Advertising ID (a resettable ID controlled from your Google account settings).
• Coarse signals such as device model, OS version, app version, and IP address (used to derive approximate country/region only).
• Whether an ad was viewed or tapped.

AdMob does not receive your paste content, paste IDs, passwords, the URLs of pastes you create, or your local history.

You can control how ads are personalised:

• Personalised vs non-personalised: in your device settings, go to Google → Ads and toggle “Opt out of Ads personalisation”. The banner will still appear but will be non-personalised.
• Reset advertising ID: same screen, “Reset advertising ID” generates a fresh ID.
• Delete advertising ID (Android 12+): also available on the same screen; ads will appear but cannot use the ID.

For full detail on how Google uses this data, see Google’s advertising privacy notice.

5. Permissions

The app requests only the INTERNET permission. It does not access your contacts, camera, microphone, files outside what you explicitly share into it, location, or any other sensitive resource.

When you share text from another app into ByteGuard Paste via the system share sheet, only that text is delivered to the app — Android does not grant access to the source app’s other data.

6. Children

The app is not directed at children under 13. We do not knowingly collect personal information from children.

7. Data location and retention

Pastes are stored on a server hosted in the European Union (Hetzner, Germany) and are deleted automatically when their expiry window passes. Server access logs are retained for up to 14 days. Crash and analytics data are processed by Google in accordance with the Firebase data-processing terms.

8. Your rights

Because the service is anonymous, we do not hold an account record tied to you. You can:

• Delete any paste you created by letting it expire, or by waiting for it to be evicted by the next-access cleanup.
• Disable Crashlytics and Analytics in the app settings.
• Email enim@byte-guard.net with any privacy question or request.

9. Changes

If this policy changes, the new version will be published at this URL with an updated effective date.