Redact·Agent·Diff·Markdown·JSON·Rich Text·Logs·API docs·Pricing·privacy-first · self-hosted

— disposable clipboard

Share it.
Read it.
Gone.

Paste text or upload a file, get a 6-digit code, and share it once. Sensitive text is encrypted in your browser — the server never sees plaintext.

Share between phone and laptop with a code — gone after 10 minutes, no link left behind.

01 push · 02 share code · 03 pull once

10min

Hard TTL — no exceptions

6digits

No links, no URLs

10MB

Per transfer, max

1tap

Magic-link sign-in

Paste text or a file, get a 6-digit code. Recipient enters it once — then it's gone.

tool // logs

Logs Paste

Turn raw terminal or server output into a readable snapshot. Share a 6-digit code — recipient enters it below.

Push: generate code · Pull: enter code·API docs

Enter code to retrieve

Have a passphrase?

// how_it_works()

01

Push

Paste text or drop a file. Hit generate. You receive a fresh 6-digit code tied to your content.

02

Tell them the code

Say it out loud, type it in chat, or show your screen. One-time code sharing means no URLs to copy and paste.

03

Pull on any device

Enter the 6 digits anywhere. Content appears, then is permanently erased from the server.

// security

Designed to
leave no trace.

Every technical decision optimises for minimum data exposure. Here is what we actually do — not what we claim.

Zero-knowledge text shares: Sensitive mode encrypts in your browser before upload (AES-GCM). The server stores ciphertext only — your passphrase never leaves your device.
Burn after reading: Content is deleted from storage in the same atomic operation as the read. There is no second retrieval — ever.
Cryptographically secure codes: Content is generated using Node's crypto.randomInt(), not Math.random(). Outputs cannot be predicted from prior observations.
Strict MIME allowlist: Only known-safe formats are accepted: images, documents, archives, audio, video, and fonts. Validation is server-side against a hardcoded list — filename extensions are ignored. SVG is permanently blocked.
Atomic write (SET NX): Redis SET NX guarantees only one writer can claim a code. Two concurrent pushes cannot silently collide and overwrite each other.
Rate-limited API: Both endpoints are capped at 10 req/min/IP. Brute-forcing all 900 000 possible codes at this rate would take over 62 days.
Zero logs: No IPs, no user-agents, no content hashes are persisted. We record nothing that could identify what was shared or by whom.

// use_cases()

Disposable notes

Share short-lived notes without leaving a permanent URL behind.

Redacted support paste

Strip API keys in the browser before support sees your logs or .env.

Agent handoff

Give Cursor or MCP a code and instructions — not the secret in chat.

Quick diff sharing

Send code or text changes instantly with a single 6-digit code.

JSON & log snapshots

Share API payloads or server logs with specialized one-time viewers.

Markdown previews

Share rendered content without exposing raw files or links.

// api_access()

Disposable clipboard API
for one-time transfers.

A simple REST API for CI pipelines, scripts, and integrations. Authenticate with a Bearer token and transfer anything your plan allows.

API Starter

→ 10 MB per upload
→ 1,000 requests / day
→ 1-hour TTL

Pro

→ 100 MB per upload
→ Unlimited requests
→ 24-hour TTL

example

# Push text
curl -X POST https://fastpaste.dev/api/v1/clip   -H "Authorization: Bearer <your-key>"   -H "Content-Type: application/json"   -d '{"text": "hello world"}'

# → {"code":"482193","expires_in":3600,"requests_remaining":999}

# Pull content
curl https://fastpaste.dev/api/v1/clip/482193   -H "Authorization: Bearer <your-key>"

Keys provisioned automatically on purchase via Polar.sh. Read the disposable clipboard API reference →

// our_commitment

Minimal data.
By design.

FastPaste was built around a single principle: retain nothing that you don't have to. The server holds exactly one thing — the payload you chose to share — and only until it is claimed or the 10-minute clock expires. At that point it is gone, with no backup copy and no logs.

We don't use passwords or permanent accounts. Optional magic-link sign-in saves your free daily quota across devices — nothing more is stored about you. We never log IP addresses because they would be personally identifiable data we have no reason to store. We use self-hosted Umami analytics and Microsoft Clarity for product quality — no ad or marketing trackers on this page.

The server is self-hosted — your content is never routed through a CDN or a third-party storage bucket. Codes are generated with a cryptographically secure PRNG. All API endpoints enforce strict input validation, file-type allowlists, and IP-based rate limiting.

// popular_searches

Looking for secure temporary file sharing?

FastPaste is built for disposable one-time transfers of text and files. Explore pricing and API documentation below.

Secure file sharing pricing Disposable clipboard API docs Compare one-time sharing tools View public status page

Need implementation patterns? Browse secure sharing guides.