Ephemeral means it does not store anything on a form of persistent storage (like a HDD or a SSD), but instead only keeps it in RAM for the selected duration (between 1 and 24 hours as of now).
FOSS means that the source-code is available for free for anyone who might want to self-host it, or extend it (Source-code).
As general logging, we only collect your IP. This is solely for cases where someone tries to abuse our services, to be able to block them out.
Every paste is stored in ephemeral memory (RAM, through Redis configured to not persist anything), with an auto-expiry set to, at maximum, 24 hours.
Following that, we don't persist anything, and once the expiry time is passed, or the server (/ redis instance) rebooted, everything is forgotten.
Except for the possible exception above, we don't collect anything. No, really. The person behind this is very privacy-conscious, so they'll always try to only keep the necessary data, and nothing more. No ad, no tracker in any form, period.
We employ good methods to keep data secure. Not digging into details, but the usual stuff, like a good firewall, monitoring system, and no apparent openflow.
There's only one person who's technically authorized to be on the hosting servers, so only one person should be able to have access.
Note that we're not saying that our servers and services are unbreakable and perfect, but that we try to do our very best to prevent any possibility for such incidents to occur.
Incident or vulnerability disclosure
If you managed to encounter an incident or a vulnerability in our
infrastructure, we'd gladly receive your feedback and alerts by
Responsible disclosure will allow us to recover and fix those incidents without much risk, allowing us to provide you our services with as much quality as we can manage to.
Plus, you may receive a special mention or some small token of appreciation!