How EasyToPaste works
Private sharing that is provably private — not just promised.
The 20-second version
You type or pick a file. Your browser scrambles it with a strong encryption key. That key is baked into the link. We store only the scrambled version. When the recipient opens the link, their browser uses the key in the link to unscramble it — entirely on their device. We never had the key. We never saw the content.
What we can and can't see
| EasyToPaste can see | EasyToPaste can never see |
|---|---|
| That a secret exists, its type and size | The contents of any secret |
| When it was created, opened, or expired | The decryption key or passphrase |
| Who created it (if signed in) | The file name's contents or the text |
| Org metadata for audit (Team tier) | Anything an admin could decrypt — they can't |
The data flow
For the technically curious
Content is encrypted with AES-256-GCM in the browser via the Web Crypto API. The 256-bit key is generated with crypto.getRandomValues and encoded as base64url in the URL fragment (#k=…). The fragment is never sent in HTTP requests — it is browser-only. The server receives and stores only ciphertext. Mode B (Code + Passphrase) derives the key via Argon2id (WASM, 64 MiB memory, 3 iterations) — the passphrase never leaves the browser.