Privacy Policy

Last updated: September 4, 2025

🛡️ Privacy-First Commitment: We don't store your shared content. Period.

1. Our Privacy Philosophy

ZeroHost is built on the principle of "privacy by design." Our core belief is simple: you can't breach what doesn't exist. We've architected our service to collect the absolute minimum data necessary to operate while ensuring your shared content is automatically and permanently deleted.

2. What We DON'T Collect

  • Shared Content: We never log, backup, or permanently store the text you share
  • Personal Information: No names, emails, or personal identifiers required for basic use
  • Browsing History: We don't track what you do outside of ZeroHost
  • Location Data: We don't collect or store your geographic location
  • Device Information: We don't profile your devices or browsers

3. What We DO Collect (Minimal Data)

3.1 Technical Data for Service Operation

  • IP Address: Used for rate limiting and abuse prevention (not stored long-term)
  • Usage Metrics: Share count and rate limiting data (expires automatically)
  • Share Metadata: Creation time, expiry time, and view count (not linked to you personally)

3.2 Premium Account Data (Optional)

  • Email Address: Only for premium accounts, used for billing and support
  • Payment Information: Processed securely by Stripe (payment data never reaches or is stored by ZeroHost)
  • Stripe Customer ID: We store only the Stripe customer identifier to manage your subscription
  • API Usage: Request counts and rate limiting for premium features

4. How We Protect Your Data

4.1 Encryption

  • In Transit: All data is encrypted using TLS 1.3
  • At Rest: Shared content is encrypted using AES-256 in secure cloud storage
  • Password Protection: Optional passwords are hashed using SHA-256

4.2 Automatic Data Deletion

  • Ephemeral Storage: All shared content is automatically deleted after expiry (1 hour to 30 days)
  • No Backups: We maintain no backups or copies of your shared content
  • Burn After Reading: Optional immediate deletion after first view
  • Usage Data TTL: Rate limiting data expires automatically within 24 hours

4.3 Security Measures

  • Infrastructure Security: Enterprise-grade cloud security with restricted access policies
  • Rate Limiting: Protection against abuse and automated attacks
  • Input Validation: All content is sanitized and size-limited (1MB max)
  • No Logging: We don't log the content of your shares

5. Third-Party Services

We use minimal third-party services, all selected for their privacy and security standards:

  • Cloud Infrastructure: Amazon Web Services (AWS) with encryption and automatic lifecycle processes
  • Payment Processor: Stripe for premium accounts (payment data is processed by Stripe and never touches our servers)
  • Content Delivery: Cloudflare CDN for fast, secure content delivery with DDoS protection

We have data processing agreements with all service providers to ensure they meet our privacy standards.

6. Data Retention

  • Shared Content: Automatically deleted according to expiry time you set (1 hour to 30 days maximum)
  • Usage Data: Rate limiting data expires within 24 hours
  • Account Data: Premium account information retained only while account is active
  • Logs: Technical logs (no content) retained for 30 days maximum for security monitoring

7. International Data Transfers

ZeroHost is operated from Queensland, Australia, but your data is processed in secure AWS data centers in the United States (us-east-2 region) for optimal cost and performance. We ensure appropriate safeguards are in place for international transfers, including:

  • AWS adherence to international privacy frameworks and SOC 2 compliance
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Minimal data collection and automatic deletion (ephemeral by design)
  • Compliance with Australian Privacy Principles and GDPR requirements

8. Children's Privacy

ZeroHost is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or for legal reasons. We will:

  • Update the "Last updated" date at the top of this policy
  • Post updates prominently on our website

Continued use of ZeroHost after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

  • Email: [email protected]
  • Response Time: We aim to respond within 48 hours
  • Privacy Team: Available for privacy concerns and data requests

🔒 Our Promise

ZeroHost was built from the ground up with privacy as the core principle. We've designed our entire architecture to collect as little data as possible and automatically delete what we do collect. Your privacy isn't an afterthought—it's the foundation of everything we do.