Paste / private clipboard

How encryption works Get Paste

One notepad · every device · fully encrypted

One notepad.
Every device you own.

Copy on your laptop, paste on your phone. Jot something here — it's already there. Paste is one private notepad that follows you everywhere, fully encrypted on your device before it ever syncs. No account. No cloud. Nothing to set up.

Get Paste — it's free See the encryption

No accounts, ever Encrypted on-device Open source & auditable Open verifier included Offline-first

MacBook · Paste

Copied on this Mac

Sealed with a local-only key · syncing peer-to-peer…

iPhone

Recent on your phone

Sealed clip — tap to decrypt

Sealed note · 2h

Tap-to-decrypt: lists stay sealed — an item is decrypted only when you open or copy it.

Open source · auditable

Don't trust us. Read the code.

Every byte of Paste — the encryption envelope, the sync engine, the relay client, the verifier — is open source. Read it, fork it, run your own verifier against it. Security you can't inspect isn't security.

View the source Run the verifier

paste / backend

$ git clone github.com/paste-app/paste
✓ 4,058 lines of backend
✓ 17 security tests, 65 total — all green
✓ independent verifier CLI
licensed permissively, audit at will.

1 notepad

every device you own — copy here, paste there

0 bytes

of plaintext sent to relays — ciphertext only

<30ms

local search across 10,000 notes

XChaCha20

Poly1305 AEAD · signed per device

Features

Everything you copy, where you need it — and nothing where you don't.

Copy here, paste there

Copy on your laptop, paste on your phone seconds later. Text, links and code snippets follow you across your own devices.

Private notes

Keep snippets as plain, markdown, or code notes. Pin the ones you paste all the time. Bodies and titles are always encrypted.

Instant local search

Find any clip or note in under 30 ms across 10,000 entries — searched on your device, against a private local index.

Tap-to-decrypt

Lists show sealed rows — no decrypted previews sitting in memory. A single item is decrypted only when you open or copy it, then cleared.

Pair a device in seconds

Add a device with a QR scan, a short code, or your recovery phrase. Each device gets its own signing key — revoke any of them anytime.

Offline-first

Your notes live on your device and work with zero network. When devices reconnect, changes converge automatically — no conflicts lost.

Available when devices sleep

Optional relays store encrypted blocks so a clip is waiting even if every device was offline when you copied it. They never see plaintext or keys.

Recovery phrase, not passwords

A 24-word phrase restores everything on a new device. There's no password reset because there's no account on a server to reset.

Prove it yourself

Paste ships a one-click verifier — and a standalone CLI — that scans local storage and relay exports for any plaintext. Don't trust us; check.

Security model

Encrypted on your device. Always.

Your notes are encrypted on your device before they enter the peer-to-peer network. Relays store ciphertext only. We'd rather show you than ask you to trust us.

Local-only keys

Content is sealed with XChaCha20-Poly1305 using keys derived on your device from your recovery phrase. Keys never cross the network or the app's UI boundary.

Relays store encrypted blocks

Relays keep your encrypted blocks available when every device is asleep. They can see ciphertext and network metadata — never note plaintext or your keys.

Signed & tamper-evident

Every change is signed by an authorized device key. Receivers reject unsigned or unauthorized operations; modified ciphertext fails its authentication tag.

Verifiable, not just promised

Run the built-in verifier (or the independent CLI) to scan local stores, relay exports, and logs for known plaintext markers and confirm everything stored is AEAD-encrypted and signed.

Open source & auditable

The crypto envelope, sync engine, relay client and verifier are all open source — every line is readable, forkable, and independently re-implementable. Security you can't inspect isn't security.

paste — encryption proof

$ paste --verify-encryption

Local encryption     passed
Storage scan        no plaintext found
Log scan            no plaintext found
Op signatures       valid · active device set
Revoked-device test rejected after rotation
Relay custody       ciphertext root verified

Limit: this does not prove physical deletion
from third-party disks. Paste deletes by
destroying keys (cryptographic erasure).

RESULT: PASS  — don't trust us, re-run it.

How it works

Up and running in three steps.

Create your vault

Open Paste. It generates a vault on-device and shows your 24-word recovery phrase once. Write it down — it's the only key.

Pair a device

On a second device, scan the QR or enter the short code. The two devices handshake directly and exchange an encrypted bootstrap.

Copy & paste

Copy anywhere. It's sealed locally and syncs peer-to-peer. Open or copy an item on any paired device to decrypt just that one.

One vault, every device

Built on the Pear peer-to-peer stack.

The same encrypted core runs everywhere. Desktop ships today via the Pear runtime; native installers and mobile builds are in active development.

macOS

Available

Linux

Pear · native soon

Windows

Pear · native soon

iOS

In development

Android

In development

Radical honesty

What we promise — and what we won't.

Security marketing is full of absolutes. Ours isn't. Knowing the exact edges of a guarantee is the guarantee.

What Paste guarantees

Note & clipboard bodies are encrypted with local-only keys before storage or replication. Every operation is signed by an authorized device key. Integrity is checked with AEAD tags and append-only logs. Relays receive ciphertext only. Anyone can run the verifier.

What we will not claim

Not anonymous — peers and relays can learn network metadata unless you add your own Tor/VPN transport. Not provable remote deletion — we destroy keys, but can't prove a third party didn't keep ciphertext. No "unbreakable." We tell you the limits in the app, the docs, and right here.

Questions

Straight answers.

Do you have my notes?+

No. There is no Paste server holding your content. Your devices replicate directly, peer-to-peer. Optional relays only ever hold ciphertext so a clip is available when your devices are asleep — they cannot read it.

What if I lose my device?+

Install Paste on a new device and restore with your 24-word recovery phrase. That phrase is the only thing that can rebuild your vault — keep it somewhere safe and offline.

Is it anonymous?+

No — and we won't say otherwise. Peer-to-peer peers and relays can observe network metadata (timing, sizes, IP-level connection facts) unless you route Paste over your own privacy transport. We protect the content of your notes, not the fact that traffic exists.

Can you delete my data off a relay?+

Paste deletes by destroying the keys (cryptographic erasure), which makes retained ciphertext unreadable. We can request non-serving where a relay supports it, but we cannot prove a third-party operator never kept a copy of ciphertext. Honest beats absolute.

Is there a login or cloud account?+

None. No email, no password, no cloud account. Your recovery phrase and your devices are the whole system. Nothing to breach on a server because there is no server with your data.

How do I know the encryption is real?+

Run it. Paste ships a built-in proof screen and a standalone CLI verifier that scan local storage, relay exports and logs for plaintext markers and validate every stored record is encrypted and signed. The source is open for independent verifiers.

One notepad. Everywhere you go.

Stop emailing yourself snippets and pasting secrets into chat. One fully-encrypted notepad, on every device you own — with nothing on anyone else's servers and nothing to sign up for.

Download Paste Run the verifier first Read the source

Free · no account · open source & auditable · open verifier · macOS today, more platforms in development