Privacy Policy
Last updated: April 2, 2026
Core principle
PARAMANT collects no personal data.
No account required for ParaShare Free. No email. No phone number. No IP logging. No cookies. No tracking pixels. No analytics. No advertisements.
How Ghost Pipe & ParaShare work
All files are encrypted client-side in your browser using post-quantum cryptography (ML-KEM-768 + ECDH P-256 + AES-256-GCM + HKDF-SHA256) before they ever reach our servers. The relay never sees plaintext at any point.
Files are split into 5 MB encrypted chunks. Each chunk exists only in RAM on our relay server and is permanently and irreversibly destroyed after the first download (burn-on-read). Encrypted payload data is never written to disk. The only data persisted to disk is cryptographic hashes in the public Certificate Transparency log — no file content, no keys, no plaintext.
Free tier blobs expire after 1 hour maximum. Pro blobs after 24 hours. Enterprise blobs after 7 days. All are destroyed earlier if downloaded.
What we process
| Data | Purpose | Storage | Shared |
|---|---|---|---|
| Encrypted blob (5 MB padded chunks) | One-time secure transfer | RAM only · burn-on-read | Never |
| SHA-256 hash of blob | Routing & delivery confirmation | RAM only · deleted on burn | Never |
| API key (Pro/Enterprise) | Authentication & rate limiting | Loaded from config at startup | Never |
| Device ID (SDK users) | Key routing between sender and receiver | RAM only · cleared on restart | Never |
| Device ID hash (CT log) | Public tamper-evident audit log | Disk · /data/ct-log.json · SHA-256 one-way hash only | Never |
| Aggregated relay statistics | System health monitoring | In-process counters only | Never |
What we never do
- Store personal data of any kind
- Log or store IP addresses beyond what Cloudflare handles in transit
- Use cookies or browser fingerprinting
- Run advertising or tracking scripts
- Share any data with third parties
- Write file data to disk at any point
Local storage in your browser
For technical functionality, the following data is stored locally in your browser only. It never leaves your device:
- ECDH + ML-KEM key pairs — generated locally for end-to-end encryption (SDK / Ghost Pipe sessions)
- Nonce registry — replay-attack protection (SDK sessions)
- Free tier usage counter (
ps_free_uses) — today's date and upload count, used to enforce the 10/day limit client-side - Docs access key (
pm_docs_key) — stored if you authenticate to the Docs with a paid API key
You can delete all local data at any time: browser settings → paramant.app → Clear site data.
Servers & jurisdiction
All relay servers run on Hetzner infrastructure in Frankfurt, Germany (EU/DE). There is no infrastructure in the United States or outside the EU. No CLOUD Act exposure. All data is subject to EU/GDPR jurisdiction only.
Cloudflare
Incoming traffic passes through a Cloudflare Tunnel for DDoS protection and SSL termination. Cloudflare acts as a reverse proxy and may log connection metadata (IP address, timestamp, bytes transferred) in accordance with their own privacy policy. PARAMANT does not receive, store, or use this metadata. No Cloudflare analytics, Workers, or tracking products are in use.
Payments (Pro / Enterprise)
Payment processing is handled by Stripe. PARAMANT never sees or stores full card numbers. Stripe's privacy policy governs the payment data they handle. Only your chosen plan and an anonymised customer reference are stored on our side.
GDPR / AVG
Because virtually no personal data is processed, standard heavy administrative obligations under GDPR do not apply to most interactions. For Pro and Enterprise customers, we provide a Data Processing Agreement (DPA) on request.
Temporary relay data is never retained longer than the applicable TTL (1 hour for Free, 24 hours for Pro, 7 days for Enterprise). In practice it is destroyed much earlier on download.
Children
PARAMANT is not directed at children under 13. We do not knowingly collect data from minors.
Changes to this policy
We may update this policy. Material changes will be noted via the "Last updated" date above. Continued use of the service after a change constitutes acceptance.
Contact
Questions about this Privacy Policy? Email info@paramant.app.