Privacy Policy
Last updated: July 7, 2026
Overview
Clippy is an ephemeral web clipboard. We store the content you paste, optional file attachments, and settings you configure (TTL, PIN, webhooks) only for as long as your clip exists.
Data we collect
- Clip content — text, files, and metadata you upload or type into a clip.
- IP addresses — used for rate limiting and PIN brute-force protection. Not stored long-term in a user profile.
- Cookies — functional cookies: PIN unlock tokens and optional session cookies if you sign in. No analytics or advertising cookies.
- Account data — if you register, we store your email, name (optional), and bcrypt password hash.
What we do not do
- We do not sell your data.
- We do not run third-party advertising trackers.
- We do not run third-party advertising or analytics trackers.
- We do not build persistent profiles for anonymous clip users.
Retention
Clips expire based on the TTL you set (default 24 hours). A background cleanup job permanently deletes expired clips and orphan files. Burn-on-read and view limits can delete clips sooner via the API.
End-to-end encryption
When you enable E2E encryption, content is encrypted in your browser before it reaches our
servers. We store ciphertext only. The decryption key stays in the URL fragment
(#key=...) and is never sent to the server.
Your rights
You can delete a clip at any time via the API or by letting it expire. Registered users can contact us to request account deletion. For privacy questions, email security@example.com.
Cookies
We use essential cookies: PIN unlock tokens (httpOnly, 24 hours) and session cookies for signed-in users (httpOnly, 30 days). No cookie consent banner is required because we do not use non-essential cookies.
Changes
We may update this policy. Material changes will be reflected on this page with an updated date.