Privacy policy
Last updated: 2026-05-13
1. Introduction
This privacy policy describes how MSK Paste processes your data. We follow a privacy-first approach: only the data strictly required for the service is collected.
2. Data controller
Controller in the sense of the GDPR: Moritz Kohm c/o Impressumservice Dein-Impressum Stettiner Str. 41 35410 Hungen Germany Email: info@msk-scripts.de
3. Data protection officer
The appointment of a data protection officer is not required by law in this case. For privacy-related inquiries, please contact the controller directly at info@msk-scripts.de.
4. Hosting & server log files
This website is operated on servers of netcup GmbH (DaimlerstraĂźe 25, 76185 Karlsruhe, Germany). A data processing agreement pursuant to Art. 28 GDPR has been concluded with netcup. When the website is accessed, the hosting provider automatically collects technical information in server log files (browser type, operating system, referrer URL, hostname, time of request, IP address). This data is processed exclusively for the purposes of technical operation, stability and security and is deleted as soon as it is no longer required to achieve these purposes. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in error-free technical provision).
5. Data we process
When you create a paste, the following data is stored: • the content you entered • an optional title • the selected programming language • an optional bcrypt hash of your password • expiration date and the "burn after read" flag • an automatically generated delete token • the paste size in bytes • the creation timestamp • an HMAC-SHA-256 hash of your IP address for rate limiting (GDPR compliant) The original IP address is never stored and cannot be reconstructed from the hash.
6. Legal bases for processing
We process your data on the following legal bases: • Art. 6 (1) (b) GDPR (contract performance) – for providing the paste service • Art. 6 (1) (f) GDPR (legitimate interest) – for rate limiting, abuse prevention and the secure operation of the website • Art. 6 (1) (c) GDPR (legal obligation) – where statutory retention or disclosure obligations apply
7. Cookies
We set exactly one cookie: NEXT_LOCALE stores your language preference (DE/EN) for 12 months. It is technically necessary and not used for advertising or analytics. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a convenient language selection).
8. No tracking
No analytics tools (Google Analytics, Plausible, Matomo, …) are used. No GeoIP resolution happens. No third-party scripts are loaded.
9. Retention
Pastes are automatically and permanently deleted after their chosen expiration window. "Burn after read" pastes are wiped immediately after the first successful view. You can delete a paste at any time using its delete token. IP hashes used for rate limiting are kept only briefly in memory and are automatically discarded after one hour. Server logs are deleted as soon as they are no longer required for the technical operation and security of the service.
10. Your rights
Under the GDPR you have the following rights: • Access to the data stored about you (Art. 15 GDPR) • Rectification of incorrect data (Art. 16 GDPR) • Erasure of your data (Art. 17 GDPR) • Restriction of processing (Art. 18 GDPR) • Data portability (Art. 20 GDPR) • Objection to processing (Art. 21 GDPR) • Withdrawal of consent given, with effect for the future • Complaint to a supervisory authority (Art. 77 GDPR) To exercise these rights, please email info@msk-scripts.de. Because we store no accounts, identification beyond the data stored with the specific paste is not possible.
11. No automated decision-making
Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place on this website.
12. Competent supervisory authority
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for the controller is: The State Commissioner for Data Protection and Freedom of Information Baden-WĂĽrttemberg LautenschlagerstraĂźe 20 70173 Stuttgart, Germany Phone: +49 711 615541-0 Email: poststelle@lfdi.bwl.de Web: https://www.baden-wuerttemberg.datenschutz.de
13. Security
Passwords are stored as bcrypt hashes (cost factor 12) only. All connections are encrypted via HTTPS (TLS). The server runs with current security updates and a firewall in place.
14. Webfonts & third parties
Web fonts (Inter, JetBrains Mono) are bundled into the application at build time via Next.js's built-in font system (next/font) and served exclusively from this application's own origin. No connection to third-party servers (in particular Google Fonts) takes place at runtime. No other external scripts, fonts or tracking services are loaded.
15. Contact
For privacy-related questions please email: info@msk-scripts.de