What input formats does pasteAnything support?

pasteAnything supports plain text, CSV, terminal output, email data, screenshots, photos, and scanned documents. Any unstructured content can be converted to structured JSON.

How fast does the API return structured JSON?

Most requests complete in under 1 second. The API returns clean, structured JSON with columns, rows, and metadata in a single call.

Do I need a credit card to start?

No. You get 10 free imports when we launch. No credit card required.

Privacy Policy — pasteAnything

1. Data Controller

pasteAnything ("we", "us", "our") is the data controller responsible for your personal data. Contact: hi@paste-anything.com

2. Information We Collect

Personal Data:

Account Information: Email address, name (via Clerk authentication)
API Credentials: API key metadata (creation date, last used, status)
Usage Data: Request counts, timestamps, rate limit status
Technical Data: IP address (for security and fraud prevention), user agent

Data We Do NOT Store:

API request payloads (text, images, CSV files you submit)
Extracted/transformed data results
File contents or attachments

All API requests are processed in-memory only and immediately discarded after response.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on:

Contract Performance (Art. 6(1)(b)): To provide API services, manage your account, and enforce usage limits
Legitimate Interests (Art. 6(1)(f)): Fraud prevention, security monitoring, service improvement
Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations
Consent (Art. 6(1)(a)): Analytics cookies and optional marketing communications (where applicable)

4. How We Use Your Information

Provision and management of your API key
Authentication and account security
Enforcement of usage limits and abuse prevention
Transactional emails (account events, security alerts)
Service performance monitoring and improvement
Compliance with legal obligations

5. Data Retention

API Request Data: Never stored (processed in-memory only)
Account Data: Retained while your account is active
Usage Metadata: Retained for 12 months for billing and analytics
Security Logs: Retained for 90 days
After Account Deletion: All personal data deleted within 30 days, except where legal retention is required

6. Third-Party Services & Data Processors

We use the following GDPR-compliant third-party processors:

Clerk (USA) — Authentication and user management. Privacy Policy
OpenAI (USA) — AI-powered data extraction. Your request content is sent to OpenAI for processing. Privacy Policy
Unkey (USA) — API key management and rate limiting. Privacy Policy
PostHog (USA/EU) — Product analytics and usage tracking. Privacy Policy

All processors are bound by Data Processing Agreements (DPAs) and comply with GDPR requirements.

7. International Data Transfers

Your data may be transferred to and processed in the United States and other countries outside the European Economic Area (EEA). We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Processor commitments to GDPR-equivalent data protection standards

8. Cookies & Tracking

We use the following cookies:

Essential Cookies: Authentication session (Clerk), required for service functionality
Analytics Cookies: PostHog analytics (with your consent where required)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect service functionality.

9. Your Rights (GDPR Chapter III)

Under GDPR, you have the following rights:

Right of Access (Art. 15): Request a copy of your personal data
Right to Rectification (Art. 16): Correct inaccurate personal data
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Right to Restriction (Art. 18): Limit how we use your data
Right to Data Portability (Art. 20): Receive your data in a machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests
Right to Withdraw Consent (Art. 7(3)): Withdraw consent for consent-based processing
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, email us at hi@paste-anything.com. We will respond within 30 days as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit (TLS 1.3) and at rest
API key authentication via Unkey with rate limiting
Regular security audits and monitoring
Access controls and least-privilege principles
No persistent storage of sensitive request payloads

11. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33-34.

12. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. Continued use after changes constitutes acceptance.

14. Contact & Data Protection Officer

For privacy-related questions or to exercise your rights:

Email: hi@paste-anything.com

Data Protection Officer: dpo@paste-anything.com

EU Representative (if applicable): To be designated if required under GDPR Art. 27