Your clipboard contains some of your most sensitive information — passwords, API keys, personal messages, financial data, screenshots of confidential documents. Traditional clipboard managers store all this in plain text, creating a security risk you might not even be aware of.

PasteRheo takes a different approach: privacy by design. Every feature is built with security in mind, from encrypted storage to local-first architecture. Here's how we protect your data.

Local-First Architecture

The most secure data is data that never leaves your device.

Everything Stays on Your Machine

No Cloud by Default: Your clipboard history is stored locally on your device, not on remote servers
No Account Required: Start using PasteRheo immediately without creating an account or sharing personal information
Optional iCloud Sync: If you choose to enable iCloud sync, data is encrypted before leaving your device and only you can decrypt it

What This Means for You

No Data Breaches: If a server gets hacked, your data isn't there to steal
No Tracking: We don't collect analytics, usage data, or telemetry
Full Control: You decide what stays, what syncs, and what gets deleted

Military-Grade Encryption

PasteRheo uses industry-standard encryption to protect your data at rest.

Database Encryption (SQLCipher)

Your entire clipboard history is stored in an encrypted SQLite database using SQLCipher:

AES-256 Encryption: The same encryption standard used by governments and militaries worldwide
Encrypted at Rest: Even if someone gains physical access to your device, they can't read your clipboard history
Transparent Operation: Encryption happens automatically — you don't need to do anything

Image Encryption (AES-256-GCM)

Screenshots and images get special treatment:

AES-256-GCM: Advanced encryption with authenticated encryption mode
Separate Encryption: Images are encrypted individually, not just as database entries
Secure Storage: Encrypted image files are stored in a protected directory

Keychain Integration

Encryption keys are never stored in plain text:

System Keychain: Encryption keys are stored in your operating system's secure keychain (macOS Keychain, Windows Credential Manager)
Hardware Protection: On supported devices, keys are protected by hardware security modules
No Key Exposure: Keys never appear in memory dumps or log files

Smart Content Detection

PasteRheo automatically recognizes sensitive content and handles it appropriately.

Credential Detection

The app recognizes common credential formats:

JWT Tokens: Automatically detected and decoded to show expiration status
API Keys: Patterns like sk-..., ghp_..., AKIA... are recognized
Environment Variables: .env file format detection
Base64 Encoded Secrets: Automatically decoded to identify content type

Why This Matters

When PasteRheo knows something is sensitive, it:

Keeps it encrypted in storage
Doesn't include it in search previews
Warns you before pasting to untrusted applications
Allows you to set shorter retention periods for credentials

Privacy Controls

You have complete control over what gets stored and for how long.

History Retention Settings

Choose how long to keep clipboard history:

1 Day: For maximum privacy, auto-delete everything daily
1 Week: Balance between convenience and privacy
1 Month: Keep recent history accessible
1 Year: Long-term storage for important items
Forever: Never auto-delete (you can still manually delete items)

App Exclusion List

Prevent specific apps from being monitored:

Password Managers: Exclude 1Password, LastPass, Bitwarden, etc.
Banking Apps: Don't capture financial information
Secure Terminals: Exclude terminal apps where you work with sensitive data
Custom Rules: Add any app you want to exclude

Manual Deletion

Delete items anytime:

Single Item: Right-click and delete
Bulk Delete: Select multiple items and delete all at once
Clear All: Wipe your entire clipboard history with one click
Secure Deletion: Deleted items are overwritten, not just marked as deleted

Pause Monitoring

Sometimes you need to work with sensitive data without it being captured.

Temporary Pause

Timed Pause: Pause monitoring for 5 minutes, 15 minutes, 30 minutes, or 1 hour
Indefinite Pause: Pause until you manually resume
Visual Indicator: Clear indication when monitoring is paused
Quick Resume: Resume monitoring with a single click

Use Cases

Entering passwords or credit card numbers
Working with confidential documents
Copying sensitive data between applications
Testing or debugging without cluttering history

No Telemetry or Tracking

We don't collect data about how you use PasteRheo.

What We Don't Collect

No Usage Analytics: We don't track which features you use
No Crash Reports: Crash data stays on your device
No Search Queries: Your searches are never sent anywhere
No Content Analysis: We never see what you copy

Why This Matters

True Privacy: Your usage patterns can't be profiled or sold
No Surprises: No hidden data collection in the background
Compliance: Easier to comply with GDPR, CCPA, and other privacy regulations

Open Source Transparency

Trust, but verify.

Auditable Code

Source Available: Core security components are open source
Community Review: Security researchers can audit our encryption implementation
No Hidden Backdoors: What you see is what you get

Security Updates

Regular Updates: Security patches are released promptly
Transparent Changelog: All security fixes are documented
Auto-Update: Keep your app secure with automatic updates

Best Practices for Maximum Security

Here's how to use PasteRheo securely:

1. Set Appropriate Retention Periods

For sensitive work:

Set history retention to 1 day or 1 week
Manually delete sensitive items immediately after use
Use Pin groups for items you want to keep longer

2. Use App Exclusions

Add these to your exclusion list:

Password managers (1Password, LastPass, Bitwarden)
Banking and financial apps
Secure terminals and SSH clients
Any app that handles sensitive data

3. Pause When Needed

Pause monitoring when:

Entering passwords or credit cards
Working with confidential documents
Copying sensitive API keys or tokens
Handling personal information

4. Review Regularly

Check your clipboard history weekly
Delete items you no longer need
Review your Pin groups for outdated credentials
Update your app exclusion list

5. Keep Updated

Enable automatic updates
Review security announcements
Update to the latest version promptly

Security Features Comparison

How PasteRheo compares to other clipboard managers:

Feature	PasteRheo	Typical Clipboard Manager
Database Encryption	✅ AES-256 (SQLCipher)	❌ Plain text
Image Encryption	✅ AES-256-GCM	❌ Plain files
Keychain Integration	✅ System keychain	❌ Keys in config files
Local-First	✅ Everything local by default	⚠️ Cloud sync required
No Telemetry	✅ Zero tracking	❌ Analytics enabled
App Exclusions	✅ Flexible rules	⚠️ Limited or none
Pause Monitoring	✅ Timed and indefinite	⚠️ Manual only
Credential Detection	✅ Smart detection	❌ Treats all as text

Real-World Security Scenarios

Scenario 1: Developer Working with API Keys

Problem: You copy API keys and database credentials throughout the day. If your clipboard manager is compromised, all your production systems are at risk.

PasteRheo Solution:

All credentials are encrypted in the database
Set retention to 1 day for auto-deletion
Use Pin groups for long-term credentials (still encrypted)
Exclude your password manager from monitoring
Pause monitoring when entering master passwords

Scenario 2: Financial Professional

Problem: You work with sensitive financial data, client information, and confidential reports. Clipboard history could expose insider information.

PasteRheo Solution:

Exclude banking and financial apps
Set short retention period (1 day)
Manually delete sensitive items immediately
Use pause feature when working with confidential documents
No cloud sync — everything stays local

Scenario 3: Healthcare Worker

Problem: Patient information (PHI) must be protected under HIPAA. Clipboard managers could create compliance issues.

PasteRheo Solution:

Local-first architecture — no cloud storage
Encrypted database protects PHI at rest
App exclusions for medical software
Short retention periods
No telemetry — no data leaves your device

Scenario 4: Security Researcher

Problem: You work with exploits, vulnerabilities, and sensitive security information. Your clipboard could contain proof-of-concept code or credentials.

PasteRheo Solution:

Pause monitoring during security research
Exclude terminals and security tools
Manual deletion of sensitive findings
No cloud sync to prevent data leakage
Open source code for security audit

Compliance and Regulations

PasteRheo helps you comply with privacy regulations:

Data Minimization: Only stores what you explicitly copy
Right to Deletion: Delete any item anytime
No Profiling: No tracking or analytics
Local Processing: Data stays on your device

CCPA (California Consumer Privacy Act)

No Sale of Data: We don't collect or sell your data
Transparency: Clear privacy policy
User Control: Full control over your data

HIPAA (Health Insurance Portability and Accountability Act)

Encryption: PHI is encrypted at rest
Access Controls: Only you can access your data
Audit Trail: Local logs for compliance
No Cloud: Avoid cloud storage compliance issues

What About iCloud Sync?

If you enable optional iCloud sync:

How It Works

End-to-End Encryption: Data is encrypted before leaving your device
Apple's Infrastructure: Uses Apple's secure iCloud infrastructure
Your Keys: Only you have the decryption keys
Selective Sync: Choose what to sync (Pin groups only, or all history)

Security Considerations

Trust Apple: You're trusting Apple's iCloud security
Device Authentication: Only your authenticated devices can access synced data
Encryption in Transit: Data is encrypted during transmission
Encrypted at Rest: Data is encrypted on Apple's servers

When to Use iCloud Sync

✅ Good for:

Syncing Pin groups across your devices
Backing up important clipboard items
Convenience across Mac, iPad, iPhone

❌ Avoid if:

You work with highly sensitive data
Your organization prohibits cloud storage
You need maximum security (local-only is more secure)

Monitoring network traffic (PasteRheo makes no outbound connections except for updates)
Reviewing the open source security code
Running in airplane mode (everything works offline)

Q: What if PasteRheo gets hacked?

A: Even if an attacker compromises the PasteRheo application:

Your data is encrypted at rest
Encryption keys are in the system keychain, not the app
Local-first architecture means no central server to breach
Each user's data is isolated and separately encrypted

Conclusion

Privacy isn't just a feature — it's the foundation of PasteRheo's design.

What makes PasteRheo secure:

Military-grade encryption (AES-256)
Local-first architecture
System keychain integration
No telemetry or tracking
Smart credential detection
Flexible privacy controls
Open source transparency

Your data, your control:

Choose what to store and for how long
Exclude sensitive apps
Pause monitoring when needed
Delete anytime
Optional cloud sync (encrypted)

In a world where data breaches are common and privacy is increasingly rare, PasteRheo gives you a clipboard manager you can trust.

Download PasteRheo today and take back control of your clipboard privacy.