Temporary File Sharing

Fast, secure, and effortless

Maximum 2 GB per upload

Ctrl+V to paste text or files

Paste text for code snippets with syntax highlighting

Password protection

Download limit

Expires after

Add a note

Burn after reading

File will be deleted after first download

Share Code Snippet

Paste or type your code

0 lines · 0 chars

Language

Expires in

Password (optional)

Burn after reading

Snippet will be deleted after first view

Privacy Policy

Privacy-first: Minimal data, maximum protection

Privacy-First Architecture

E2EE files (with password): Encrypted in your browser before upload. The server stores only ciphertext and cannot access your file content or password.

Server-encrypted files (no password): The server processes your file (hash computation, metadata removal, virus scan), then encrypts at rest. The server has temporary access to plaintext during processing.

What We Don't Collect

Raw IP Addresses - Only SHA-256 hashes stored temporarily in memory (see note below)
User Accounts - No accounts, no profiles, no login required
Traditional Access Logs - No web server logs with IP/user-agent (we use a transparency log with hashes only - see below)
Tracking Cookies - No analytics, no third-party trackers

About IP hashing: While SHA-256 is cryptographically one-way, the IPv4 address space (~4 billion addresses) is enumerable. A determined attacker with server access could build a lookup table to match hashes. We accept this tradeoff to enable rate limiting without storing raw IPs.

What We Store (Minimal)

Encrypted files (key in memory only)
File metadata (name, size, expiration, view count)
SHA-256 file hash (for blocklist/abuse prevention)
Secret delete token (for file owner deletion)
Optional note (if provided)
Code snippets (content, language, title, expiration)

Code Snippets

Code snippets are stored in an in-memory database that is cleared on server restart. Snippet content is not encrypted server-side (unlike files) but can be password-protected with client-side encryption.

Snippets auto-delete after their chosen expiration time (1 hour to 30 days) or when download limits are reached.

Delete Link & Your Right to Erasure

Each upload generates a secret delete link containing a unique 32-character token. This link allows you to delete your file at any time before expiration.

Important: Keep your delete link private. Anyone with this link can delete your file. We cannot recover deleted files.

QR Codes

QR codes are generated entirely in your browser using client-side JavaScript. No data is sent to external services.

Temporary Security Data

Brute Force Protection: We temporarily store SHA-256 hashed IP addresses in memory (not on disk) to prevent abuse. These hashes cannot be reversed to reveal your actual IP and are automatically cleared after 1 hour.

Rate Limiting: Request counts are tracked temporarily in memory using hashed IP addresses to prevent abuse. No persistent storage, no raw IPs stored.

Third-Party Services & JavaScript Security

External Resources (CDNs & Fonts):

We load the following resources from external CDNs:

Google Fonts (fonts.googleapis.com) - Inter typeface
Cloudflare CDN (cdnjs.cloudflare.com) - Font Awesome icons
jsDelivr CDN (cdn.jsdelivr.net) - Critical: Argon2 (encryption), JSZip, QR codes, Prism.js
Tailwind CSS (cdn.tailwindcss.com) - Styling framework

When you load tmp0.cc, your browser makes requests to these CDNs. Standard HTTP request data (IP address, browser info, referrer) may be logged by these services according to their privacy policies.

Security Trust Model:

E2EE encryption depends on JavaScript from jsDelivr CDN. If jsDelivr were compromised, malicious code could theoretically intercept passwords before encryption. This is a fundamental limitation of browser-based E2EE.

Mitigations: We use Subresource Integrity (SRI) hashes to verify library integrity. For maximum security, advanced users can use our CLI tool (which doesn't depend on CDNs) or audit the source code.

Security Scanning

Virus Scanning: All uploads are scanned with ClamAV antivirus. Infected files are flagged.

Hash Blocklist: Known malicious or illegal content is automatically blocked based on SHA-256 hash.

Scanning Exceptions:

Files larger than 500 MB skip virus scanning (ClamAV memory limit)
E2EE files skip scanning (server cannot access plaintext content)

No Guarantee: Security scanning is provided on a best-effort basis. No antivirus can detect 100% of threats. Files marked as "clean" may still contain malware. Download at your own risk.

Encryption

Server-side (At-Rest): AES-256-GCM, key exists only in memory.

End-to-End Encrypted (E2EE): Argon2id key derivation (6 iterations, 256MB memory, 4 threads) + AES-256-GCM. Encryption/decryption happens entirely in your browser or CLI - the server never sees your password or plaintext.

E2EE Files: Virus scanning is automatically skipped for E2EE files because the server cannot access the plaintext content. The download page shows "Scan disabled: End-to-end encrypted".

Automatic Metadata Stripping

For server-encrypted files, we automatically strip metadata from supported file types:

Supported formats:

Images (JPEG, PNG, GIF, WebP, BMP, TIFF) - EXIF data removed (GPS, camera info, timestamps)
PDF Documents - Author, title, subject, keywords, creator software removed

Limitations:

• Other formats (Word, Excel, MP3, MP4, ZIP, etc.) are NOT stripped
• E2EE files skip stripping (server cannot process encrypted content)
• File size itself can be identifying (we do NOT pad file sizes)
• File names are NOT anonymized (visible to server for all modes)
• ZIP archives may contain files with unstripped metadata

For maximum privacy with sensitive files, use E2EE and consider stripping metadata yourself before upload.

Transparency Log (This IS a Log)

We maintain a Merkle tree-based audit log of file operations. This is different from traditional access logs:

What IS logged: File hash (SHA-256), operation type (upload/download/delete), timestamp
What is NOT logged: IP addresses, user agents, file content, file names, passwords
Merkle tree structure - Cryptographic proof that log entries cannot be altered
Publicly verifiable via API at /api/v1/transparency/*

Privacy note: If someone knows a file's SHA-256 hash, they can check the transparency log to see when it was uploaded/downloaded. This enables auditing but also means file hashes are semi-public information. For maximum privacy, use E2EE (the hash of encrypted ciphertext reveals nothing about the original file).

CLI Tool & API

A command-line interface (tmp0) is available with full E2EE support for automated workflows and power users.

All features are accessible via public API endpoints documented in the API section.

Data Retention & Deletion

Files auto-delete after their chosen expiration time (1 hour to 30 days).

Deletion method: File content is overwritten with zeros before deletion
No backups: We do not maintain backups of user files
Database entries: Metadata is deleted from the database

Limitation: On modern SSDs with wear-leveling, "secure deletion" cannot be guaranteed at the hardware level. The SSD controller may retain old data in spare blocks. For highly sensitive data, use E2EE - even if old ciphertext is recovered, it cannot be decrypted without your password.

Jurisdiction & Legal Framework

Operating Jurisdiction: Iceland

tmp0.cc operates under Icelandic law. Iceland is a member of the European Economic Area (EEA), ensuring strong privacy protections equivalent to EU standards while benefiting from Iceland's robust legal framework for digital privacy and freedom of expression.

All legal matters, disputes, and data protection inquiries are governed exclusively by Icelandic law and subject to the jurisdiction of Icelandic courts.

GDPR & EEA Data Protection Compliance

As an EEA member state, Iceland has incorporated the General Data Protection Regulation (GDPR) into national law through the Icelandic Data Protection Act (Lög um persónuvernd og vinnslu persónuupplýsinga).

Data Processing Principles:

Lawful Basis: Processing based on legitimate interest (service provision) and user consent (file upload action)
Data Minimization: We collect only data strictly necessary for service operation (see "What We Store" above)
Purpose Limitation: Data used exclusively for file hosting and security; never sold, shared, or used for profiling
Storage Limitation: Automatic deletion after user-selected expiration period (1 hour to 30 days maximum)
No Data Processor Agreements: We do not share personal data with third-party processors. All data processing occurs on our own infrastructure

Your GDPR Rights:

• Right to Erasure: Use your delete link for immediate deletion, or contact us
• Right to Access: Your file + metadata is accessible via your share link
• Right to Portability: Download your file at any time before expiration
• Supervisory Authority: Persónuvernd (Icelandic Data Protection Authority) - personuvernd.is

Government & Legal Request Policy

Our Commitment to User Privacy

We are committed to protecting user privacy to the fullest extent permitted by law. Any government or law enforcement request for user data will be subject to rigorous legal scrutiny.

Request Handling Procedure:

1. Validity Assessment: All requests are reviewed for legal validity under Icelandic law. Invalid or overly broad requests are rejected outright.
2. Jurisdictional Challenge: Requests from non-Icelandic authorities must comply with applicable mutual legal assistance treaties (MLATs) and Icelandic procedural requirements.
3. Legal Contest: We will challenge requests that we believe are unlawful, disproportionate, or infringe on fundamental rights. Legal challenges will be pursued through all available appellate channels.
4. Minimum Disclosure: If legally compelled to comply, we provide only the specific data explicitly required by a valid court order—nothing more.

Technical Limitation: For E2EE files, we cannot provide plaintext content even under legal compulsion—we do not possess decryption keys. Any disclosed data would be limited to encrypted ciphertext and minimal metadata.

Transparency Report

In the interest of transparency, we publish annual statistics on legal and takedown requests received. This report is updated annually.

Year	DMCA Requests	Government/Legal Requests	Data Disclosed
2025	0	0	0
2026	0	0	0

Last updated: February 2026 • Next update: January 2027

Backup & Data Recovery Policy

Zero Backup Architecture

tmp0.cc intentionally operates without any backup systems. This is a deliberate architectural decision to maximize privacy—not a limitation.

Infrastructure Design:

No Off-Site Backups: User files are not replicated to backup servers or cloud storage
No RAID Redundancy: Servers do not use RAID configurations that would create data copies
No Snapshot Systems: No VM snapshots, filesystem snapshots, or point-in-time recovery
Ephemeral by Design: Server failure, crash, or decommissioning results in permanent, irrecoverable data loss

User Responsibility: If you need to retain a file beyond its expiration, download a copy. We cannot recover deleted or expired files under any circumstances—this is a feature, not a bug.

Verifiability: Our zero-backup policy is verifiable through our infrastructure: single-server deployment, no replication endpoints, no backup agent processes. This architecture ensures that when data is deleted, it is truly gone—with no hidden copies to potentially surface later.

Key Management & Hardware Security

HSM-Grade Key Protection

Encryption keys for server-side at-rest encryption are managed with hardware-level security protections.

Key Management Architecture:

Hardware Security Module (HSM): Master encryption keys are stored in dedicated HSM hardware with tamper-resistant protection
Memory-Only Operations: Working keys derived at runtime and held exclusively in volatile memory—never written to disk
Key Rotation: Automatic key rotation policy with forward secrecy—compromise of current keys cannot decrypt historical data
Secure Key Derivation: Per-file keys derived using HKDF-SHA256 from master key + unique file salt

Server Restart Behavior: On server restart, the HSM is queried to re-derive the master key. If the HSM is unavailable or tampered with, the service cannot start and existing encrypted data becomes permanently inaccessible.

E2EE Independence: For E2EE files, the above infrastructure is irrelevant—your password-derived key never touches our servers. E2EE security depends solely on your password strength and client-side cryptographic implementation.

Contact

privacy@tmp0.cc

API

Overview

Endpoints

API v2

Integrations

Security

tmp0.cc API

Programmatic access to temporary file and code sharing.

Base URL

https://tmp0.cc/api

Rate Limits

Endpoint	Limit
/v1/upload	10 req/min
/file/{id}/info	30 req/min
/file/{id}/download	60 req/min (per IP), 50 req/min (per file)
/file/{id}/delete	10 attempts max (then IP blocked)
/v1/chunked/*	30 req/min
/snippet/create	5 req/min
/snippet/{id}/info	30 req/min
/snippet/{id}/content	60 req/min
/snippet/{id}/raw	60 req/min

Rate limits are per IP address (SHA-256 hashed). Headers: X-RateLimit-Remaining, X-RateLimit-Limit, Retry-After (when limited)

Quick Start

curl -X POST "https://tmp0.cc/api/snippet/create?language=python" \
  -H "Content-Type: text/plain" \
  -d 'print("Hello, World!")'

Errors

Standard HTTP status codes indicate success or failure.

Status	Description
200	Success
400	Bad request - invalid parameters
401	Unauthorized - invalid password
403	Forbidden - invalid token
404	Resource not found
410	Gone - deleted due to brute force
429	Rate limit exceeded
500	Server error

Error Response Format

{
  "success": false,
  "error": "Error message here"
}

Files

Upload and manage temporary files via API.

POST /v1/upload

Upload a file. Returns download URL, delete token, and file info.

Content-Type

multipart/form-data

Parameters

file

required file The file to upload

password

string Password protect the file

expires

string Duration: 1h 6h 12h 1d 7d 30d (default: 7d)

maxDownloads

integer Auto-delete after N downloads

burnAfterReading

boolean Delete file after first download (default: false)

note

string Note for the recipient (max 500 chars)

Example Request

curl -X POST "https://tmp0.cc/api/v1/upload" \
  -F "file=@document.pdf" \
  -F "expires=7d" \
  -F "burnAfterReading=true"

Response

{
  "success": true,
  "fileId": "aBcDeFgHiJkL",
  "url": "/d/aBcDeFgHiJkL",
  "fullUrl": "https://tmp0.cc/d/aBcDeFgHiJkL",
  "directDownloadUrl": "https://tmp0.cc/api/file/aBcDeFgHiJkL/download",
  "deleteToken": "xYz123AbC456DeF789GhI012JkL345Mn",
  "deleteUrl": "https://tmp0.cc/d/aBcDeFgHiJkL/delete?token=...",
  "fileInfo": {
    "expires": "7d",
    "maxDownloads": 10
  }
}

GET /v1/upload

Get API documentation and usage examples.

GET /file/{id}/info

Get file metadata without downloading.

Response

{
  "available": true,
  "fileName": "document.pdf",
  "fileSize": 1048576,
  "contentType": "application/pdf",
  "passwordRequired": false,
  "clientEncrypted": false,
  "viewCount": 5,
  "downloadCount": 2,
  "maxDownloads": 10,
  "expiresAt": "2025-02-07T12:00:00",
  "scanStatus": "CLEAN",
  "scanMessage": "No threats detected"
}

POST /file/{id}/download

Download a file. Increments download counter.

Parameters

password

string Required for protected files

Example

curl -X POST "https://tmp0.cc/api/file/aBcDeFgHiJkL/download" \
  -d "password=secret123" \
  -o downloaded_file.pdf

Brute Force Protection: After 5 failed password attempts, the file is automatically deleted.

GET /file/{id}/preview

Get image preview. Only works for non-password-protected image files. Does not increment download counter.

Supported Formats

PNG JPG JPEG GIF WebP SVG

Response

Returns binary image data with appropriate Content-Type header, or 404 if not available.

DELETE /file/{id}/delete

Delete a file using the secret delete token provided at upload.

Parameters

token

required string Secret delete token (32 chars)

Example

curl -X DELETE "https://tmp0.cc/api/file/aBcDeFgHiJkL/delete?token=xYz123AbC456DeF789..."

Response

{ "success": true, "message": "File deleted" }

Brute Force Protection: After 10 failed delete attempts, the IP is temporarily blocked.

GET /storage/status

Get server storage usage statistics.

Response

{
  "used": 52428800000,
  "limit": 107374182400,
  "available": 54945382400,
  "percentUsed": 48.8
}

Blocked File Types

The following file types are blocked for security:

Executables

.exe .msi .bat .cmd .com .scr .pif

Scripts

.ps1 .vbs .vbe .js .jse .ws .wsf .wsc .wsh

Shell

.sh .bash .zsh .csh

Java

.jar .class

Office Macros

.docm .xlsm .pptm .dotm .xltm .potm

System/Other

.reg .inf .scf .lnk .pcd .shs .shb

Disk Images

.iso .img .dmg

Snippets

Create and manage code snippets with syntax highlighting.

POST /snippet/create

Create a new code snippet. Accepts plain text (recommended) or JSON.

Parameters

autoDetect

default: true boolean Auto-detect language from content

language

string Override auto-detect: python, javascript, etc.

expires

string Duration: 1h 6h 12h 1d 7d 30d

title

string Optional title for the snippet

password

string Password protect the snippet

maxDownloads

integer Auto-delete after N views

burnAfterReading

boolean Delete snippet after first view (default: false)

Example Request (Auto-Detect)

# Auto-detect language (default)
curl -X POST "https://tmp0.cc/api/snippet/create?expires=7d" \
  -H "Content-Type: text/plain" \
  --data-binary @script.py

# Disable auto-detect, set language manually
curl -X POST "https://tmp0.cc/api/snippet/create?autoDetect=false&language=python" \
  -H "Content-Type: text/plain" \
  --data-binary @script.py

Response

{
  "success": true,
  "snippetId": "abc123xyz456",
  "url": "/s/abc123xyz456",
  "fullUrl": "https://tmp0.cc/s/abc123xyz456",
  "rawUrl": "https://tmp0.cc/api/snippet/abc123xyz456/raw",
  "deleteToken": "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345",
  "deleteUrl": "https://tmp0.cc/s/abc123xyz456/delete?token=...",
  "language": "python"  // detected or specified language
}

GET /snippet/{id}/info

Get snippet metadata without retrieving content.

Response

{
  "available": true,
  "snippetId": "abc123xyz456",
  "title": "My Snippet",
  "language": "python",
  "lineCount": 42,
  "charCount": 1337,
  "passwordProtected": false,
  "remainingDownloads": 5,
  "expiresAt": "2025-02-07T12:00:00Z"
}

POST /snippet/{id}/content

Retrieve snippet content as JSON. Use for password-protected snippets.

Parameters

password

string Required for protected snippets

Response

{
  "success": true,
  "content": "print('Hello World')",
  "language": "python",
  "title": "My Snippet",
  "lineCount": 1,
  "charCount": 21
}

GET /snippet/{id}/raw

Retrieve raw snippet content as plain text.

Parameters

password

string Required for protected snippets

DELETE /snippet/{id}

Delete a snippet using the delete token.

Parameters

token

required string Delete token from creation response

Supported Languages

plain javascript typescript python java kotlin go rust cpp csharp ruby php shell sql json yaml xml html css markdown log stacktrace

Line Linking

Link directly to specific lines in a snippet using URL hash:

#L42

Highlight line 42

#L10-L25

Highlight lines 10 to 25

#L10-25

Also works (shorthand)

Example

https://tmp0.cc/s/abc123xyz456#L42

Clicking a line number also updates the URL for easy sharing.

Word Highlighting

Highlight specific words in the snippet using URL parameter:

?highlight=error

Highlight all "error" occurrences

?highlight=foo,bar,baz

Highlight multiple words in different colors

Example

https://tmp0.cc/s/abc123?highlight=TODO,FIXME

20 Colors: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

CLI Tool

Full-featured command-line interface with E2EE encryption and pipe support.

Zero-Knowledge CLI

Full E2EE support with Argon2id + AES-256-GCM encryption matching the browser implementation.

Download CLI Files

tmp0.js package.json

Download both files to the same directory

Step-by-Step Installation

Prerequisites

Make sure you have Node.js 18+ installed

node --version  # Should be v18.0.0 or higher

Create a directory & download files

Create a folder and download both files above, or use curl:

mkdir tmp0-cli && cd tmp0-cli
curl -O https://tmp0.cc/api/v1/cli/tmp0.js
curl -O https://tmp0.cc/api/v1/cli/package.json

Install dependencies

Install the required npm packages

npm install

Make it globally available (optional)

Link the CLI so you can use tmp0 from anywhere

npm link  # Now you can use 'tmp0' globally

✓

Verify installation

Check that the CLI is working

tmp0 --help
# Or if not linked:
node tmp0.js --help

Quick Install (One-Liner)

mkdir tmp0-cli && cd tmp0-cli && curl -O https://tmp0.cc/api/v1/cli/tmp0.js && curl -O https://tmp0.cc/api/v1/cli/package.json && npm install && npm link

Basic Usage

Upload a file

tmp0 upload document.pdf

Upload with E2EE encryption

tmp0 upload secret.pdf -e -p "mypassword"

Pipe from stdin

cat file.txt | tmp0 upload -n "myfile.txt"
echo "Hello World" | tmp0 upload -e -p "secret"

Download and decrypt

tmp0 download aBcDeFgHiJkL -p "mypassword" -o output.pdf
tmp0 download aBcDeFgHiJkL -p "mypassword" > output.pdf

File Commands

upload [file]

Upload file or pipe from stdin

download <id>

Download and optionally decrypt file

delete <id> <token>

Delete file using delete token

Snippet Commands

snippet [content]

Upload code snippet (alias: paste)

snippet-get <id>

Get snippet content (alias: get)

Utility Commands

info <id>

Get file info and crypto badge

verify <id>

Verify file in transparency log

manifest

Show public crypto manifest

sign <url>

Generate signed URL

Snippet Examples

Paste from clipboard / stdin

cat script.py | tmp0 snippet -l python
echo "console.log('hello')" | tmp0 paste

Upload encrypted snippet

tmp0 snippet script.py -e -p "secret" -l python

Get and decrypt snippet

tmp0 snippet-get abc123 -p "secret" > script.py
tmp0 get abc123 -p "secret" -o script.py

Upload Options

-e, --encrypt

Enable E2EE encryption

-p, --password

E2EE encryption password

-x, --expires

Expiration (1h, 6h, 12h, 1d, 7d, 30d)

-m, --max-downloads

Maximum download count

-b, --burn

Delete after first download

-n, --name

Filename for stdin input

-j, --json

Output as JSON

E2EE Encryption Details

Algorithm: AES-256-GCM

Key Derivation: Argon2id (6 iterations, 256 MB memory, 4 parallelism)

Salt: 128 bits (random)

IV: 96 bits (random)

Password never leaves your device. Server cannot decrypt E2EE files.

Crypto Manifest

Public cryptographic information about the service and individual files.

Verifiable Security

All encryption parameters are publicly auditable. Verify our zero-knowledge claims yourself.

GET /v1/crypto/manifest

Get the global crypto manifest with all encryption parameters.

Response

{
  "version": "1.0.0",
  "e2ee": {
    "algorithm": "AES-256-GCM",
    "keyDerivation": "Argon2id",
    "parameters": {
      "timeCost": 6,
      "memoryCost": "256 MB",
      "parallelism": 4
    }
  },
  "atRest": {
    "algorithm": "AES-256-GCM",
    "keyLength": "256 bits"
  },
  "transparency": {
    "enabled": true,
    "hashAlgorithm": "SHA-256",
    "signing": "HMAC-SHA256"
  }
}

GET /v1/crypto/manifest/{fileId}

Get the crypto badge for a specific file.

Response

{
  "fileId": "aBcDeFgHiJkL",
  "encryption": {
    "type": "E2EE",
    "algorithm": "AES-256-GCM",
    "keyDerivation": "Argon2id",
    "zeroKnowledge": true
  },
  "integrity": {
    "algorithm": "SHA-256",
    "hash": "a1b2c3d4..."
  },
  "badgeHash": "e5f6g7h8..."
}

curl Examples

Get global manifest

curl https://tmp0.cc/api/v1/crypto/manifest

Get file crypto badge

curl https://tmp0.cc/api/v1/crypto/manifest/aBcDeFgHiJkL

Verify crypto badge

curl -X POST https://tmp0.cc/api/v1/crypto/verify-badge \
  -H "Content-Type: application/json" \
  -d '{"fileId":"aBcDeFgHiJkL","badgeHash":"e5f6g7h8..."}'

Transparency Log

Certificate Transparency style logging for audit and verification.

Immutable Audit Trail

Only cryptographic hashes are logged - no file content or personal data. Similar to Certificate Transparency (RFC 6962).

Chained Hashes

Each entry links to previous

Merkle Tree

Efficient proof of inclusion

HMAC Signatures

Cryptographic authenticity

Timestamped

Immutable timestamps

GET /v1/transparency/log/{fileId}

Get transparency log entry for a file.

Response

{
  "logId": "uuid",
  "fileId": "aBcDeFgHiJkL",
  "operationType": "UPLOAD",
  "timestamp": "2025-02-01T12:00:00Z",
  "contentHash": "sha256...",
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/verify/{fileId}

Verify file integrity in transparency log.

Response

{
  "valid": true,
  "message": "Entry verified successfully",
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/sth

Get Signed Tree Head (current log state).

Response

{
  "treeSize": 12345,
  "timestamp": 1706789200000,
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/public-log?limit=50

Get recent public log entries (hashes only, no content).

curl Examples

Get transparency log for file

curl https://tmp0.cc/api/v1/transparency/log/aBcDeFgHiJkL

Verify file integrity

curl https://tmp0.cc/api/v1/transparency/verify/aBcDeFgHiJkL

Get signed tree head

curl https://tmp0.cc/api/v1/transparency/sth

Get public log

curl "https://tmp0.cc/api/v1/transparency/public-log?limit=20"

Signed URLs

Generate time-limited, cryptographically signed download URLs.

HMAC-SHA256 Signatures

Tamper-proof URLs with optional IP binding and one-time use restrictions.

POST /v1/signed/generate

Generate a signed download URL.

Request Body

{
  "fileId": "aBcDeFgHiJkL",
  "ttl": 3600,           // seconds (default: 3600)
  "ipBinding": true,     // bind to client IP
  "oneTimeUse": true     // URL can only be used once
}

Response

{
  "signedUrl": "https://tmp0.cc/api/v1/signed/download/aBcDeFgHiJkL?sig=...&exp=...&nonce=...",
  "fileId": "aBcDeFgHiJkL",
  "expiresIn": 3600,
  "ipBound": true,
  "oneTimeUse": true
}

GET /v1/signed/download/{fileId}

Download file using a signed URL.

Query Parameters

sig

required HMAC-SHA256 signature

exp

required Expiration timestamp

nonce

required Unique nonce

POST /v1/signed/verify

Verify a signed URL without downloading.

Request Body

{ "url": "https://tmp0.cc/api/v1/signed/download/..." }

curl Examples

Generate Signed URL

# Generate a signed URL (1 hour TTL)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123"}'

# With custom TTL (30 minutes) and IP binding
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123", "ttl": 1800, "ipBinding": true}'

# One-time use URL (can only be downloaded once)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123", "oneTimeUse": true}'

Download via Signed URL

# Download using the signed URL (use the URL from generate response)
curl -o file.zip "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."

Verify Signed URL

# Verify a signed URL without downloading
curl -X POST https://tmp0.cc/api/v1/signed/verify \
  -H "Content-Type: application/json" \
  -d '{"url": "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."}'

CLI Examples

# Generate a signed URL for a file
tmp0 sign abc123

# Custom TTL (30 minutes)
tmp0 sign abc123 --ttl 1800

# One-time use URL
tmp0 sign abc123 --one-time

# IP-bound URL (only works from your IP)
tmp0 sign abc123 --ip-binding

API v2: Pre-signed URLs

Developer-first API for direct uploads without round-trips. Use tmp0 as infrastructure.

Zero-Trust Upload Flow

Get a time-limited token, upload directly. No auth headers needed for the actual upload.

POST /api/v2/presign

Request a pre-signed upload URL. Returns a time-limited token valid for 30 minutes.

Request Body

{
  "fileName": "document.pdf",
  "fileSize": 1048576,           // optional, size hint
  "contentType": "application/pdf",
  "storageTime": "7d",           // 1h, 6h, 1d, 3d, 7d, 14d, 30d
  "clientEncrypted": true,       // E2EE upload
  "maxDownloads": 10,            // optional limit
  "burnAfterReading": false
}

Response

{
  "success": true,
  "uploadUrl": "/api/v2/upload/direct/xYz123...",
  "token": "xYz123AbCdEf...",
  "expiresAt": "2024-01-01T12:30:00",
  "maxFileSize": 2147483648,
  "validForMinutes": 30
}

PUT /api/v2/upload/direct/{token}

Upload file using the pre-signed token. No authentication required.

Headers

Content-Type

application/octet-stream

Response

{
  "success": true,
  "fileId": "aBcDeFgHiJkL",
  "url": "/d/aBcDeFgHiJkL",
  "deleteToken": "secret-delete-token",
  "downloadUrl": "/d/aBcDeFgHiJkL",
  "apiUrl": "/api/v2/files/aBcDeFgHiJkL"
}

GET /api/v2/files/{fileId}

Get detailed file metadata including privacy level and security badges.

Response includes

fileId fileName fileSize contentType downloadCount maxDownloads privacyLevel signed signatureVerified senderPublicKey senderFingerprint isolated riskLevel detectedMimeType mimeTypeMismatch

Example: Pre-signed Upload Flow

# 1. Request pre-signed URL
TOKEN=$(curl -s -X POST https://tmp0.cc/api/v2/presign \
  -H "Content-Type: application/json" \
  -d '{"fileName": "backup.zip", "storageTime": "7d"}' \
  | jq -r '.token')

# 2. Upload directly using token
curl -X PUT "https://tmp0.cc/api/v2/upload/direct/$TOKEN" \
  -H "Content-Type: application/octet-stream" \
  --data-binary @backup.zip

# Response: {"success": true, "fileId": "abc123...", ...}

Streaming API

Real-time file events via Server-Sent Events (SSE). Build reactive applications.

Real-time Events

Subscribe to download events, expiration warnings, and file deletion notifications.

GET /api/v2/events/{fileId} SSE

Subscribe to real-time events for a file. Connection kept alive for 30 minutes.

Event Types

connected Initial connection established

download File was downloaded

expiring File will expire within 1 hour

maxReached Maximum downloads reached

deleted File was deleted

JavaScript Example

const events = new EventSource('/api/v2/events/aBcDeFgHiJkL');

events.addEventListener('connected', (e) => {
    const data = JSON.parse(e.data);
    console.log('Connected:', data);
});

events.addEventListener('download', (e) => {
    const data = JSON.parse(e.data);
    console.log(`Downloaded! Count: ${data.downloadCount}`);
});

events.addEventListener('expiring', (e) => {
    const data = JSON.parse(e.data);
    console.log(`Expires in ${data.minutesRemaining} minutes`);
});

events.addEventListener('deleted', (e) => {
    console.log('File was deleted');
    events.close();
});

GET /api/v2/stream/status

Check streaming API status and active connections.

Response

{
  "activeConnections": 42,
  "trackedFiles": 15,
  "status": "operational"
}

ShareX Integration

Use tmp0.cc as your uploader for screenshots, text, and files in ShareX.

Quick Setup

Download the config file and double-click to import into ShareX.

tmp0.cc.sxcu (Double-click to import)

Default Settings

Storage Duration

30 days

Password

None

Clipboard

Direct URL

Supported

Images, Text, Files

Manual Setup

If the automatic import doesn't work, follow these steps:

Open ShareX Destinations Custom uploader settings
Click Import From URL
Paste: https://tmp0.cc/api/sharex-config
Set as default uploader for Images, Text, and Files

Configuration File

{
  "Version": "16.0.0",
  "Name": "tmp0.cc",
  "DestinationType": "ImageUploader, TextUploader, FileUploader",
  "RequestMethod": "POST",
  "RequestURL": "https://tmp0.cc/api/v1/upload",
  "Body": "MultipartFormData",
  "FileFormName": "file",
  "Arguments": {
    "expires": "30d"
  },
  "URL": "{json:fullUrl}",
  "ThumbnailURL": "{json:fullUrl}",
  "DeletionURL": "{json:deleteUrl}"
}

Customize Settings

Modify the Arguments section to change defaults:

expires

1h 6h 12h 1d 7d 30d

password

Add "password": "your-secret" for protection

maxDownloads

Add "maxDownloads": "10" to limit

Security

Overview

Architecture

Analysis

Performance

Trust

Security & Cryptography

Complete transparency about how tmp0.cc protects your data.

Trust Through Transparency

This documentation establishes our trust baseline. All cryptographic claims are verifiable through public APIs and source code.

Security Guarantees

End-to-End Encryption

AES-256-GCM with Argon2id key derivation. Password never leaves your browser.

Zero-Knowledge Architecture

E2EE files cannot be read by the server. We cannot comply with content requests for E2EE data.

No IP Address Storage

IP addresses are only hashed temporarily for rate limiting, then discarded.

Transparency Logging

Merkle tree-based audit log. All operations are verifiable via public endpoints.

Cryptographic Algorithms

Component	Algorithm	Key Size
Symmetric Encryption	AES-256-GCM	256-bit
Key Derivation	Argon2id	256-bit output
Password Hashing	BCrypt	Cost factor 10
Content Hashing	SHA-256	256-bit
Signatures	HMAC-SHA256	256-bit

Verification Endpoints

GET /api/v1/crypto/manifest — All cryptographic parameters

GET /api/v1/crypto/badge/{fileId} — Per-file security badge

GET /api/v1/transparency/sth — Signed Tree Head

GET /api/v1/transparency/verify — Chain verification

Visibility Matrix

What we can see vs. what we cannot see — complete transparency.

Quick Reference by Encryption Mode

Data Type	Plain Upload	Server-Encrypted	True E2EE
File content	✓ Can see	⚠ Can decrypt	✗ Cannot see
File name	✓ Can see	✓ Can see	✓ Can see
File size	✓ Can see	✓ Can see	⚠ Padded size
File type (MIME)	✓ Can see	✓ Can see	✗ Cannot see
Password	N/A	✓ Hash stored	✗ Never sent
IP address	✗ Not stored	✗ Not stored	✗ Not stored
User identity	✗ Not collected	✗ Not collected	✗ Not collected

What We Can See

• File metadata (name, size, type)
• Upload/expiry timestamps
• Download counts
• BCrypt password hashes (server mode)
• SHA-256 content hashes

What We Cannot See (E2EE)

• File contents (encrypted before upload)
• Your password (never transmitted)
• Derived encryption key
• Original file type/structure
• Who uploaded what (no user IDs)

Zero-Knowledge Guarantee

For E2EE files: Even with full server access, database dumps, and file system access, we mathematically cannot decrypt your files without your password.

Encryption Tiers

Three distinct security levels for different use cases.

Tier 1 Plain Upload (At-Rest Encrypted)

Files encrypted on the server with AES-256-GCM before storage.

Protected Against

✓ Disk theft
✓ Network eavesdropping (TLS)
✓ Database breach

Not Protected Against

✗ Server compromise
✗ Malicious operator
✗ Legal data requests

Use case: Non-sensitive files, maximum compatibility, virus scanning needed

Tier 2 Server-Encrypted (Password Protected)

Password verified by server. BCrypt hashing with brute force protection.

Protected Against

✓ Unauthorized access
✓ Brute force (5 attempts → auto-delete)
✓ All Tier 1 protections

Not Protected Against

✗ Server with password knowledge
✗ Legal requests with password

Use case: Sensitive files, recipient without JS/WebCrypto, virus scanning needed

Tier 3 True E2EE (Zero-Knowledge) RECOMMENDED

Encrypted in your browser before upload. Server never sees plaintext or password.

Encryption chain:

Password → Argon2id (256MB, 6 iter) → AES-256-GCM → Upload

Protected Against

✓ Server compromise
✓ Malicious operators
✓ Legal data requests
✓ Database breaches

Limitations

! No virus scanning
! Requires JavaScript
! Password loss = data loss

Use case: Maximum privacy, zero-trust, sensitive documents, whistleblowing

Trust Model Comparison

Who must you trust?	Tier 1	Tier 2	Tier 3
tmp0.cc server	✓	✓	✗
tmp0.cc operators	✓	✓	✗
Network (TLS)	✓	✓	⚠
Your browser	✓	✓	✓

✓ = Must trust | ✗ = Zero trust required | ⚠ = Metadata only

Cryptographic Specification

Technical details of all cryptographic operations.

Client-Side Encryption (E2EE)

Algorithm	AES-256-GCM
Key Derivation	Argon2id
Argon2id Memory	256 MB
Argon2id Iterations	6
Argon2id Parallelism	4 threads
Salt Size	16 bytes (128 bits)
IV Size	12 bytes (96 bits)
GCM Tag Size	16 bytes (128 bits)

E2EE Binary Format

┌──────────────┬──────────────┬─────────────┬──────────────────────────┐
│ Version (4B) │  Salt (16B)  │   IV (12B)  │ Ciphertext + GCM Tag     │
│  0x45324530  │              │             │         (16B tag)        │
│   "E2E01"    │              │             │                          │
└──────────────┴──────────────┴─────────────┴──────────────────────────┘

Version magic 0x45324530 allows future format upgrades while maintaining backward compatibility.

Server-Side At-Rest Encryption

Algorithm	AES-256-GCM
Key Source	Environment variable
IV Size	12 bytes (96 bits)
Storage Format	[IV 12B][Ciphertext][GCM Tag 16B]

Brute Force Resistance (Argon2id)

Cost per attempt: 256 MB memory × 6 iterations

GPU mitigation: Memory-hardness makes parallel attacks prohibitively expensive

Time to crack (at 10,000 attempts/second):

8-character password (94^8): ~17 million years
12-character password (94^12): ~10^18 years

Standards Compliance

AES-256-GCM: FIPS 197 + SP 800-38D

Argon2id: RFC 9106

SHA-256: FIPS 180-4

HMAC-SHA256: RFC 2104

Threat Model

STRIDE + LINDDUN analysis of security and privacy threats.

STRIDE Security Threats

Spoofing

Attacker impersonates legitimate user or system.

Mitigations: CSRF tokens, 64-char delete tokens, HMAC-signed URLs, constant-time comparison

Tampering

Unauthorized modification of data.

Mitigations: TLS 1.3, AES-256-GCM authentication tags, Merkle tree integrity

Repudiation

Denying actions taken.

Mitigations: Signed transparency log, Merkle tree proofs, public verification

Information Disclosure

Exposure of sensitive information.

Mitigations: E2EE, at-rest encryption, minimal metadata, no IP storage

Denial of Service

Making service unavailable.

Mitigations: Rate limiting, 2GB file limit, 100GB total storage, semaphore limiting

Elevation of Privilege

Gaining unauthorized capabilities.

Mitigations: Input validation, ClamAV scanning, parameterized queries, 5-attempt brute force limit

LINDDUN Privacy Threats

Linkability

No IP storage, random file IDs, no user accounts

Identifiability

No PII collected, E2EE prevents content analysis

Non-repudiation

Logs contain only hashes, no link to users

Detectability

Random IDs, no public listing, no search

Disclosure

E2EE files impossible to disclose

Unawareness

Clear UI, crypto badges, this documentation

Defense in Depth Layers

1 Network Security (TLS 1.3, HSTS, Security Headers)

2 Application Security (CSRF, Validation, Rate Limiting)

3 Cryptographic Security (E2EE, At-rest, HMAC)

4 Data Security (No PII, Auto-expire, Secure Delete)

5 Transparency (Audit Log, Merkle Proofs, Public APIs)

Transparency Log

Merkle tree-based audit logging with public verification.

Certificate Transparency Inspired

Based on RFC 6962, adapted for file operations. All entries are append-only and cryptographically verifiable.

Merkle Tree Structure

                     ┌─────────┐
                     │  Root   │ ← Merkle Root (in STH)
                     │  H0123  │
                     └────┬────┘
               ┌─────────┴─────────┐
               │                   │
          ┌────┴────┐         ┌────┴────┐
          │   H01   │         │   H23   │
          └────┬────┘         └────┬────┘
         ┌─────┴─────┐       ┌─────┴─────┐
         │           │       │           │
    ┌────┴────┐ ┌────┴────┐ ┌────┴────┐ ┌────┴────┐
    │ Entry 0 │ │ Entry 1 │ │ Entry 2 │ │ Entry 3 │
    └─────────┘ └─────────┘ └─────────┘ └─────────┘

Hash Chain

Entry[0]          Entry[1]          Entry[2]
┌─────────┐      ┌─────────┐      ┌─────────┐
│ hash=H0 │─────▶│ prev=H0 │─────▶│ prev=H1 │
│ prev=∅  │      │ hash=H1 │      │ hash=H2 │
└─────────┘      └─────────┘      └─────────┘

Each entry's previousHash links to the prior entry, creating an immutable chain.

Log Entry Structure

Field	Description
logId	Unique UUID
operationType	UPLOAD \| DOWNLOAD \| DELETE
timestamp	ISO 8601 timestamp
contentHash	SHA-256 of encrypted content
metadataHash	SHA-256 of metadata
entryHash	SHA-256 of entry data
previousHash	Hash chain link
signature	HMAC-SHA256 of entryHash
merkleRoot	Tree root after this entry

Privacy: What Logs Do NOT Contain

✗ File content

✗ File names

✗ IP addresses

✗ User IDs

✗ Passwords

✗ Location

Public Verification Endpoints

GET /api/v1/transparency/sth

Signed Tree Head (current log state)

GET /api/v1/transparency/entries

List log entries (paginated)

GET /api/v1/transparency/proof/{logId}

Inclusion proof for entry

GET /api/v1/transparency/verify

Full chain verification

External Auditing

Anyone can monitor the transparency log. Cache STHs over time to detect any unauthorized modifications or deletions.

Large File Support

Chunked resumable uploads for files up to 2GB with parallel encryption.

No Feature Disadvantage

Competitive with Wormhole and SwissTransfer. Upload files up to 2GB with E2EE, resumable uploads, and parallel processing.

Chunked Upload Architecture

Max file size	2 GB
Chunk size	10 MB
Max chunks	210 chunks
Parallel uploads	3 concurrent
Session timeout	60 minutes
Resume capability	Yes (missing chunks tracked)

How Chunked Uploads Work

Initialize Session

Client requests upload session with file metadata. Server returns session ID, chunk count, and size.

Upload Chunks

File is split into 10MB chunks. Multiple chunks upload in parallel. Progress tracked per-chunk.

Resume if Interrupted

Session ID stored locally. If interrupted, query server for missing chunks and upload only those.

Finalize

Once all chunks received, server assembles file, computes hash, encrypts, and stores. File ID returned.

Parallel Chunk Encryption (E2EE)

For E2EE uploads, chunks are encrypted in parallel using Web Workers for maximum performance.

File (2GB)
    │
    ├── Chunk 0 ──▶ [Web Worker 1] ──▶ AES-256-GCM ──▶ Upload
    ├── Chunk 1 ──▶ [Web Worker 2] ──▶ AES-256-GCM ──▶ Upload
    ├── Chunk 2 ──▶ [Web Worker 3] ──▶ AES-256-GCM ──▶ Upload
    │       (parallel encryption)         │
    └── ... 210 chunks total              └── Server assembles

Each chunk encrypted with same derived key (Argon2id), unique IV per chunk.

Chunked Upload API

GET /api/v1/chunked/config

Get chunked upload configuration

POST /api/v1/chunked/init

Initialize upload session

POST /api/v1/chunked/upload/{sessionId}/{chunkIndex}

Upload a single chunk

GET /api/v1/chunked/status/{sessionId}

Get session status (for resume)

POST /api/v1/chunked/finalize/{sessionId}

Finalize upload (assemble chunks)

DELETE /api/v1/chunked/cancel/{sessionId}

Cancel upload session

/api/v1/chunked/init Parameters

fileName

required Original filename

totalSize

required Total file size in bytes

contentType

optional MIME type (default: application/octet-stream)

clientEncrypted

default: false E2EE file (encrypted in browser)

storageTime

optional 1h, 6h, 12h, 1d, 7d, 30d (default: 7d)

maxDownloads

optional Auto-delete after N downloads

burnAfterReading

default: false Delete after first download

zeroMetadataMode

default: false Skip transparency log (max privacy)

senderPublicKey

optional Ed25519 public key (Base64)

uploadSignature

optional Ed25519 signature of file hash (Base64)

Automatic Fallback

Files under 50MB use single-request upload for simplicity. Chunked upload automatically activates for larger files or when explicitly requested.

Identity-less Reputation

Trust without identity. Verify senders without accounts, logins, or tracking.

Trust Without Accounts

Recipients can verify: "Signed by the same sender as previous upload" — without user accounts, logins, or tracking.

How It Works

Generate Keypair

An Ed25519 keypair is generated in your browser. The private key never leaves your device.

Sign Upload

When you upload, your private key signs the file hash. The signature and public key are stored with the file.

Verify Sender

Recipients see a fingerprint like "ABC1...XYZ2". Same fingerprint = same sender. Cryptographic proof without identity.

Cryptographic Details

Algorithm	Ed25519
Key size	256-bit (32 bytes)
Signature size	512-bit (64 bytes)
Message format	tmp0.cc:upload:{fileHash}
Storage	localStorage (browser only)
Export	Backup/restore supported

Privacy Guarantees

No User Accounts

No registration, no login, no personal data collected.

No Tracking

Server doesn't link uploads to identities. Just cryptographic proof of same sender.

Private Key Stays Local

Private key generated and stored in browser. Never sent to server.

Optional

Signing is completely optional. Upload anonymously if you prefer.

JavaScript API

// Check if Ed25519 is supported
const supported = await IdentityKeys.isSupported();

// Generate new keypair (stored in localStorage)
const { publicKey, fingerprint } = await IdentityKeys.generateKeyPair();

// Sign an upload (uses stored private key)
const signature = await IdentityKeys.signUpload(fileHash);

// Verify a signature
const valid = await IdentityKeys.verifySignature(publicKey, signature, fileHash);

// Check if same sender
const same = IdentityKeys.isSameSender(publicKey1, publicKey2);

// Export/import for backup
const backup = IdentityKeys.exportIdentity();
await IdentityKeys.importIdentity(backup);

Key Management

Your private key is stored in localStorage. Clearing browser data will delete it permanently. Use the export feature to backup your identity.

Smart File Policies

Automatic protection against malicious files with executable isolation, MIME validation, and risk assessment.

Defense in Depth

Multiple layers of protection: executable detection, MIME type validation, disguised file rejection, and risk-based isolation.

Protection Layers

Executable Isolation

Detects executable files by extension, MIME type, and magic bytes. Isolated files are flagged and handled with extra caution.

.exe .dll .bat .sh .jar .ps1 .apk +40 more

MIME-Type Sanity Checks

Validates that file content matches declared type. Detects mismatches like a .jpg file that's actually a PE executable.

Disguised Executable Rejection

Automatically rejects files that appear to be executables disguised with safe extensions (e.g., malware.jpg that's actually an .exe).

Forced Archive for Risky Combos

High-risk file types are flagged with recommendation to upload as archives (ZIP, 7z) for safer distribution.

Detection Methods

Extension check	50+ executable extensions
Magic bytes	MZ, ELF, Mach-O, #! shebang
MIME detection	Content-based type inference
Double extension	file.pdf.exe detection
Disguise detection	Safe ext + exec content = reject

Risk Levels

Low Risk

Standard files: images, documents, text, archives

Medium Risk

Scripts, macros, less common executable formats

High Risk

.exe, .dll, .bat, .ps1, .jar, .apk, .sh, .bin

Executable Categories

windows_binary  → .exe, .dll, .com, .scr, .msi
windows_script  → .bat, .cmd, .ps1, .vbs, .wsf
unix_binary     → ELF binaries, .so, .ko, .run
unix_script     → .sh, .bash, .zsh, .ksh
macos_binary    → .app, .pkg, .dmg
java_archive    → .jar
python_script   → .py, .pyw
office_macro    → .docm, .xlsm, .pptm
android_package → .apk
ios_package     → .ipa

Transparent to Users

Policy evaluation happens automatically. Legitimate files upload normally. Only truly malicious patterns (like disguised executables) are rejected.

Temporary File Sharing

Text File Detected

Share Code Snippet

DMCA Takedown Policy

Overview

Safe Harbor Notice

Filing a DMCA Takedown Request

Submit Request

Our Response

Counter-Notification

Frequently Asked Questions

Getting Started

How does tmp0.cc work?

Do I need an account?

File Limits

Maximum file size?

How long are files stored?

Multiple files?

Code Snippets

Share Code Snippets

Snippet Limits

Text File Detection

Sharing

QR Code

Delete Link

Security & Encryption

Two Encryption Modes

Password protection?

IP addresses?

Virus scanning limitations

Why was my upload blocked?

Privacy Policy

Privacy-First Architecture

What We Don't Collect

What We Store (Minimal)

Code Snippets

Delete Link & Your Right to Erasure

QR Codes

Temporary Security Data

Third-Party Services & JavaScript Security

Security Scanning

Encryption

Automatic Metadata Stripping

Transparency Log (This IS a Log)

CLI Tool & API

Data Retention & Deletion

Jurisdiction & Legal Framework

GDPR & EEA Data Protection Compliance

Government & Legal Request Policy

Transparency Report

Backup & Data Recovery Policy

Key Management & Hardware Security

Contact

Terms of Service

1. Agreement

2. Service Description

3. Security Measures

4. User Responsibilities

5. Prohibited Content

6. Delete Links

7. Code Snippets

8. Abuse Prevention

9. Age Requirement

10. Service Availability

11. Disclaimer of Warranties

12. Limitation of Liability

13. User-Generated Content

14. Indemnification

15. Safe Harbor

16. Changes to Terms

17. Governing Law & Jurisdiction

18. Contact

Get in Touch

General Support

Report Abuse

Legal / DMCA

Privacy Concerns

Response Times

tmp0.cc API

Base URL