Privacy Policy
Last updated: April 2, 2026
This policy explains what Jolt Host collects from people who use the service to host static sites, and how that information is handled.
What Jolt Host is
Jolt Host lets you upload an HTML file, Markdown document, or ZIP archive and instantly get a public URL for it. Uploads expire automatically based on the option you choose at upload time.
What we collect
Uploaded files
When you upload a file, the content is stored on the server's disk inside a private storage directory. The files are served publicly to anyone who has your unique link. We store:
- The file itself (HTML, Markdown, or the extracted contents of a ZIP archive)
- A randomly generated slug (the short identifier in your URL)
- The file's entry point path
- Creation timestamp
- Expiration timestamp (if you chose one)
- A bcrypt hash of your password (if you chose to password-protect the upload)
- A random owner token — this is returned to you at upload time and lets you delete your upload or change the password or expiry later. It is not linked to your identity.
- A title (if you chose to enter one) — a short label stored alongside your upload record for reference
We do not store your original filename.
What we do not collect
- No advertising identifiers
- No browsing history
- No device fingerprinting
- No original filenames
My Sites (localStorage)
When you successfully publish a site, Jolt Host saves a record to your browser's localStorage under the key joltHost_mySites. This record contains:
- The live URL of your site
- The title you entered (if any)
- The publish timestamp
- The expiration timestamp
This data never leaves your browser. It is not transmitted to the server, not linked to your identity, and not accessible to anyone other than you on the device and browser you used. Jolt Host does not read, copy, or process it in any way.
You can view and delete this data at any time on the My Sites page using the Clear My Sites data button. Clearing your browser's storage or using a private/incognito window will also remove it.
IP addresses
Your IP address is read on each upload request to enforce a rate limit (25 uploads per hour). This data is held in memory only — it is never written to the database and is cleared every time the server restarts.
Cookies
Jolt Host sets the following first-party cookies:
| Cookie | Purpose | Duration | Contains personal data? |
|---|---|---|---|
jolt_web |
Proves you arrived via the web form, allowing anonymous uploads without an API token | 24 hours | No — contains only a signed timestamp |
No third-party cookies are set. No tracking or advertising cookies are used.
Third parties
Cloudflare Turnstile
If the site administrator has enabled the Turnstile CAPTCHA, your IP address and a browser challenge token generated by Turnstile are sent to Cloudflare's servers to verify that you are a human. This happens before your file is uploaded. Cloudflare's own Privacy Policy applies to that data.
Cloudflare Web Analytics
This site uses Cloudflare Web Analytics to count page visits and understand general traffic patterns (pages visited, referrers, countries, and browsers). It does not use cookies, does not track individuals across sites, and does not collect personal data. The data is aggregated and anonymous. Cloudflare's own Privacy Policy applies.
No other third-party services receive your data.
Your uploaded content
Uploaded files are public. Anyone who has your link can view the site you uploaded. There is no private hosting mode. If you password-protect your upload, access requires the password, but the files themselves are still stored in plain text on the server.
You can delete your upload at any time. After uploading, the result page shows a one-time "Delete this site" link. That link contains your owner token — if you navigate away or close the tab, the link is gone and the upload can only be removed by an administrator or when it expires. Save the link if you think you may need to delete your upload later.
You are responsible for what you upload. Do not upload content containing other people's personal data, confidential information, or anything you do not have the right to publish.
Links are the only access control (unless you set a password). Keep your link private if you do not want it to be widely accessible.
Data retention
| Data | Deleted when |
|---|---|
| Uploaded files | The expiration time passes and the cleanup task runs |
| Upload records in the database | Same — deleted with the file |
| Rate-limit records | Server restarts |
If you did not set an expiration, your upload persists until an administrator removes it or you use your owner token to delete it.
Security
We take reasonable measures to protect your data:
- Passwords are hashed with bcrypt before storage
- Uploaded files are stored in a private directory on the server's disk
- Owner tokens are randomly generated and are the sole proof of ownership
- Rate limiting prevents abuse of the upload system
No system is completely secure, and we cannot guarantee absolute security of data transmitted to or stored by Jolt Host.
Server location
Jolt Host is hosted on servers located in the United States. If you access the service from outside the United States, your data may be transferred to, stored, and processed in the United States.
International data transfers
By using Jolt Host, you acknowledge and agree that your data may be transferred to and processed in countries other than your own, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. We take appropriate safeguards to ensure your data receives an adequate level of protection.
Children's privacy
Jolt Host is not directed to individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@thunderjolt.app and we will take steps to delete it.
Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for processing your personal data includes:
- Legitimate interests — operating and improving the service, enforcing rate limits, and preventing abuse
- Consent — by using the service, you consent to the processing described in this policy
- Contractual necessity — processing is necessary to provide the hosting service you request
You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. Because Jolt Host is designed for anonymous use, we can only exercise these rights to the extent that we can identify your data.
Analytics opt-out
Cloudflare Web Analytics is used to count page visits and understand general traffic patterns. You can opt out of Cloudflare Web Analytics by enabling the Do Not Track setting in your browser or by using a browser extension that blocks analytics scripts.
Breach notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where feasible, affected users without undue delay after becoming aware of the breach.
Business transfers
If Jolt Host is involved in a merger, acquisition, asset sale, or other business transfer, your data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
Complaints
If you are located in the EEA or the UK and believe our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority. You can find a list of supervisory authorities at the European Data Protection Board website.
Your rights
Anonymous uploads are not linked to your identity. The only way to delete an upload is to use the "Delete this site" link shown on the result page immediately after uploading — that link contains your owner token, which is the only proof of ownership we have. If you lose that link, we have no way to verify the upload belongs to you.
If you lose your owner token and need an upload removed, you can contact us with the slug (the short identifier in your URL) and we will remove it at our discretion. We cannot confirm or deny what data, if any, is associated with you.
Contact
For privacy questions or data deletion requests, contact: {{SUPPORT_EMAIL}}
Changes to this policy
If this policy changes materially, the "Last updated" date at the top will be updated. Continued use of the service after changes are posted means you accept the updated policy.