Privacy Policy
Last updated: March 2026
This policy explains what Jolt Host collects from people who use the service to host static sites, and how that information is handled.
What Jolt Host is
Jolt Host lets you upload an HTML file, Markdown document, or ZIP archive and instantly get a public URL for it. Uploads expire automatically based on the option you choose at upload time.
What we collect
Uploaded files
When you upload a file, the content is stored on the server's disk inside a private storage directory. The files are served publicly to anyone who has your unique link. We store:
- The file itself (HTML, Markdown, or the extracted contents of a ZIP archive)
- A randomly generated slug (the short identifier in your URL)
- The file's entry point path
- Creation timestamp
- Expiration timestamp (if you chose one)
- A bcrypt hash of your password (if you chose to password-protect the upload)
- A random owner token — this is returned to you at upload time and lets you delete your upload or change the password or expiry later. It is not linked to your identity.
We do not store your original filename.
What we do not collect
- No advertising identifiers
- No browsing history
- No device fingerprinting
- No original filenames
IP addresses
Your IP address is read on each upload request to enforce a rate limit (25 uploads per hour). This data is held in memory only — it is never written to the database and is cleared every time the server restarts.
Cookies
Jolt Host sets the following first-party cookies:
| Cookie | Purpose | Duration | Contains personal data? |
|---|---|---|---|
jolt_web |
Proves you arrived via the web form, allowing anonymous uploads without an API token | 24 hours | No — contains only a signed timestamp |
No third-party cookies are set. No tracking or advertising cookies are used.
Third parties
Cloudflare Turnstile
If the site administrator has enabled the Turnstile CAPTCHA, your IP address and a browser challenge token generated by Turnstile are sent to Cloudflare's servers to verify that you are a human. This happens before your file is uploaded. Cloudflare's own Privacy Policy applies to that data.
Cloudflare Web Analytics
This site uses Cloudflare Web Analytics to count page visits and understand general traffic patterns (pages visited, referrers, countries, and browsers). It does not use cookies, does not track individuals across sites, and does not collect personal data. The data is aggregated and anonymous. Cloudflare's own Privacy Policy applies.
No other third-party services receive your data.
Your uploaded content
Uploaded files are public. Anyone who has your link can view the site you uploaded. There is no private hosting mode. If you password-protect your upload, access requires the password, but the files themselves are still stored in plain text on the server.
You can delete your upload at any time. After uploading, the result page shows a one-time "Delete this site" link. That link contains your owner token — if you navigate away or close the tab, the link is gone and the upload can only be removed by an administrator or when it expires. Save the link if you think you may need to delete your upload later.
You are responsible for what you upload. Do not upload content containing other people's personal data, confidential information, or anything you do not have the right to publish.
Links are the only access control (unless you set a password). Keep your link private if you do not want it to be widely accessible.
Data retention
| Data | Deleted when |
|---|---|
| Uploaded files | The expiration time passes and the cleanup task runs |
| Upload records in the database | Same — deleted with the file |
| Rate-limit records | Server restarts |
If you did not set an expiration, your upload persists until an administrator removes it or you use your owner token to delete it.
Your rights
Anonymous uploads are not linked to your identity. The only way to delete an upload is to use the "Delete this site" link shown on the result page immediately after uploading — that link contains your owner token, which is the only proof of ownership we have. If you lose that link, we have no way to verify the upload belongs to you.
If you lose your owner token and need an upload removed, you can contact us with the slug (the short identifier in your URL) and we will remove it at our discretion. We cannot confirm or deny what data, if any, is associated with you.
Changes to this policy
If this policy changes materially, the "Last updated" date at the top will be updated. Continued use of the service after changes are posted means you accept the updated policy.