Austin Huang
Est. January 12, 2022


A suite of various privacy-focused services, operated for learning purposes and for (possible) public enjoyment, hosted on a free Oracle Cloud instance.

List of Services

More services will be provided, so stay tuned!

Terms of Service

bus-hit.me and its affiliated services ("Service" hereafter) are operated from Québec, Canada. The terms may change at any time without notice.

Prohibited Behaviour

You agree to not use any part of the Service to engage or facilitate any of the following activities:

No Warranty

You understand and agree that the Service is offered "as is" and without warranty of any kind, either express, implied or statutory. In no event shall the operator of the Service ("Operator" hereafter) be liable for any claim, damages or other liability arising from, out of or in connection with the Service or the use or other dealings in the Service. The Operator expressly disclaims all implied warranties of title, merchantability, fitness for a particular purpose, and non-infringement. The Operator does not warrant the reliability, accessibility or quality of the Service. You agree that your use of the Service is at your own risk.

Privacy Policy

The policies may change any time without notice (especially when we start providing a new service).

No identifiable data is shared with third parties, unless such data transfer is initiated by the user, required to combat abuse, or operationally necessary.

Some services require the use of first-party cookies and/or local storage, which are required to provide the service (such as remembering user preferences) and are not collected by anyone. None of the services employ third-party cookies.

Data collected by the Operator

nginx access logs

Unless otherwise noted below, the nginx access.log, containing your IP address, timestamp, path, and User-Agent, is retained for a maximum of 2 days. The logs are used to combat abuse, debug, and collect aggregated usage statistics.

CryptPad and PrivateBin

Document paths, paste IDs and deletion tokens are not recorded in the nginx access log. However, even if I am to record them, I will not be able to decrypt the contents, as the decryption token is located in the URI fragment, which is not transmitted to the server, unless malicious JavaScript is injected into the page. If you're concerned about that, then simply compare the fetched resources to the master branch of the upstream repositories or any other instance that you trust.

The contents, including attachments and comments/chats, are encrypted and decrypted client-side, so that only those who have the full URL may decrypt them. The encrypted contents are stored in the disk (for CryptPad) or a database controlled by the Operator (for PrivateBin) according to the specific directives as given by the user.

Third parties

Oracle Corporation ("Oracle") provides the servers, which are located in the "Canada Southeast (Montréal)" region , as defined by Oracle. Their privacy policy is available here.Some websites mistakenly identify this server as being in the US due to the whois of the IPv6 address. (The IPv4 address has the correct whois.)

Information regarding abusive behaviour occuring on the Service may be shared with other parties in the interest of mutual protection.


Please read the following carefully before requesting takedown for any content on bus-hit.me and its subdomains.

For Libreddit/teddit, rimgo and Scribe

These services act as proxies (aka. "frontends") for their corresponding platforms. It is our understanding that the services are compliant to the provisions set out in Article 31.1 of the Copyright Act, as well as 17 U.S. Code § 512. As such, takedown requests regarding content on these services should be sent to the proxied platforms (reddit, Twitter, Imgur and Medium).

Any takedown requests that are addressed to us regarding these services will be ignored. Repeated attempts are considered abuse and will be reported to other hosters.

For CryptPad and PrivateBin

If you have the full URL, please contact me. Otherwise, by design, the Operator is unable to read the contents of the paste and thus no takedown can be served.


See here.

You can also follow me on the fediverse!


AbuseIPDB Contributor Badge IPv6 Certification Badge for austinhuang