Security & Privacy

How It Works

Understanding the security and privacy features that protect your sensitive information

Perfect for Sensitive Communications

When you need to share sensitive information quickly over untrusted communication channels like email, SMS, chat apps, or social media, our platform provides a secure solution. Share a link containing an end-to-end encrypted secret that can be decoded once (guaranteed), then disappears from our servers forever. The recipient gets secure access while maintaining complete privacy. For added security, secrets are automatically deleted after 24 hours if not accessed.

This service is completely free — low operational costs mean no ads, no premium plans, just secure secret sharing.

End-to-End Encryption

Military-grade AES-256-GCM encryption ensures your data is protected with the highest security standards.

Learn more

One-Time Access

Once someone reads the message, it's permanently deleted from our servers. Only the sender and receiver retain local copies. For additional security, unread secrets are also automatically deleted after 24 hours.

Zero-Knowledge

Encryption keys are stored in URL fragments (#), never sent to our servers. We literally cannot decrypt your data.

How it works

Open Source

Fully auditable code ensures transparency and builds trust through community verification.

View source

Security Process

Client-Side Encryption

When you enter your secret, a unique AES-256-GCM encryption key is generated in your browser. Your plaintext is encrypted locally before any data is transmitted.

Secure Transmission

Only the encrypted ciphertext is sent to our servers. The encryption key remains in your browser and is embedded in the shareable URL fragment (by design, never accessible by server at any point in time).

URL Generation & Local Caching

A unique URL is created containing the secret ID and the encryption key in the URL fragment (#key). The encrypted secret is also cached locally in the creator's browser for preview purposes.

Share over Untrusted Channel

The link can then be shared in any third party communication channel to the receiver that simply clicks on it on their side.

First Access & Server Deletion

When the recipient first opens the URL, the encrypted data is fetched from our servers and immediately deleted. The decryption happens entirely in their browser, and the decrypted content is cached locally for them as well.

Subsequent Access from Owner and Receiver

Both the creator and the first recipient can revisit the URL and view the secret again, but it will be loaded from their local browser cache only. No additional server requests are made, and the secret remains accessible only to these two parties in their respective browsers.

Automatic Expiry Protection

If the secret is not accessed within 24 hours of creation, it is automatically deleted from our servers to prevent indefinite exposure risk.

Malicious Access if Link Leaks

Any other malicious person accessing this same link later, will request the server for the secret payload (that no longer exists) and will show a 404 error page.

What We Store

✓Encrypted ciphertext only

✓Unique secret identifier

✓Timestamp for auto-deletion

What We Never Store

✗Your plaintext secrets

✗Encryption keys

✗Personal information

✗Access logs or metadata

Technical Resources

Encryption & Security

Web Crypto API →AES Encryption Standard →End-to-End Encryption →

Web Technologies

URL Hash/Fragment →Local Storage API →Client-Side Encryption →

Start Sharing Secrets Securely