How it works
Zero-knowledge secret sharing, explained simply.
01
You create a secret
Enter any text or upload a file. A unique AES-256 encryption key is generated in your browser before anything is sent to the server.
02
The key stays with you
Only the encrypted payload is stored in our database. The decryption key is embedded in the URL fragment — it's never transmitted to the server.
03
Share the link
Send the complete URL to your recipient. Anyone with this URL can decrypt and view the secret — so treat it like the secret itself.
04
Read once, gone forever
When the recipient opens the link and reveals the secret, it is permanently deleted from the database. Expired secrets are automatically purged.
Security details
- AES-256-CBC encryption with random IV per secret
- Decryption key lives only in the URL fragment — never logged server-side
- Optional passphrase adds a second layer of protection (PBKDF2 + SHA-256)
- Secrets are automatically expired and cleaned up by a background job
- Database contains only encrypted blobs — we cannot read your secrets