About

How it works

Your secret is encrypted in your browser before it ever leaves your device. The server only sees scrambled data—it can't read your secret, and neither can anyone who might intercept the traffic.

What the server stores

The server stores the encrypted secret and a "salt" (random data used for encryption). The key to decrypt it lives only in the link you share—specifically in the #fragment part of the URL, which browsers never send to servers.

Security features

• Single-use: Secrets are deleted the moment they're retrieved. No second chances.
• Auto-expiring: Even if never opened, secrets are automatically deleted after 24 hours.
• End-to-end encrypted: AES-256-GCM encryption happens entirely in your browser.