Your privacy is our priority.

Your secret is encrypted directly in your browser using AES-256-GCM before it even reaches our servers. The plaintext never leaves your device. The decryption key is never saved on our servers and is never transmitted over the network - it is contained in the hash fragment (#) of the link, which stays in your browser only. This prevents any interception by a third party.

Thanks to these enhanced security measures, even if our database were compromised, your secrets would remain unreadable.

No. The secret is permanently deleted from our database as soon as it is viewed. Nobody - including our team - can retrieve it.

No. Encryption and decryption happen entirely in your browser. Our servers never receive the plaintext and do not have the decryption key. Only the person with the link can access the content.

However, if you share the link with us, we will of course be able to view it - just like any other recipient.

If the link shows "Secret not found", it means it has already been viewed or has expired.

If you did not view it yourself, contact the sender immediately.

You choose the duration when creating it: 1 hour, 24 hours, or 7 days.

After that time, the secret is automatically deleted, even if it was never viewed.

Unlike OneTimeSecret and 1ty.me, encryption and decryption happen entirely in your browser. Our servers never see the plaintext and do not have the decryption key.

Unlike Bitwarden Send, no account is required.

Additionally, your data is hosted outside US jurisdiction and is not subject to the CLOUD Act.