How it works
Transparent, secure, and simple.
Encrypt in browser
Your message is encrypted using AES-256-GCM before transmission. The key never leaves your device.
crypto.subtle.encrypt(aesGcm, key, data)Store encrypted data
Only the encrypted blob is stored. The decryption key stays in the URL hash — never sent to our servers.
POST /store { encrypted: "..." }Auto-destruct on view
Once opened, data is permanently deleted. No backups, no logs, no recovery.
DEL secret:{id}Open source
Auditable code on GitHub
GDPR compliant
Privacy by design
No tracking
Zero analytics, no cookies
No server access
Keys stay local