Share a secret, exactly once
Send passwords, keys, and sensitive files as encrypted links that self-destruct after a single view. Everything is encrypted in your browser before it leaves your machine, so nobody else can read it. Not even us.
How it works
Three steps, zero trust required
Encrypted in your browser
Your secret is sealed with AES-256-GCM before anything is sent. Only the encrypted blob ever reaches our server.
The key travels in the link
The decryption key lives in the part of the link after the #, which browsers never send to any server. Whoever has the link can decrypt; nobody else can.
Gone after one view
The moment the recipient opens it, the secret is deleted from storage. Unopened secrets are deleted when they expire.
Security
What we can and cannot see
- Encryption and decryption happen entirely in your browser with the Web Crypto API. The server only ever stores ciphertext.
- The decryption key and the secret's identifier stay in the URL fragment. They never appear in our server logs or anyone's access logs.
- Retrieval is destructive: the stored ciphertext is deleted in the same operation that returns it.
- No accounts, no cookies, no trackers, no analytics.
- Built and run by Mainlines, the data and AI consultancy behind mainlines.ai.