Share a secret, exactly once

Send passwords, keys, and sensitive files as encrypted links that self-destruct after a single view. Everything is encrypted in your browser before it leaves your machine, so nobody else can read it. Not even us.

0 / 10,000 characters

Expires after

The link also dies the moment it is viewed, whichever comes first.

How it works

Three steps, zero trust required

  1. Encrypted in your browser

    Your secret is sealed with AES-256-GCM before anything is sent. Only the encrypted blob ever reaches our server.

  2. The key travels in the link

    The decryption key lives in the part of the link after the #, which browsers never send to any server. Whoever has the link can decrypt; nobody else can.

  3. Gone after one view

    The moment the recipient opens it, the secret is deleted from storage. Unopened secrets are deleted when they expire.

Security

What we can and cannot see

  • Encryption and decryption happen entirely in your browser with the Web Crypto API. The server only ever stores ciphertext.
  • The decryption key and the secret's identifier stay in the URL fragment. They never appear in our server logs or anyone's access logs.
  • Retrieval is destructive: the stored ciphertext is deleted in the same operation that returns it.
  • No accounts, no cookies, no trackers, no analytics.
  • Built and run by Mainlines, the data and AI consultancy behind mainlines.ai.