How we guarantee your privacy

All encryption and decryption happens exclusively in your browser using the Web Crypto API (SubtleCrypto). We use AES-256-GCM — the same algorithm used by the NSA for Top Secret information. A unique 256-bit key is generated per secret using crypto.getRandomValues(), which provides cryptographically strong randomness. The IV (initialization vector) is randomly generated and prepended to the ciphertext.

The decryption key is embedded in the URL fragment — the part after the # symbol. Per the HTTP specification, URL fragments are never transmitted to servers. Our infrastructure receives only the encrypted ciphertext. Even if our entire database were seized, every record would be meaningless without keys that were never sent to us.

Before storing ciphertext, we compute HMAC-SHA256 over the ciphertext using the encryption key. This HMAC is stored alongside the ciphertext. Before decryption, the client verifies the HMAC. If a server-side attacker replaced the ciphertext with a malicious payload, the HMAC check would fail — protecting against key commitment attacks.

We use Cloudflare Durable Objects to enforce single-read guarantees. A distributed lock prevents race conditions: if 100 users click the same link simultaneously, exactly one gets the data and the other 99 receive a 410 Gone response. The deletion occurs in the same atomic operation as the read — there is no window between 'read' and 'delete'.

Slack, Telegram, Discord, and WhatsApp send crawlers to generate link previews. These bots would burn one-time secrets before humans open them. Our edge gateway detects bots by User-Agent patterns and IP ASN ranges. Bots receive a safe OG preview page — without triggering the burn. Only interactive human browser sessions can reveal secrets.