the server only sees ciphertext
Share secrets that vanish.
Encrypted in your browser, unreadable to the server, gone after viewing. True zero-knowledge.
Create a note
How it works
- 01WRITE
Write your note
Encrypted with AES-256-GCM in your browser before anything touches the network.
- 02SHARE
Share the link
The decryption key rides in the link fragment, the part of a URL browsers never send to servers.
- 03DESTROY
Read once, then gone
Opening the note destroys it. Unopened notes expire on a schedule you set, 10 minutes to 90 days.
READOUT / SERVER SIDE
What reaches our server
Encryption happens before upload, and the key never leaves the link fragment. All we can store is ciphertext with an expiry date.
Keys stay with you
Link keys live in the URL fragment. Password keys are derived in your browser with PBKDF2.
Ciphertext at rest
The database holds encrypted bytes and an expiry date. Passwords are stored only as bcrypt hashes.
Nothing to correlate
No analytics and no ad scripts. Rate limiting uses anonymous credentials (ARC) instead of logging who you are.
door code is 4417, delete this after reading
o5T9dXcE2K/wYq7hZk0mQxV3sB1uNfLgjRa8pDwiCH6yUOJtM4vGnrPS+Abek9zFqW5hT2cLxYmD0uK8sNVi7EJgw==
100% Open-Source
Every line of code that touches your notes is public, MIT-licensed, and self-hostable. Audit it, fork it, or run your own.
- LICENSE
- MIT
- TRACKING
- none
- SELF-HOST
- yes
PRIVACY IS NOT A GIFT
Fight Chat Control
The EU's Chat Control law allows AI scanning of private messages. Learn how to act.