EncryptedSend — send a secret that self-destructs
Share passwords, keys, private notes, and files through a one-time,
end-to-end encrypted link. Everything is encrypted in your browser and
the link is readable once — then it's gone. The server only ever sees
unreadable ciphertext.
- End-to-end encrypted on your device (OpenPGP / AES-256-GCM)
- The decryption key never reaches the server
- Burns after reading — no accounts, no tracking
How it works
Enter a message or attach a file, set when it expires and how many
times it can be opened, and share the encrypted link through your usual
channel. The recipient opens a one-time reveal screen, it decrypts in
their browser, and the secret is permanently destroyed on the server
once read. You can also create a request link that lets someone send
you a secret — the keypair is generated in your browser and
the private half never leaves it.
Why it's safe to trust
EncryptedSend is zero-knowledge by design. Even the operator can't read what you send.
-
Encrypted in your browser — encryption and
decryption happen entirely on your device using OpenPGP
(AES-256-GCM). Plaintext never leaves your computer.
-
The key never touches the server — your decryption
key lives in the link fragment (after the “#”), which browsers never
transmit.
-
Burn after reading — secrets self-destruct after
they're opened, or after the view limit and expiry you set.
-
Only ciphertext is stored — a breach of storage
would reveal nothing but scrambled bytes.
-
No accounts, no tracking — nothing to sign up for,
no personal information collected to share a secret.
-
Open, auditable crypto — built on battle-tested
open-source cryptography, not a homegrown scheme.
Questions
- Can you read my secret?
-
No. It's encrypted in your browser before it's sent, and the
decryption key travels in the link fragment, which is never
transmitted. The server only ever receives and stores ciphertext.
- What happens after it's read?
-
It's permanently deleted from the server the moment it's claimed — or
after the view limit and expiry you chose. There's no archive and no
way to recover it.
- What if the link is intercepted?
-
Because secrets are one-time, if someone opens the link first your
recipient will find it already gone — tampering is visible. Use a
short expiry and a channel you trust.
- Is the cryptography really trustworthy?
-
It uses OpenPGP with AES-256-GCM — standard, audited, open-source
cryptography — running client-side. Nothing homegrown.