Secure Message

Share a secret (password, confidential note) through a link that self-destructs after reading

  • Optional password protection
  • Encrypted in your browser
  • Readable only once
  • Permanently destroyed after reading
  • Configurable automatic expiration

100% local encryption — your secret is never readable by our server

Why use a secure messaging service?

Sending a password or confidential information by email or chat leaves a permanent trace: copies on mail servers, backups, a screenshot by the recipient, conversation history. A password sent over Teams two years ago is still readable today by anyone who can access that conversation.

Our tool solves the problem with three principles: end-to-end encryption (E2E), one-time reading, automatic expiry. The secret is encrypted in your browser with a random key carried inside the URL fragment (after the #) — a fragment that browsers never send to servers. Only the recipient, opening the link, reconstructs the key locally to decrypt.

How does it actually work?

You type your text, pick an expiry (5 minutes to 30 days), optionally add an extra password and a notification email. The tool generates a one-time link that you share through any channel you like. As soon as the recipient opens it and decrypts, the encrypted content is deleted from the server — no copy remains, not even ciphertext.

The algorithm is AES-256-GCM, today’s standard for authenticated encryption. If you supply a notification email, you receive a message with the secret’s identifier and the read time (in Luxembourg timezone) — you know the recipient got it, without ever seeing the content transit.

Frequently asked questions

Can you read my messages?
No. Encryption happens in your browser with a random key that never leaves your device — it travels inside the shared link (after the #) and web servers never receive what follows the #. Even if someone accesses our servers, they only see AES-256-GCM ciphertext, unusable without the key.
What happens if nobody reads the message?
The message is automatically deleted at the expiry you chose (5 minutes to 30 days). An hourly cleanup scans and removes expired files. No way to recover it afterwards — including by us.
What does the optional extra password do?
The recipient will have to type it to decrypt. Useful if you want to send the link on one channel (e.g. email) and the password on another (e.g. phone) — that’s out-of-band sharing, which makes an attacker who intercepts only one channel unable to read the content.