Send it.
Poof, it's gone.

Stop pasting passwords into Teams and email, where they sit in a thread forever. Send a link that destroys itself once it has been read, locked with a key we never get to see.

A password you send should not outlive the person reading it.

Locked before it leaves

Your browser encrypts the secret and puts the key in the part of the link after the #. Browsers never send that part to a server, so the key travels to your recipient and to nobody else.

We cannot read it

All we ever store is the locked box. Not the key, not a copy, not a backup. If someone walked out with our entire database tomorrow, they would have nothing worth reading.

Then it stops existing

Once the last view is spent, the record is deleted. If nobody opens it, it expires on its own anyway. Either way it does not sit in a thread forever.

We hold the locked box.
We never hold the key.

Not as a promise, and not as a policy we could quietly change later. The key is never sent to us, so there is nothing for us to lose, leak, or be made to hand over.

AES-256-GCM
Encrypted in your browser
Zero
Keys held on our servers
Your limit
Reads, then the record is gone