Zero-knowledge backend
verified_userProtectedWe don't hold the keys. We never see your messages. We can't decrypt your files even if we wanted to.
End-to-end encrypted · zero-knowledge backend
Encrypted links for
private messages and files.
Encrypt before you send. Share through any app. Only the intended recipient can open it.
lockAES-256-GCMvpn_keyKeys never leave your devicecodeOpen source · Apache 2.0
lockEncrypted · ready to shareopaque link
link
schedulePaste it into Slack, WhatsApp or email — the channel only ever sees this link.
How it works
Three steps, end to end.
A privacy layer over the channels you already use — not another chat app to move your contacts into.
enhanced_encryption
01 · ENCRYPT LOCALLY
Your message and files are encrypted on your device with AES-256-GCM before anything is uploaded. Plaintext never leaves you.
send
02 · SHARE ANYWHERE
Paste the link into Slack, WhatsApp, iMessage, or email. The channel only ever sees an opaque link.
forumSlackchatWhatsAppalternate_emailEmail
key
03 · RECIPIENT DECRYPTS
Only the recipient's private key — which never leaves their device — can open it. Wrong key, no decryption.
timer
Self-destruct
Links expire on a timer — 10m / 1h / 24h / 7d — or after a set number of opens, and can be revoked instantly.
10m1h24h7d
fingerprint
Biometric unlock
Require Face ID or Touch ID before decryption on mobile.
faceFace ID required to open
Security principles
Trust built into the architecture.
Not policy promises — properties of the system. Here's what the server can and can't ever see.
Ciphertext only
The server stores ciphertext + minimal metadata. Never plaintext, previews, attachments, or your keys.
Keys stay on your device
Keypairs are generated and held on your device and never leave it, unless you export an encrypted backup.
Open source
Our cryptography is open source (Apache 2.0) and independently auditable.
Self-destruct & revoke
Set expiry and max opens up front, and purge the ciphertext from the server at any time with one tap.