How It Works
Secure Link provides secure exchange of confidential information
How to open the link
You received:
📎 Link:
🔑 Key:
Combine them together:
💡 Tip: the link already ends with # (hash symbol) — just append the key right after it
Zero-knowledge
Secure Link uses client-side encryption (WebCrypto API, AES-GCM). The encryption key never leaves your browser and is transmitted separately from the link. The server only stores encrypted data.
Split-link
After creating a note, you receive two parts:
- Link to the note (without key)
- Decryption key (separate)
Send them through different channels for maximum security. For example: link via Telegram, key via Email. Without the key, no one can read the content.
Self-destruction
Notes are automatically deleted after:
- Reaching the view limit (1, 3, or 10)
- Expiration of time period (from 10 minutes to 7 days)
- Clicking the "Close and burn" button
Additional protection
You can set a password for additional protection. The password is never sent to the server and is used for local encryption key generation (PBKDF2).
Decoy Mode
What if you're forced to reveal your password?
Usually, you have no choice. But with CreateSecureLink, you can prepare in advance.
How it works:
- Enable Decoy Mode when creating a link
- Set a Real password (for the recipient) and a Decoy password (for the attacker)
- Write harmless text in the 'Decoy' field (e.g., a shopping list)
Protection scenario:
- ✓Enter Real password → Secret opens
- ✗Enter Decoy password → Shopping list opens
⚠️ Important: In both cases, the note is permanently deleted after viewing. The attacker will see that the link is burned and believe that the 'shopping list' was all there was.
Zero-knowledge principle
We cannot read your data even if we wanted to. Encryption and decryption happen only in your browser. The server receives and stores only encrypted data without the decryption key.