How it works
Simple. Secure. Gone.
No trust required. The architecture makes it impossible for anyone — including us — to read your secret.
You write or upload your secret
Paste text, code, credentials, or drop any file. Choose how it expires: after a number of views, after a time limit, or both — whichever hits first triggers permanent deletion.
Your data never leaves your device unencrypted. Before any network request is made, your browser generates a unique encryption key using its built-in cryptography engine.
Your browser encrypts it — not our server
The encryption key is generated locally. Your secret is encrypted entirely in your browser before a single byte is transmitted.
The key is then encoded as a URL-safe base64 string and placed in the URL fragment (#key). Browsers never send the fragment to servers — it is processed only client-side. Our server receives ciphertext with no key.
Share the link or QR code
Copy the full link (with the key in the fragment) or download the QR code. Use auto-send to deliver directly to recipients via email — the platform sends the link, QR and password to each inbox.
If sharing manually, send the password via a separate channel. The link itself contains the key — treat it like the secret itself. Sharing it is sharing access.
Recipient opens and decrypts — also in their browser
When the recipient opens the link, their browser reads the key from the fragment, fetches the ciphertext from our server, and decrypts it locally. Our server only sees a request for an encrypted blob.
If you set a password, they must enter it first. Wrong passwords don't register as views. Once they see the decrypted content, the view count increments.
It self-destructs
The moment the view limit is hit or the time limit expires, Ciphera permanently deletes the secret and any associated file from our servers.
There is no recovery. No archive. No backup that retains the secret. It is gone.