Security

How Ciphera keeps your secrets safe

Zero-knowledge architecture means we are technically incapable of reading your secrets — not just by policy, but by design. Here is exactly how it works.

End-to-End Encryption

Every secret is encrypted directly in your browser before any data leaves your device. The encryption key is generated fresh for each secret using your browser's built-in cryptography engine, which uses hardware-level entropy. Our servers only ever receive ciphertext.

URL Fragment Key — Never Sent to Server

The encryption key is embedded in the URL fragment (the part after #). By specification, browsers never include the fragment in HTTP requests. This means Ciphera's server never sees the key — ever. We receive only ciphertext with no way to decrypt it.

Zero Plaintext Storage

We store only encrypted ciphertext and metadata (expiry settings, view counts, file references). No plaintext, no keys, no user data. A complete dump of our database would be cryptographically useless to any attacker.

Immediate Deletion on Burn

When a secret reaches its view limit or time limit, it is deleted instantly — both the database record and any associated file stored on our servers. The deletion happens server-side immediately, not on a schedule. There is no recovery after a burn.

Optional Password Layer

If a sender adds a password, recipients must provide it before the encrypted payload is returned. Wrong passwords don't consume a view count — rate limiting kicks in after 5 wrong attempts per secret. The password itself is never stored; only a hash for verification.

Rate Limiting & Abuse Protection

Every endpoint is rate limited by IP. Secret creation is limited to 5 per minute. View attempts to 30 per minute. Password attempts to 5 per 10 minutes per secret. CAPTCHA protects the creation flow from automated abuse.

What we cannot protect against

  • ·If you share a link via a compromised channel and someone intercepts it before the intended recipient opens it.
  • ·If the recipient's device or browser is compromised at the time of decryption — decryption happens locally, and malware on their device could intercept the plaintext.
  • ·Screenshots or screen recordings taken by the recipient after decryption.
  • ·Secrets with high view counts that remain active for a long time reduce security — use the lowest view count and shortest time window appropriate for your needs.