scrt.link Alternative: Secret Sharing with XChaCha20
Both encrypt in your browser. Different ciphers, different trade-offs.
How scrt.link works
scrt.link encrypts your secret in the browser with AES-256-GCM before sending anything to the server. The decryption key is part of the URL fragment, the part after the #, which your browser never sends to the server. The server stores ciphertext it can't read. This is a zero-knowledge architecture, the same category as Secret.Broker.
The tool is open source under the MIT license. The company behind it, SANTiHANS GmbH, is based in Basel, Switzerland. File storage uses Swiss infrastructure through Flow Swiss AG. The web application itself is hosted on Vercel.
What scrt.link offers
The free tier handles text and files up to 10 MB without an account. There's a 150-character limit on text secrets and a fixed 24-hour expiry on the free plan.
Paid tiers ($1/month and $5/month) unlock longer expiry up to 30 days, files up to 100 GB, read receipts, password protection, and API access. A business plan adds custom domains and white-label branding.
scrt.link also has secret types that go beyond text and files. Snap is disappearing photo sharing. Neogram is a styled one-time letter with a burn-after-reading visual. Secret Redirect is a one-time URL shortener where the destination itself is encrypted. These are paid features.
Where the tools differ
Both tools use client-side encryption. The difference is in the cipher and what you get without paying.
scrt.link uses AES-256-GCM. Secret.Broker uses XChaCha20-Poly1305. Both are authenticated encryption ciphers. XChaCha20 has a 192-bit nonce, which eliminates the practical risk of nonce collision across billions of secrets without nonce management. For the cipher details, see the protocol page.
Secret.Broker has no paid tiers. File attachments up to 20 MB, view limits from 1 to 25, and expiry from 15 minutes to 30 days are all included. Paranoid mode splits the link and decryption key for two-channel delivery. There's no character limit on text.
scrt.link's creative secret types (Snap, Neogram, Redirect) don't have equivalents in Secret.Broker. If you need disappearing photos or one-time URL redirects, scrt.link has that covered.
Feature comparison
- scrt.link: client-side AES-256-GCM, open source (MIT), Swiss-hosted, files up to 10 MB free / 100 GB paid, 150-char text limit on free tier, expiry 24h free / up to 30 days paid, Snap + Neogram + Redirect, browser extensions, API on paid plans
- Secret.Broker: client-side XChaCha20-Poly1305, files up to 20 MB, no text limit, view limits 1-25, expiry 15 min to 30 days, paranoid mode, no paid tiers, no account
For a broader comparison across tools, see the alternatives comparison.
Also compare: vs 1time.io and vs Yopass.
Common questions
Is scrt.link secure?
Yes. scrt.link uses client-side AES-256-GCM encryption. The server stores only ciphertext and doesn't have the decryption key. The code is open source under the MIT license and the company is based in Switzerland. There's no published third-party security audit, but the source code is available for review on GitHub.
Does scrt.link require an account?
Not for basic use. You can create text and file secrets on the free tier without signing up. An account is needed for paid features like extended expiry, larger file limits, Snap, Neogram, and API access.
What's the difference between scrt.link and Secret.Broker?
Both encrypt in your browser before anything reaches the server. scrt.link uses AES-256-GCM and offers creative secret types like Snap and Neogram on paid tiers. Secret.Broker uses XChaCha20-Poly1305 and includes all features free with no account, plus configurable view limits and paranoid mode for split-key delivery.
Is scrt.link free?
The free tier covers text (150-character limit) and files up to 10 MB with a 24-hour expiry. Paid plans from $1/month unlock longer expiry, larger files, read receipts, and additional secret types.