Why I cannot see your key.
The architecture of the web guarantees that the portion of a URL after the #
symbol — the fragment — is never sent to the server.
Anatomy of a Secret
Consider the link you receive when brokering a secret:
https://secret.broker/reveal/ab12-cd34-ef56#x8z9-Key-123
What I See
https://secret.broker/reveal/ab12-cd34-ef56
I receive the request for the payload ID. I deliver the encrypted lockbox.
What You Keep
#x8z9-Key-123
This stays in your browser. It is the key to open the lockbox.
Mathematics, not Policy
I do not rely on a "privacy policy" to keep your secrets safe. I rely on the design of the HTTP protocol. Even if I wanted to peek, your browser simply does not send me the key.