Send Self-Destructing Messages and Notes

Read once, then gone.

What a self-destructing message is

You have a message or note that someone needs to read once. You paste it, your browser encrypts it, and you get a link. The recipient opens the link, reads the message, and the server deletes the encrypted data. The link stops working after that.

The deletion is permanent. The ciphertext is overwritten, not archived or hidden. There's no admin recovery.

How it works

Your browser encrypts the message with XChaCha20-Poly1305 before sending anything to the server. The decryption key goes into the URL fragment, the part after the #, which your browser never includes in server requests.

When the recipient opens the link, their browser requests the encrypted data, reads the key from the fragment, and decrypts locally. Once the view limit is reached, the server hard-deletes the ciphertext.

The server handles storage and deletion. I don't have the key to read what's stored.

Burn after reading

With the view limit set to 1, the first person to open the link reads the message and triggers the deletion. If you send the link to someone and they tell you they can't open it, you know someone else got to it first.

One-time secret links

A one-time link is a self-destructing message with a view limit of 1. One person opens it, reads it, and the link goes dead. If anyone tries it again, there's nothing to see.

People call them different things: one-time secrets, self-destructing notes, disappearing messages, ephemeral links. The mechanics are the same. The secret exists until it's read, and then it doesn't.

Multiple readers

Not every message is one-to-one. If you need five people to read the same message, set the view limit to 5. Each person opens the link and reads it, and once the fifth person opens it, the data is deleted.

You can also set the view limit higher than the number of recipients as a buffer, then let the expiry timer handle the cleanup. A message with 10 views and a 1-hour expiry will self-destruct when either limit is hit first.

What you can send

Any text up to 20 MB: passwords, credentials, notes, instructions, account details. You can also attach files — documents, config files, images, whatever — which are compressed and encrypted alongside the text.

A two-word password and a ten-page document go through the same XChaCha20-Poly1305 encryption. Your browser handles it the same way regardless of size or content.

What this replaces

Any time you'd normally send something sensitive in a regular message and then ask the other person to delete it. That workflow depends on them actually doing it, and on the platform actually removing it from search indexes, backups, and compliance archives. Most platforms don't.

With a self-destructing link, the server deletes the data whether the recipient remembers to or not. The only copy after that is whatever they saved on their own device.

No account, no history

There's no signup and no login. You create a message, get a link, and that's the only record. There's no dashboard of past messages, no way to look up what you've shared before.

If you're specifically sharing credentials, the password sharing and API key pages cover those workflows in detail. The protocol page documents what the server stores and when it's deleted.

Send a Message