Secure Note

Send a note that self-destructs after reading.

🔒 Encrypted in your browser. We never see the contents.

Share passwords securely with a self-destructing link

Emailing a password or pasting an API key into chat leaves it sitting in inboxes and logs forever. Secure Note gives you a link that works exactly once: the recipient opens it, reads the secret, and it's permanently deleted.

Everything is end-to-end encrypted with AES-256-GCM. The key that unlocks the note is embedded in the link fragment and never reaches our servers — so even we can't read what you sent. It's a free, zero-knowledge alternative to Privnote, built by TheDock.

Frequently asked questions

How does a self-destructing note work?

Your note is encrypted in your browser before it's sent. We store only the encrypted blob and hand you a one-time link. The first time someone opens that link the note is decrypted locally and then permanently deleted from our servers.

Can you read my note?

No. Encryption and decryption happen entirely in the browser using AES-256-GCM. The decryption key lives in the link fragment (after the #), which is never sent to our servers, so we only ever see unreadable ciphertext.

What if the link is opened by a link scanner?

Reading requires an explicit click on 'Reveal note', so most automatic link previews (Slack, email scanners) won't burn it. Still, only share the link with the intended recipient over a trusted channel.

How long is a note stored?

Until it's read once, or until the expiry you choose (from 5 minutes up to 7 days), whichever comes first. After that it's gone for good.