Beta · Security review status: Not independently audited
Private tools for files, secrets, and personal data.
Encrypt files, create secure vaults, remove hidden metadata, redact documents, and share private information — without sending the original content to SecretPNG.
- Local processing
- No account required
- No source-file uploads
- Open format docs
- No ads inside tools
Featured tools
All tools →How your privacy is protected
You choose content
Pick files, type a secret, or drop a photo. It stays in your browser.
Your browser processes it
Encryption and cleaning run locally using standard browser cryptography.
We don't receive the plaintext
Original files, passwords, and keys are never sent to SecretPNG.
You keep the output
Download the result or share ciphertext. You stay in control.
One deliberate exception: secret links
To share a secret with someone else, we store an encryptedcopy on our server until they retrieve it. The decryption key lives in the link's fragment and is never sent to us, so we only ever hold ciphertext we can't read. See what each route sends.
Built to be verifiable
We'd rather show our work than ask for blind trust. These pages document exactly how the tools work and where their limits are.
Frequently asked questions
- Do my files leave my device?
- No. The encryption, metadata, redaction, hashing, scanning, and generator tools process your files entirely in your browser. The one exception is the secret-link tool, which stores encrypted ciphertext on our server so a recipient can retrieve it — the decryption key never reaches us.
- Can SecretPNG recover my password?
- No. We never receive your password or encryption keys, so we cannot reset or recover them. If you lose your password and any recovery key you generated, the encrypted data cannot be recovered — by us or anyone.
- What happens if the site disappears?
- The encrypted-file format is open and documented, and the tools have an offline version you can keep. An encrypted file can be opened by any software that implements the documented format, not just this website.
- Can someone open my encrypted vault without SecretPNG?
- Only someone with the password or recovery key. The format is documented so other software can implement it, but the contents remain protected by AES-256-GCM encryption.
- Are secret links truly one-time?
- A one-time link is destroyed after its first successful retrieval. Be aware that automated systems — corporate mail scanners, chat link previews — can open a link and consume that single view before your recipient does. For sensitive cases, use the “share the key separately” or added-password options.
- Is the site independently audited?
- Not yet. SecretPNG is in beta and has not had an independent security audit. Our source and cryptographic format are documented so they can be reviewed. See the security pages for exactly what has and hasn't been reviewed.
- What browsers are supported?
- Current versions of Chrome, Edge, Firefox, and Safari. The tools use standard browser cryptography (Web Crypto). Saving very large files directly to disk works best in Chrome and Edge.
- Can I use it offline?
- Yes. Core local tools are available as an installable offline app (PWA). Once installed, they work without a network connection. See the download page.
- Does SecretPNG store my files?
- No. Local tools never upload your files. The secret-link feature stores only client-encrypted ciphertext that we cannot read, deleted on expiry or after viewing.
- Why are ads excluded from the secure tools?
- Advertising and analytics scripts are third-party code. Running them alongside your sensitive data would undermine the privacy guarantee, so the secure workspace has none — no ads, no analytics, no third-party scripts.
17 tools available.