Skip to content
SecretPNG

How it works

The short version: the sensitive work happens in your browser, not on our servers. Here is what that actually means, and the one honest exception.

The local-first flow

Every core tool follows the same shape. Nothing about your content is transmitted for these steps — the tool is just JavaScript running on the page you already loaded.

  1. 1You pick contentYou choose a file, folder, photo, document, or text right in your browser. It is not uploaded when you select it.
  2. 2Your browser does the workThe tool processes or encrypts it locally using the browser's built-in Web Crypto API and other on-device APIs.
  3. 3We never receive the plaintextFor the core tools, the original content and any password stay on your device. There is nothing on our side to leak.
  4. 4You keep the outputThe cleaned file, encrypted vault, or generated value is saved by you — downloaded or copied — and stays under your control.

The one exception: secret links

Sharing a secret with someone else needs somewhere to put it, so the one-time secret-link tool does use server storage — carefully. Your secret is encrypted in your browser first, and only the resulting ciphertextis sent to and stored on our server. The decryption key is placed in the link's URL fragment (the part after #), which browsers never send to any server. So we hold an encrypted blob we cannot read, and the key travels only in the link you share. Links can burn after one view or expire on a timer. That is the only tool that stores anything server-side, and it never stores a key or plaintext.

Why two layers

The site is deliberately split in two. Public pages — the homepage, guides, and informational pages — may show ads and, with your consent, load analytics. That is how the project is funded. The secure workspace at /app, where the tools actually run, is ad-free and analytics-free by construction: none of that code is loaded there, and a strict Content Security Policy forbids it. You can watch this for yourself with the workspace's live network monitor. The full breakdown is on the network transparency page.

The honest caveat about hosted tools

Running in your browser removes the need to trust us with your files, but it does not remove all trust: each time you load a hosted page, you are trusting the JavaScript we serve at that moment. If that matters for your threat model, install the offline app — it turns this into a one-time trust decision and can run with networking disabled, so there is no ongoing server to trust and no network activity at all.

Go deeper

For the exact algorithms and parameters, see cryptography. For precisely what each route sends over the network, see network transparency.