- $ aes-256-gcm --encrypt
- OK key stays in #fragment
- NULL server sees nothing
Send secrets that disappear forever.
End-to-end encrypted notes with zero-knowledge architecture. The server never sees your content. No accounts, no logs, no backdoors.
Security by design
Zero-Knowledge
The server stores only encrypted data. Even administrators cannot read your notes. Privacy is enforced by mathematics, not trust.
AES-256-GCM
Military-grade encryption. Keys generated locally in your browser - never leave your device.
Burn After Reading
Notes self-destruct after a single read - instantly or with a 5-minute delay. No traces left on the server.
No Account Required
Encrypt and share notes without signing up. A free account unlocks note history, secure requests, emergency wipe, and more.
How It Works
Write
Type or paste your secret content into the secure editor.
Encrypt
AES-256 key generated locally. Content encrypted before leaving your browser.
Share
Get a secure link. The encryption key lives in the URL fragment - invisible to the server.
Stop sending and receiving secrets in plain text
Someone asks for your credit card number. How do you send it?
06/28 CVV: 847
🔥 burns 5 min after reading
What the server knows
Other note apps claim to be "secure" but keep metadata, backups, and secondary keys. We've built a wall that even we can't climb.
Don't trust us - verify. Every note includes a transparency panel showing exactly what the server received: encrypted blob, IV, access password. You confirm the server never saw your content.
* IP addresses are never stored in full. The third segment is permanently removed. Encryption happens entirely on your device.
Feature comparison
| Feature | SecretNotes | Pastebin | PrivateBin | Hastebin | 0bin* |
|---|---|---|---|---|---|
| E2E Encryption | ✓ | ✗ | ✓ | ✗ | ✓ |
| Zero-Knowledge | ✓ | ✗ | ✓ | ✗ | ✓ |
| Burn after read | ✓ | ✗ | ✓ | ✗ | Partial |
| No account needed | ✓ | ✓ | ✓ | ✓ | ✓ |
| Syntax highlighting | ✓ | ✓ | Limited | ✓ | ✗ |
| No ads | ✓ | ✗ | ✓ | ✓ | ✓ |
| Modern responsive design | ✓ | Partial | ✗ | Partial | ✗ |
| Encryption proof panel | ✓ | ✗ | ✗ | ✗ | ✗ |
| Brute-force protection | ✓ | ✗ | Partial | ✗ | ✗ |
| Encrypted secret requests ** | ✓ | ✗ | ✗ | ✗ | ✗ |
| Emergency wipe ** | ✓ | ✗ | ✗ | ✗ | ✗ |
| E2E encrypted messenger ** | ✓ | ✗ | ✗ | ✗ | ✗ |
** Available with a free account (login required).
* 0bin - abandoned project (last commit: 2021). PrivateBin - primarily self-hosted.
Partial - "Partial" - 0bin supports burn-after-read but without access password protection; anyone with the link can trigger destruction. Pastebin/Hastebin have basic mobile views but no dedicated responsive design.
Limited - "Limited" - PrivateBin offers basic syntax highlighting with a manual language selector, without auto-detection or modern rendering (Shiki).
What makes us different
Transmission manifest
Before sending, you see exactly what data leaves your browser - encrypted blob, IV vector, access password. You verify that the server receives only ciphertext.
Split link sharing
Send the link without the key, and deliver the encryption key through a separate channel. Even a link leak won't compromise the content.
Two-layer protection
Every note has two independent locks: a 6-character access password (verified by server) and an AES-256 encryption key (needed to decrypt). Knowing one without the other is useless.
Per-note locking
Failed decryption attempts lock that specific note - not your IP, not other notes. After a cooldown, the note unlocks automatically.
Auto URL cleanup
The decryption key is automatically removed from the address bar after opening a note. It won't appear in browser history or address bar suggestions.
Secure requests
Need someone to send you a secret? Create an encrypted request - the recipient types their response directly in the browser, encrypted with your key. Only you can read it.
Emergency wipe
One click to burn all your notes and request responses instantly. When you need to act fast, the emergency wipe destroys all encrypted data in seconds - irreversibly.
Vault aesthetic
Dark, premium design inspired by luxury safes. Gold accents, monospace technical details - every element communicates security and trust.
Encrypted messenger
Real-time end-to-end encrypted conversations with PBKDF2 key derivation. Messages are encrypted in your browser before sending - the server only stores ciphertext. Includes read receipts, group chats, and panic mode to instantly wipe decrypted messages from memory.
35 Languages, Zero Compromises
SecretNotes is fully available in 35 languages - interface, metadata, and all messages. Privacy should have no language barrier. Your secrets, your language.
Ready to send a
secret?
Free. No account. No tracking. Your data stays yours.
Nobody can read your messages, not even
Simple pricing
| Feature | Guest | Free account | ★ Premium |
|---|---|---|---|
| Max note length | 100,000 chars | 200,000 chars | 400,000 chars |
| Max expiry time | 48 hours | 30 days | 6 months |
| Daily note limit | 15 notes | 50 notes | Unlimited |
| Secure requests | ✗ | 3/day | Unlimited |
| Emergency wipe | ✗ | ✓ | ✓ |
| Note history | ✗ | ✓ | ✓ |
| E2E encryption | ✓ | ✓ | ✓ |
| Burn after reading | ✓ | ✓ | ✓ |
| Syntax highlighting | ✓ | ✓ | ✓ |
| Encrypted messenger | ✗ | 3 conversations | Unlimited + groups |
| File encryption app | ✗ | ✗ | Coming soon |
| Price | Free | Free | Coming soon |
- Max note length100,000 chars
- Max expiry time48 hours
- Daily note limit15 notes
- Secure requests✗
- Emergency wipe✗
- Note history✗
- E2E encryption✓
- Burn after reading✓
- Syntax highlighting✓
- Encrypted messenger✗
- File encryption app✗
- Max note length200,000 chars
- Max expiry time30 days
- Daily note limit50 notes
- Secure requests3/day
- Emergency wipe✓
- Note history✓
- E2E encryption✓
- Burn after reading✓
- Syntax highlighting✓
- Encrypted messenger3 conversations
- File encryption app✗
- Max note length400,000 chars
- Max expiry time6 months
- Daily note limitUnlimited
- Secure requestsUnlimited
- Emergency wipe✓
- Note history✓
- E2E encryption✓
- Burn after reading✓
- Syntax highlighting✓
- Encrypted messengerUnlimited + groups
- File encryption appComing soon
All plans include full AES-256-GCM encryption, zero-knowledge architecture, and brute-force protection.
Frequently Asked Questions
How do I securely send a password or login credentials to someone?
Use an encrypted, self-destructing note. SecretNotes encrypts your content with AES-256 in your browser and generates a one-time link. Once read, the note is permanently deleted from the server. Never send passwords via email, SMS, or chat.
How do I send a message that disappears after being read?
Create a note on SecretNotes with the "Burn after read" option. Once the recipient opens the link, the message is immediately and irreversibly deleted. You can also set an expiry time - the note will vanish automatically even if nobody opens it.
Is it safe to send passwords via email, SMS, or Messenger?
No. Messages stay in history permanently. If someone gains access to your or the recipient's account or device, they can see every password. With SecretNotes, the message is encrypted in-browser and destroyed after reading. No trace remains.
How do I securely share confidential data over the internet?
Don't send it via email or chat - it stays in history. SecretNotes encrypts data with AES-256 in the browser. Even if someone accesses the recipient's account, they'll find only an encrypted string useless without the one-time key.
Can the website or app developers read my messages?
On most services, yes - server-side data is unencrypted. SecretNotes uses zero-knowledge architecture: encryption happens in your browser, and the key never reaches the server. Neither developers nor any third party can read your data.
How can I make sure nobody reads my private data?
Use end-to-end encryption with zero-knowledge architecture. SecretNotes encrypts content with AES-256 in the browser. The key exists only in the recipient's link and is never stored on the server. Enable self-destruct so data doesn't exist longer than needed.
Is it safe to send passwords on Slack, Teams, or Discord?
No. Message history is accessible to admins, channel members, and the service provider. Someone joins the channel or searches the history - and they have your passwords. Send a one-time SecretNotes link instead, which is permanently destroyed after opening.