ENCRYPTEDLINK

Security comes first here

Built into the architecture, not bolted on afterwards

Why we built it this way

We kept running into secret-sharing tools that treat security as a feature to list rather than the foundation to build on. Plaintext sitting in a database, keys the operator can read, links that linger long after they should be gone. We thought that was backwards.

So we started from the opposite end. Every decision about how EncryptedLink stores, moves and deletes your data was made with one question first: what happens if our servers are compromised tomorrow? The answer we wanted was simple. Your secrets stay unreadable, because we never had the means to read them in the first place.

Don't take our word for it

Security claims are easy to make and hard to prove, so we had ours checked by independent tools you can run yourself, right now, against the live site.

internet.nl

100% score

Modern internet standards: TLS configuration, DNSSEC, and mail security all pass.

Run the test

securityheaders.com

A+ rating

A complete set of HTTP security headers, including a nonce-based Content Security Policy.

Check the headers

pentest-tools.com

No high, critical or medium issues

An automated vulnerability scan across 40 checks finds nothing above informational.

Scan it yourself

Results reflect the live site at the time you run each test.

Tested, not just claimed

  • Over 300 xUnit unit and integration tests run before every release, covering the encryption service, the access and passphrase rules, and the API endpoints: ciphertext round-trips correctly, a tampered message is rejected, and a wrong passphrase reveals nothing.
  • A Playwright end-to-end suite spins up the whole stack in throwaway containers built like production, then drives a real browser through create, share, open, decrypt and self-destruct, including checks that the plaintext and the key never leave the browser.

The protections in place

Encrypted in your browser

AES-256-GCM runs on your device before anything is uploaded, so we only ever receive ciphertext.

The key is never sent

The decryption key lives in the link fragment after the # symbol, which browsers never transmit.

Encrypted again at rest

A second server-side layer protects stored data even from someone with direct database access.

Self-destructs

Once the views run out or it expires, the encrypted data is deleted for good and cannot be recovered.

Passphrase and lockout

Add an optional passphrase. Wrong guesses are rate limited and the secret burns after too many tries.

No accounts, no tracking

No analytics and no metadata that could tie a secret back to you. Nothing to sign up for.