FAQ

Sharing secrets is delicate. You don't want sensitive information (confidential information, passwords, API keys, access tokens, key combinations, confessions, etc.) to stay in your Slack channel, Whatsapp chat log, inbox, or any other communication channel. A one-time disposable link guarantees that your secret is only viewed exactly once, before being permanently destroyed.

Use this service in case you want to…

• Share your Netflix password with a family member.
• Send a private message from a public computer.
• Send access tokens, API keys, PIN codes to a friend or coworker.
• Forward payment information such as credit card number or Bitcoin wallet address.
• Confess to a secret crush.
• Transmit information that could be used against you.

Essentially everybody. Everybody should care about privacy.
The means to transmit sensitive information anonymously is especially crucial for journalists, lawyers, politicians, whistleblowers, people who are being oppressed, etc.

After you submit the form your secret will be encrypted and stored. You can now share the generated short link via text message, email or whatever service you trust. (We recommend Signal, Threema or Matrix.) After the recipients clicks the link, the message gets displayed and permanently removed from the database.

For extra security, you can include a password that will be needed to decrypt the message. (We recommend to share the password via a different channel than the link.)

Anonymity, privacy and security. Plain text messages within a chat log can always get traced back to you. There are many scenarios where even disappearing messages are a risk factor: Do other people have access to your phone sometimes? What if you lost your phone? Or even worse, your phone might be compromised on an operating system level. With scrt.link you will always just have a link in your conversation history. After the link has been visited once, it will lead to a 404 error page. There is no way of accessing the original content.

Same answer as for the previous question. Also, the business model behind Snapchat, and every other major social media platform, contradicts the idea of privacy and anonymity. Social media companies need to know their users in order to sell ads.

However, it is fine to share a generated secret link using Snapchat, Facebook, Instagram, Telegram, etc.

Scrt.link is a service by SANTiHANS GmbH, a Swiss based tech company with a mission to advance the web. We operate under Swiss law. As a customer you profit from one of the world's strongest data and privacy protection regulation, the Federal Act on Data Protection (FADP). This product has been created and is operated by @stophecom.

• Text: This is the standard mode. It's the preferred way to share passwords and similar kind of secrets. The recipient has the option to copy the secret. Demo
• File: Drop any file. This feature is currently in beta.
• Redirect: Think about it as a URL-shortener where the generated link only works once.
• Neogram: Digital letter-style message that automatically burns after reading. Use it for confidential notes, confessions or secret love letters. Demo

The current limit is 140 characters for visitors. With a premium plan you can get up to 100,000 characters.

Yes, you can get Email notifications with an account. Go to Account

For each secret, we generate a Secret ID (a random string) which is the only reference to the original message. Once the recipient opens the secret link, we notify you using the chosen method. In the notification we only include the Secret ID - so be sure to store/remember it. Needless to say, the contact information (email or phone number) is never exposed to the recipient.

Email: You'll receive an email from shhh@scrt.link.

This means that the secret link has already been visited. If this happens unexpectedly:

• Check with the sender to make sure the link hasn't been visited by mistake.
• The secret was accessed via brut-force attack or there is an issue with the server infrastructure (don't worry, the contents of the secrets would still be encrypted) - both cases are very unlikely.
• Worst case: A third party accessed the link, which ultimately means, your communication channel and/or either party's device has been compromised.

The scrt.link browser extensions are available for all major browsers:

• Google Chrome
• Mozilla Firefox
• Microsoft Edge

The Slack app lets you use the power of scrt.link without switching apps. Go to the Slack App page for more information. Or get the app right here:

👉 Install Slack App

Important notice: There are limitations when using the Slack Application. Due to the nature of how these apps are designed, full end-to-end encryption is not possible. In most cases this is not a problem and a risk worth taking - however, if you need advanced protection, create secrets on the website instead.

All messages are end-to-end encrypted using AES-256, which is virtually impenetrable using brute-force methods. AES would take billions of years to break using current computing technology. For the highest level of security, an optional password (which is never stored either) will be used to encrypt your message. Read more on our Security page.

We take a number of steps to protect your privacy, detailed on the privacy page - however some of the features require third party services that may have access to personal identifiable information (PII). If you want to further protect your privacy, we recommend the following:

• Connect to our service via a virtual private network (VPN): This way you never expose your personal IP address. We recommend ProtonVPN.
• Use a service such as Abine Blur to hide your personal email address, phone number and/or credit card information.

We generate two random strings, one to identify your secret in the database and one to encrypt your message. We don't store the encryption key. Only with the full link you are able to decrypt the secret.

Nope. It's a one time secret. We show it once and then delete it permanently from the database. There is no backup. It's gone for good.

Sure. You can always take a screenshot. The idea behind this service is to securely share sensitive information one time. We (obviously) don't have control over what a recipient does with the message.

Until the end of times. Seriously, there is no maximum time limit set. But you can always destroy your secret by visiting the secret link.

We work with Stripe as our payment provider. We don't store any payment related information whatsoever.

Our payment provider Stripe offers a variety of payment options: Google Pay, Credit Card (VISA, Mastercard, American Express, etc.) among many others. Once you choose a premium plan you get redirected to Stripe where you can select your preferred method.

Once you subscribe to a premium plan, you get instant access to the corresponding features for as long as the subscription lasts. You will be billed every month or year, based on the selected billing interval. A subscription can be cancelled anytime.

Promo codes can be applied on the Stripe checkout page. Add your personal promo code and hit "Apply". After that you should see a discounted price right away.

Sign in to the account page. Under the "Subscription" tab you can cancel your subscription anytime, no questions asked.

The honest answer: We can't know for sure. It's important to understand that end-to-end-encryption is not possible with Slack apps. However, the communication between our app server and Slack is encrypted and we therefore believe that for 99% of use cases it's safe to use. Still, please be aware that Slack is proprietary software and we don't have control over code that runs your Slack instance. In case you need to be 100% sure, create secrets via the website instead.

Short answer: Don't. That said, we believe in trust through transparency. While you might have something to hide, we don't. That's why all code is open source and available on Gitlab. Feel free to launch your own private Slack App.

We only store data that is necessary to run the app. When you install the app, you grant us specific access rights (e.g. the right to post a secret link in your name). This data includes basic Slack user information (e.g. username, id) as well as the individual authorization tokens. Additionally, we temporarily store data required for read receipts.
We don't store any other data. We do not repurpose, sell or distribute any data we collect. Even if we wanted to, we are not able to identify you as a person, since only Slack may have the relevant information to do so.

First, it's important to understand that this app can still be installed and used in the exact same way as officially listed apps. That said, we tried to submit our app to the Slack App Directory to get listed. But since Slack is literally "restricting the approval of apps that facilitate the sharing of sensitive information" we were not able to do so. Now think about this for a minute. And afterwards, help us spread the word 🥰

The app requires basic information about the user, channels and conversations. Additionally, the app needs the permission to post in your name, join a conversation and make use of slash commands and shortcuts. You'll get more detailed information about permission scopes during the app installation.

No. Currently not. You are welcome.

No. You are very welcome. But, you may of course support this project with a paid subscriptions regardless 🤓.

All code is open-source on Github.

There are easy-to-use npm packages available. For code examples and further information about integration visit the developer blog.