What topic can we help you with?
Why should I use this service?
Sharing secrets is delicate. You don't want sensitive information (confidential information, passwords, API keys, access tokens, key combinations, confessions, etc.) to stay in your Slack channel, Whatsapp chat log, inbox, or any other communication channel. A one-time disposable link guarantees that your secret is only viewed exactly once, before being permanently destroyed.
Use this service in case you want to…
- Share your Netflix password with a family member.
- Send a private message from a public computer.
- Send access tokens, API keys, PIN codes to a friend or coworker.
- Forward payment information such as credit card number or Bitcoin wallet address.
- Confess to a secret crush.
- Transmit information that could be used against you.
Who is it for?
Essentially everybody. Everybody should care about privacy.
The means to transmit sensitive information anonymously is especially crucial for journalists, lawyers, politicians, whistleblowers, people who are being oppressed, etc.
How does the service work?
After you submit the form your secret will be encrypted and stored. You can now share the generated short link via text message, email or whatever service you trust. (We recommend Signal, Threema or Matrix.) After the recipients clicks the link, the message gets displayed and permanently removed from the database.
For extra security, you can include a password that will be needed to decrypt the message. (We recommend to share the password via a different channel than the link.)
What is the difference to disappearing messages on Signal or Whatsapp?
Anonymity, privacy and security. Plain text messages within a chat log can always get traced back to you. There are many scenarios where even disappearing messages are a risk factor: Do other people have access to your phone sometimes? What if you lost your phone? Or even worse, your phone might be compromised on an operating system level. With scrt.link you will always just have a link in your conversation history. After the link has been visited once, it will lead to a 404 error page. There is no way of accessing the original content.
What is the difference to Snapchat?
Same answer as for the previous question. Also, the business model behind Snapchat, and every other major social media platform, contradicts the idea of privacy and anonymity. Social media companies need to know their users in order to sell ads.
However, it is fine to share a generated secret link using Snapchat, Facebook, Instagram, Telegram, etc.
Who is behind this service?
Scrt.link is a service by SANTiHANS GmbH, a Swiss based tech company with a mission to advance the web. We operate under Swiss law. As a customer you profit from one of the world's strongest data and privacy protection regulation, the Federal Act on Data Protection (FADP). This product has been created and is operated by @stophecom.
Product and Service
Text, Files, Redirect und Neogram?
- Text: This is the standard mode. It's the preferred way to share passwords and similar kind of secrets. The recipient has the option to copy the secret. Demo
- File: Drop any file. This feature is currently in beta.
- Redirect: Think about it as a URL-shortener where the generated link only works once.
- Neogram: Digital letter-style message that automatically burns after reading. Use it for confidential notes, confessions or secret love letters. Demo
What is the maximum message size?
The current limit is 140 characters for visitors. With a premium plan you can get up to 100,000 characters.
Can I get notified when a secret has been viewed?
How do read receipts work?
For each secret, we generate a Secret ID (a random string) which is the only reference to the original message. Once the recipient opens the secret link, we notify you using the chosen method. In the notification we only include the Secret ID - so be sure to store/remember it. Needless to say, the contact information (email or phone number) is never exposed to the recipient.
Email: You'll receive an email from firstname.lastname@example.org.
SMS: You'll receive an SMS notification from +17744694525.
Why do I get "Secret not found" error?
This means that the secret link has already been visited. If this happens unexpectedly:
- Check with the sender to make sure the link hasn't been visited by mistake.
- The secret was accessed via brut-force attack or there is an issue with the server infrastructure (don't worry, the contents of the secrets would still be encrypted) - both cases are very unlikely.
- Worst case: A third party accessed the link, which ultimately means, your communication channel and/or either party's device has been compromised.
Where can I find the browser extensions?
Where can I get the Slack App?
The Slack app lets you use the power of scrt.link without switching apps. Go to the Slack App page for more information. Or get the app right here:
Important notice: There are limitations when using the Slack Application. Due to the nature of how these apps are designed, full end-to-end encryption is not possible. In most cases this is not a problem and a risk worth taking - however, if you need advanced protection, create secrets on the website instead.
Security and Privacy
How secure is this service?
All messages are end-to-end encrypted using AES-256, which is virtually impenetrable using brute-force methods. AES would take billions of years to break using current computing technology. For the highest level of security, an optional password (which is never stored either) will be used to encrypt your message. Read more on our Security page.
How is my privacy protected?
We take a number of steps to protect your privacy, detailed on the privacy page - however some of the features require third party services that may have access to personal identifiable information (PII). If you want to further protect your privacy, we recommend the following:
How is end-to-end encryption achieved?
We generate two random strings, one to identify your secret in the database and one to encrypt your message. We don't store the encryption key. Only with the full link you are able to decrypt the secret.
Can I retrieve a secret that has already been visited?
Nope. It's a one time secret. We show it once and then delete it permanently from the database. There is no backup. It's gone for good.
Can the recipient save the message?
Sure. You can always take a screenshot. The idea behind this service is to securely share sensitive information one time. We (obviously) don't have control over what a recipient does with the message.
How long do you keep non-viewed secrets?
Until the end of times. Seriously, there is no maximum time limit set. But you can always destroy your secret by visiting the secret link.
Account and Billing
Who is the payment provider?
What payment methods are supported?
Our payment provider Stripe offers a variety of payment options: Google Pay, Credit Card (VISA, Mastercard, American Express, etc.) among many others. Once you choose a premium plan you get redirected to Stripe where you can select your preferred method.
How do subscriptions work?
Once you subscribe to a premium plan, you get instant access to the corresponding features for as long as the subscription lasts. You will be billed every month or year, based on the selected billing interval. A subscription can be cancelled anytime.
How can I use promo codes?
Promo codes can be applied on the Stripe checkout page. Add your personal promo code and hit "Apply". After that you should see a discounted price right away.
How do I cancel a subscription?
Is the Slack App secure?
The honest answer: We can't know for sure. It's important to understand that end-to-end-encryption is not possible with Slack apps. However, the communication between our app server and Slack is encrypted and we therefore believe that for 99% of use cases it's safe to use. Still, please be aware that Slack is proprietary software and we don't have control over code that runs your Slack instance. In case you need to be 100% sure, create secrets via the website instead.
Why should I trust you?
Short answer: Don't. That said, we believe in trust through transparency. While you might have something to hide, we don't. That's why all code is open source and available on Gitlab. Feel free to launch your own private Slack App.
What data do you collect?
We only store data that is necessary to run the app. When you install the app, you grant us specific access rights (e.g. the right to post a secret link in your name). This data includes basic Slack user information (e.g. username, id) as well as the individual authorization tokens. Additionally, we temporarily store data required for read receipts.
We don't store any other data. We do not repurpose, sell or distribute any data we collect. Even if we wanted to, we are not able to identify you as a person, since only Slack may have the relevant information to do so.
Why isn't this app approved by Slack?
First, it's important to understand that this app can still be installed and used in the exact same way as officially listed apps. That said, we tried to submit our app to the Slack App Directory to get listed. But since Slack is literally "restricting the approval of apps that facilitate the sharing of sensitive information" we were not able to do so. Now think about this for a minute. And afterwards, help us spread the word 🥰
What permissions are required?
The app requires basic information about the user, channels and conversations. Additionally, the app needs the permission to post in your name, join a conversation and make use of slash commands and shortcuts. You'll get more detailed information about permission scopes during the app installation.
Do I need an account to use the Slack app?
No. Currently not. You are welcome.
Do I need a premium subscription to use the Slack app?
No. You are very welcome. But, you may of course support this project with a paid subscriptions regardless 🤓.
Didn't find the answer you were looking for? Contact support: email@example.com