scrt.link
scrt.link

Security

Best practices, no extras.

All messages are end-to-end encrypted. We generate a random hash to encrypt your secret on the client using AES-256 (Advanced Encryption Standard). The encryption key is never stored, but added to the secret link itself. Without the full link, nobody (including us) will ever be able to decrypt your message.

If a password is provided, we use it to encrypt your secret on top of the standard encryption. The password is not being stored. Even with the most advanced attacks (e.g. man in the middle attack) and access to all our infrastructure an attacker couldn't read your message. After a secret has been viewed, we delete it permanently from our database. There is no backup. Link explanation

Security by design

  • All connections are secured via HTTPS
  • All data is stored encrypted (not only secrets)
  • As little third-party code as possible
  • Dependencies are checked and updated regularly
  • All code is open-source on Gitlab

Infrastructure

Trusted players, few dependencies.

We chose industry leaders to host our infrastructure: