Domainless · Encryption

Encryption that never leaves your device.

Lock text and files with a passphrase, share a secret that burns after one read, or send a message only one person can open. Every byte is encrypted right here in your browser — the server never sees your passphrase, your keys, or a single line of what you wrote.

Checking service…

It happens in your browser

The cryptography runs entirely on your device using the browser's built-in Web Crypto engine. Nothing to encrypt is ever uploaded — there's no server-side copy to leak, subpoena, or lose.

Zero-knowledge by design

For one-time secrets, only unreadable ciphertext is stored. The key travels inside the link itself, in the part browsers never send to a server. We couldn't read your secret if we wanted to.

Standard, audited crypto

AES-256-GCM with PBKDF2 key stretching — the same primitives that secure banks and password managers. No home-rolled ciphers, no obscurity. The whole method is written out on the How it works page.

Three tools, one principle

Whatever you need to protect, the private part stays with you.

How a passphrase lock works

  1. 1

    You type, your browser stretches

    Your passphrase is run through PBKDF2 — 250,000 rounds of hashing — into a 256-bit key. The stretching makes brute-forcing a weak passphrase far slower for an attacker.

  2. 2

    The data is sealed with AES-256-GCM

    A fresh random salt and nonce go into every operation, and GCM adds an authentication tag — so any tampering with the ciphertext is detected instead of silently decrypting to garbage.

  3. 3

    You share the block and the passphrase apart

    Send the encrypted block however you like; deliver the passphrase through a different channel. Neither half is useful alone, and the server was never in the loop.

What our server can and can't see

The honest inventory. This is the whole reason to encrypt on the device instead of on a server you have to trust.

Your passphrase
Never sent. It stays in the page.
Your text & files
Never uploaded. Encryption is local.
Your keys
Never leave the browser.
One-time secrets
Only ciphertext it can't read is stored, then burned.
Who you are
No account. Just a short-lived rate-limit counter.