How PassLink Works
A step-by-step look at how we keep your secrets safe using zero-knowledge encryption.
Enter Your Secret
Type or paste any sensitive information: passwords, API keys, credit card numbers, or private messages. Your data stays in your browser.
- Supports up to 10,000 characters
- Choose expiration: 1 hour, 24 hours, or 7 days
- Optionally add password protection
Encryption Happens Locally
PassLink encrypts your secret using AES-256-GCM directly in your browser. The encryption key is generated randomly and never leaves your device.
- Military-grade AES-256-GCM encryption
- Random key generated per secret
- Key embedded in URL fragment (#)
Secure Storage
Only the encrypted blob is sent to our servers. We store it temporarily with your chosen expiration time. We cannot decrypt it.
- Encrypted data only on our servers
- Automatic deletion on expiration
- No logging of secrets
Share the Link
Copy the generated link and send it to your recipient via any channel: email, Slack, WhatsApp, or SMS. The decryption key is in the URL.
- One-click copy to clipboard
- Link includes decryption key in fragment
- Fragment never sent to our servers
View and Destroy
Your recipient opens the link, the secret is decrypted in their browser, and immediately deleted from our servers. Forever.
- Decryption happens client-side
- Immediate deletion after view
- Link becomes permanently invalid
🔐 Technical Security Note
The encryption key is stored in the URL fragment (the part after #). URL fragments are never sent to servers by design—this is a fundamental part of how browsers work. This means we physically cannot access your decryption key, ensuring true zero-knowledge security.