Privacy & Security
Security is the product. Your text is encrypted on your device before it is ever sent, and the server has no way to read it. This isn't a policy promise — it's how the app is built.
End-to-end encrypted in your browser
Your password and every key derived from it never leave this browser. Text is encrypted client-side with AES-GCM-256 before any network call. The server stores only an opaque room id, the ciphertext, the nonce, and timestamps — never the password, the keys, or the plaintext.
Agreement by password alone
Two devices that type the same password independently derive the same room id and encryption key (Argon2id + HKDF). Nothing else is exchanged — no accounts, no room codes. Because the only shared secret is the password, a weak password is the dominant risk: use a long, high-entropy passphrase shared over a channel you trust.
Sealed rooms (defense-in-depth)
A room is capped at a number of terminals you choose (default 2) and is permanently sealed once full — no one else can join that room instance. If the legitimate devices seal the room first, someone who cracks the password later finds it sealed and is locked out. This is access control layered on top of the encryption, never a substitute for it.
Strict slots — you can lock yourself out
Your membership lives only in the page while it's open. If you reload, close the tab, or open a new browser, that slot is gone — and it still counts against the cap. On a sealed room you'll be locked out of your own room until it expires. This is intentional, in service of seal integrity. Keep your tabs open and set the terminal count to match the devices you actually use.
Ephemeral by default
Rooms, memberships, and blobs auto-expire after a short TTL (default 10 minutes) and are removed both lazily on read and by a cleanup cron. Clear deletes the shared content immediately.
Verify it yourself
Open your browser's Network tab and watch the requests: only an opaque id, ciphertext, a nonce, and an opaque membership token ever go out. Your password and plaintext never appear on the wire. A strict Content-Security-Policy blocks any third-party egress.
Out of scope: a compromised device or browser extension can read plaintext locally, and an observer learns that some room was read or written (not its content). See the project's security model for the full threat analysis.