🔐 SendSecure

How It Works

Effective date: 2026

Welcome to SendSecure — a privacy-first service for sending encrypted messages and optional file attachments that automatically delete themselves after viewing or expiry.

How SendSecure Works

When you create a secure message (and optionally attach a file), everything is encrypted directly inside your browser before it is sent to our servers. Your plaintext message, your password, and your original file content never leave your device.

The server only receives and stores encrypted data (ciphertext) plus the information required to verify and decrypt it later (such as a unique salt and initialization vector). Your password is never uploaded and is not stored anywhere.

After creation, you receive a one-time link that you can share with the recipient. When the recipient opens the link, they are prompted for the same password. Decryption happens entirely in their browser using the same cryptographic process.

Once the message (and any attached file) is successfully decrypted, the stored encrypted content is permanently deleted from the server and cannot be recovered.

If a message is never accessed, it is automatically deleted after its expiry period (1–7 days, depending on what you selected).

Encryption Standards

SendSecure uses modern, industry-standard cryptography designed to protect your content:

• AES-GCM (Advanced Encryption Standard – Galois/Counter Mode) with 256-bit keys for encrypting message and file data.
• Argon2id (a memory-hard password hashing / key derivation function) to derive strong encryption keys from your password.
• Each secure message and file encryption uses unique, randomly generated salt and initialization vectors (IVs).
• Encryption and decryption occur in your browser using the WebCrypto API (and a browser-side Argon2id implementation) — nothing is decrypted server-side.

File Attachments

You can optionally attach a file (up to 25 MB). If you attach a file, the file data is encrypted separately using its own AES-GCM IV and salt-derived key (derived from the same password), so message and file encryption remain isolated.

The recipient decrypts the file in their browser after unlocking the link. Once decrypted successfully, the file is deleted from the server and cannot be downloaded again.

Data Retention and Privacy

SendSecure does not collect personal information, does not run analytics, and does not use tracking cookies. The only data stored temporarily are encrypted message blobs and (if used) encrypted file blobs — never plaintext and never passwords. These encrypted items are destroyed immediately after successful viewing or automatically upon expiry.

Why One-Time Access?

One-time access reduces the risk of sensitive data being re-opened later, forwarded, or left accessible online. Once a recipient unlocks your message, the link becomes invalid — protecting both you and your recipient.

Contact

Questions or feedback? Contact me at [email protected].