SECRETNOTESPRO
Add
$ aes-256-gcm --encrypt
OK key stays in #fragment
NULL server sees nothing
Secure Protocol Active

Send secrets that disappear forever.

End-to-end encrypted notes with zero-knowledge architecture. The server never sees your content. No accounts, no logs, no backdoors.

Create Encrypted Note
Why SecretNotes?

Security by design

Zero-Knowledge

The server stores only encrypted data. Even administrators cannot read your notes. Privacy is enforced by mathematics, not trust.

End-to-EndClient-Side OnlyAudit-Ready

AES-256-GCM

Military-grade encryption. Keys generated locally in your browser — never leave your device.

Burn After Reading

Notes self-destruct after a single read — instantly or with a 5-minute delay. No traces left on the server.

No Account Required

Encrypt and share notes without signing up. A free account unlocks note history, secure requests, emergency wipe, and more.

$ POST /api/notes
{"id": "sn_8f2k...", "encrypted": true}
auth: none required
logs: anonymized
The Protocol

How It Works

01

Write

Type or paste your secret content into the secure editor.

02

Encrypt

AES-256 key generated locally. Content encrypted before leaving your browser.

03

Share

Get a secure link. The encryption key lives in the URL fragment — invisible to the server.

Secure Requests

Stop sending and receiving secrets in plain text

Someone asks for your credit card number. How do you send it?

M
Marek
Messenger
Hey, send me your card number for the payment
Sure, one sec
4217 6538 9041 2763
06/28 CVV: 847
Thanks!
×
Data visible to the server, chat history, backups, and anyone who gains access to the account
M
Marek
Messenger
Hey, send me your card number for the payment
Sure, here's a link — the note burns 5 min after opening
secretnotes.pro/n/sn_8f2k#a8Kx2..
🔥 burns 5 min after reading
Great, opening now!
Data encrypted end-to-end, server sees only ciphertext, note disappears after reading
Zero-Knowledge Proof

What the server knows

Server stores
Encrypted blob (unreadable without key)[OK]
Access password (6 characters)[OK]
Expiry metadata[SAFE]
All data is ciphertext only
Server never has
Encryption key — stays in URL fragment[NULL]
Plaintext content — never leaves browser[NULL]
Full IP address* — 3rd segment removed[BLOCKED]
No way to recover key

Other note apps claim to be "secure" but keep metadata, backups, and secondary keys. We've built a wall that even we can't climb.

Proof of Privacy

Don't trust us — verify. Every note includes a transparency panel showing exactly what the server received: encrypted blob, IV, access password. You confirm the server never saw your content.

Irreversible by DesignIf you lose the key — nobody can read the note. Not even us. There is no recovery, no backdoor, no master key.

* IP addresses are never stored in full. The third segment is permanently removed. Encryption happens entirely on your device.

How We Compare

Feature comparison

Feature comparison
FeatureSecretNotesPastebinPrivateBinHastebin0bin*
E2E Encryption
Zero-Knowledge
Burn after read Partial
No account needed
Syntax highlighting Limited
No ads
Modern responsive design PartialPartial
Encryption proof panel
Brute-force protection Partial
Encrypted secret requests **
Emergency wipe **
E2E encrypted messenger **
E2E Encryption
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Zero-Knowledge
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Burn after read
SecretNotes
Pastebin
PrivateBin
Hastebin
0binPartial
No account needed
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Syntax highlighting
SecretNotes
Pastebin
PrivateBinLimited
Hastebin
0bin
No ads
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Modern responsive design
SecretNotes
PastebinPartial
PrivateBin
HastebinPartial
0bin
Encryption proof panel
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Brute-force protection
SecretNotes
Pastebin
PrivateBinPartial
Hastebin
0bin
Encrypted secret requests **
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
Emergency wipe **
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin
E2E encrypted messenger **
SecretNotes
Pastebin
PrivateBin
Hastebin
0bin

** Available with a free account (login required).

* 0bin — abandoned project (last commit: 2021). PrivateBin — primarily self-hosted.

Partial"Partial" — 0bin supports burn-after-read but without access password protection; anyone with the link can trigger destruction. Pastebin/Hastebin have basic mobile views but no dedicated responsive design.

Limited"Limited" — PrivateBin offers basic syntax highlighting with a manual language selector, without auto-detection or modern rendering (Shiki).

Beyond the Basics

What makes us different

01

Transmission manifest

Before sending, you see exactly what data leaves your browser — encrypted blob, IV vector, access password. You verify that the server receives only ciphertext.

02

Split link sharing

Send the link without the key, and deliver the encryption key through a separate channel. Even a link leak won't compromise the content.

03

Two-layer protection

Every note has two independent locks: a 6-character access password (verified by server) and an AES-256 encryption key (needed to decrypt). Knowing one without the other is useless.

04

Per-note locking

Failed decryption attempts lock that specific note — not your IP, not other notes. After a cooldown, the note unlocks automatically.

05

Auto URL cleanup

The decryption key is automatically removed from the address bar after opening a note. It won't appear in browser history or address bar suggestions.

06

Secure requests

Need someone to send you a secret? Create an encrypted request — the recipient types their response directly in the browser, encrypted with your key. Only you can read it.

07

Emergency wipe

One click to burn all your notes and request responses instantly. When you need to act fast, the emergency wipe destroys all encrypted data in seconds — irreversibly.

08

Vault aesthetic

Dark, premium design inspired by luxury safes. Gold accents, monospace technical details — every element communicates security and trust.

09

Encrypted messenger

Real-time end-to-end encrypted conversations with PBKDF2 key derivation. Messages are encrypted in your browser before sending — the server only stores ciphertext. Includes read receipts, group chats, and panic mode to instantly wipe decrypted messages from memory.

Ready to send a
secret?

Free. No account. No tracking. Your data stays yours.

Nobody can read your messages, not even

Create Note Now
Plans

Simple pricing

Simple pricing
FeatureGuestFree accountPremium
Max note length100,000 chars200,000 chars400,000 chars
Max expiry time48 hours30 days6 months
Daily note limit15 notes50 notesUnlimited
Secure requests3/dayUnlimited
Emergency wipe
Note history
E2E encryption
Burn after reading
Syntax highlighting
Encrypted messenger3 conversationsUnlimited + groups
File encryption appComing soon
PriceFreeFreeComing soon
Guest
Free
  • Max note length100,000 chars
  • Max expiry time48 hours
  • Daily note limit15 notes
  • Secure requests
  • Emergency wipe
  • Note history
  • E2E encryption
  • Burn after reading
  • Syntax highlighting
  • Encrypted messenger
  • File encryption app
Free account
Free
  • Max note length200,000 chars
  • Max expiry time30 days
  • Daily note limit50 notes
  • Secure requests3/day
  • Emergency wipe
  • Note history
  • E2E encryption
  • Burn after reading
  • Syntax highlighting
  • Encrypted messenger3 conversations
  • File encryption app
★ Premium
Coming soon
  • Max note length400,000 chars
  • Max expiry time6 months
  • Daily note limitUnlimited
  • Secure requestsUnlimited
  • Emergency wipe
  • Note history
  • E2E encryption
  • Burn after reading
  • Syntax highlighting
  • Encrypted messengerUnlimited + groups
  • File encryption appComing soon

Less than a cup of coffee a month — and your data stays yours, not the barista's.

All plans include full AES-256-GCM encryption, zero-knowledge architecture, and brute-force protection.