Privacy
mysecret.now is built privacy-first. The application does not require an account and does not collect personal data.
Send secrets securely
A free tool from WebF1
No account. No tracking. No stored plaintext.
mysecret.now is built privacy-first. The application does not require an account and does not collect personal data.
That's it. We do not store the decryption passphrase, the plaintext, your email, your IP (beyond transient server logs controlled by your hosting provider), or any metadata tying a secret to an identity.
Records are deleted the first time they are read, or at the latest 15 minutes after their expiry. There is no soft-delete, no backup, no “archive” - the row is hard-deleted from the table.
mysecret.now does not set cookies and does not load third-party scripts. There is no analytics SDK, no advertising pixel, no fingerprinting library. The Referrer-Policy is set to no-referrer so outbound links do not leak your URL.
The API logs operational events (startup, cleanup counts, errors) without request bodies. If you self-host, logs are entirely under your control. If you use the hosted version operated by WebF1, standard infrastructure logs may temporarily contain IP addresses for abuse mitigation; they are not associated with secret contents.
Use two-channel delivery. Don't paste secrets into the URL bar. Don't forward the decrypted plaintext to anyone you don't trust. Verify you are on the correct domain before entering a passphrase.