Can ZeroKey read my messages?

No. ZeroKey uses client-side encryption. Your data is encrypted in your browser before being sent to our servers. We do not have the decryption keys.

What happens after a message is read?

Once the recipient opens the link and decrypts the payload, it is permanently deleted from our database using a Burn-After-Reading mechanism.

E2EE Systems Operational

Share Secrets.
Leave No Trace.

ZeroKey is a zero-knowledge payload delivery system. Send encrypted text and files that self-destruct upon reading. We don't hold your keys, and we can't read your data.

Encrypt a Payload

ZeroKey dashboard demonstrating client-side AES-GCM encryption and self-destructing message creation

5 Reasons to Use Client-Side Encryption

Absolute Privacy

Unencrypted plaintext never leaves your device. We fundamentally cannot read, scan, or monetize your private data.

Burn After Reading

Data is completely eradicated from our PostgreSQL database the millisecond it is decrypted by the recipient.

Biometric Security

Integrates with WebAuthn to require physical human presence (TouchID/FaceID), blocking chat-bots from prematurely burning links.

Geofencing

Restrict payload decryption to a specific 50-meter GPS radius. If they aren't at the location, the data self-destructs.

Open Architecture

Read our transparent technical breakdown to understand exactly how the cryptographic engine works.

How to Send a Secure Message

Follow these steps to securely transmit data using the native Web Crypto API.

Draft & Attach

Type your secret message and attach any media files up to 2MB in the vault interface.

Local Encryption

Your browser locks the data using AES-GCM encryption. The decryption key is embedded in the URL hash, which is never sent to our servers.

Share & Burn

Send the generated secure link. Once opened and decrypted by the recipient, the server wipes the ciphertext permanently.

Frequently Asked Questions

Can ZeroKey or law enforcement read my messages?

No. Because of our zero-knowledge architecture, we only store encrypted ciphertext. The decryption key is generated locally and sent in the URL fragment (after the #), which browsers do not transmit over the network. Without the URL, the data is mathematically unreadable.

What happens to my uploaded images?

Images are converted to ArrayBuffers and encrypted on your device. We store the scrambled blob in a secure Supabase bucket. Once the recipient views the image, a `DELETE` command is triggered, and the blob is permanently destroyed. Read our Privacy Policy for more data retention details.

Why do I need to scan my fingerprint to read a message?

When you share a link on apps like iMessage, WhatsApp, or Slack, automated bots scan the link to generate a preview image. Without WebAuthn (Biometric Gatekeeping), these bots would accidentally "read" the message and trigger the self-destruct sequence before the actual human clicked it.

Share Secrets. Leave No Trace.