I'm Delano and I built One-Time Secret as a way to share sensitive information that's both simple and secure. Originally, the idea was to share passwords but since launching the service in 2012 we've heard from people all over the world who use it in ways we never imagined. We help people share over 50,000 secrets a month. All of the code is open-source and available on Github.
If you have any questions, there is a feedback form at the bottom of (almost) every page.
Why would I use this?
When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.
Why can't I send pictures or other kinds of files?
The challenge with sending files, images in particular, is that there's no way to absolutely guarantee it wasn't copied or shared with other people. In order to ensure that no one's private information is unknowingly shared, we decided to err on the side of simplicity.
But I can copy the secret text. What's the difference?
True but all you have is text. With images and other files types, they can contain metadata and other potentially revealing information about who the sender or recipient. Again, this is simply to ensure that no private information is shared outside of the intended recipient.
Can I retrieve a secret that has already been shared?
Nope. We display it once and then delete it. After that it's gone forever.
How long do you keep non-viewed secrets?
We keep secrets for up to 7 days for anonymous users and up to 14 days for free accounts. After that they are deleted automatically and gone forever. (Note: by the time you read a secret, it's already deleted from our servers.)
What is the maximum message size?
The maximum size is 1000KB for anonymous users, 1000KB for free accounts, and more for paid.
Why should I trust you?
General we can't do anything with your information even if we wanted to (which we don't). If it's a password for example, we don't know the username or even the application that the credentials are for.
If you include a passphrase (available under "Privacy Options"), we use it to encrypt the secret. We don't store the passphrase (only a bcrypted hash) so we can never know what the secret is because we can't decrypt it.
Beside all that, the code is opensource so you can review the code and/or run your own instance.