Skip to content

Frequently asked questions

Everything you need to know before trusting us with a secret.

Is Secret Drop free?
Yes, completely. No account, no subscription, no hidden fees.
Do I need an account?
No. No registration, no tracking. Your secrets are anonymous and cannot be linked to you.
How do I securely share a password?
Paste your password, choose an expiration time and optionally limit to a single read. Secret Drop encrypts it in your browser and gives you a secure link to share.
What is the maximum file size?
Up to 10 MB for files and 50,000 characters for messages. Files are encrypted in your browser before upload.
How is my data encrypted?
Your browser generates a random key and encrypts the content locally with AES-256-GCM, the algorithm recommended by NIST, via the Web Crypto API from the W3C. The server only receives encrypted data — it never sees the plaintext.
Can the server read my secrets?
No. The decryption key stays in the URL fragment (after the #), which is never sent to the server. This is a technical impossibility, not a promise.
What happens after a secret is read?
Once the read limit is reached, the encrypted content is permanently destroyed on the server. Only a trace of its existence remains. Even if someone intercepts the link afterwards, there is nothing left to decrypt.
Where is the data stored?
On servers located in France. Only encrypted data is stored — the server never has access to plaintext content.
Is Secret Drop GDPR compliant?
Yes, by design. Zero-knowledge encryption, no tracking, no advertising cookies, automatic deletion of expired data. No personal data is stored in plaintext.
Is Secret Drop open source?
Yes, under the GNU Affero General Public License v3 (AGPL-3.0). You can inspect the code, verify there are no backdoors and confirm the architecture works as described.
How is this different from encrypted email?
Encrypted email (PGP, S/MIME) requires both parties to set up keys beforehand. Secret Drop asks nothing of the recipient — just a link. And the secret self-destructs, unlike an email that stays in both inboxes.
How do I manage my secrets after creating them?
If you provided your email, you can revoke or extend your secrets via the « Manage my secrets » link at the bottom of every page. You will receive a single-use link valid for 10 minutes — a magic link, no password. Nothing to steal, nothing to hack.
Create a secret